oqyude/nixos
1
0
Fork 0
mirror of https://github.com/oqyude/nixos.git synced 2026-06-11 04:30:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

syn ddos defence

Browse Source
This commit is contained in:
Jor Oqyude
2026-04-13 10:26:43 +03:00
parent 7f1f714e8c
commit 94b7d30c02
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configurations/vds.nix
+28 -1
View File
@@ -37,6 +37,12 @@ let
}; };
systemd-boot.enable = lib.mkDefault false; systemd-boot.enable = lib.mkDefault false;
}; };
kernel.sysctl = {
"net.ipv4.tcp_syncookies" = 1;
"net.ipv4.tcp_max_syn_backlog" = 4096;
"net.ipv4.tcp_synack_retries" = 3;
"net.ipv4.tcp_syn_retries" = 3;
};
}; };
services = { services = {
@@ -67,7 +73,6 @@ let
openFirewall = true; openFirewall = true;
}; };
}; };
networking = { networking = {
nameservers = [ nameservers = [
"1.1.1.1" "1.1.1.1"
@@ -88,6 +93,28 @@ let
enable = true; enable = true;
allowPing = true; allowPing = true;
}; };
nftables = {
enable = true;
ruleset = ''
table inet filter {
chain input {
type filter hook input priority 0;
# loopback
iif lo accept
# уже установленные
ct state established,related accept
# РЕЖЕМ SYN СРАЗУ
tcp flags syn tcp dport {80,443} limit rate 20/second burst 40 packets accept
tcp flags syn tcp dport {80,443} drop
# остальное по необходимости
}
}
'';
};
enableIPv6 = true; enableIPv6 = true;
interfaces.ens3 = { interfaces.ens3 = {
useDHCP = true; useDHCP = true;
modules/essentials/packages.nix
+2
View File
@@ -98,6 +98,8 @@ in
devenv devenv
# Test # Test
rgx
net-tools
# lazydocker # lazydocker
# dtop # dtop
# framework-tool-tui # framework-tool-tui