Found this on my G+ stream today and thought it was worth keeping around to play with in the future at some point.
#!/bin/bash iptables -F iptables -X protectqueue iptables -N protectqueue iptables -A INPUT -p tcp --dport 80 --syn -j protectqueue iptables -A protectqueue -m limit --limit 1000/second --limit-burst 2000 -j RETURN iptables -A protectqueue -j LOG --log-prefix IPTABLES: DDOS ALARM!!! iptables -A protectqueue -j DROP
This is basically a SYN flood protection rule specifically targeting HTTP traffic. It works by limiting HTTP traffic on your interface to 1000 SYN requests per second with a burst of 2000 before the packets are then dropped. Any traffic that matches protocol TCP with destination port 80 and is SYN packet will be sent to the created protectqueue table.
