net-Shield
An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices based on iptables/ipsets
Requirements
- Linux System with golang, iptables/ipsets
- Nginx
Quickstart
Run the bash script (install.sh) to install all the required dependencies.
bash install.sh
You will be prompted to insert a domain and the real IP address associated to it so net-Shield will configure for you the first proxydomain (you can see the changes on /etc/nshield/nshield.conf).
Proxy Domains
To configure proxydomains you need to enable the proxy option on /etc/nshield/nshield.conf (proxy = 1) and be sure that the proxydomain list (on the same conf file) is correct:
proxydomains = [
"sami.pw 8.8.8.8",
"example.org 1.2.3.4"
]
Usage
After you completed the install with the quickstart script you can call the "config-nshield" commad that will read the nshield.conf and re-configure shield rules based on the new configuration.
Example: I want to enable SSL on sami.pw that i just configured as above:
- Edit /etc/nshield/nshield.conf and set autossl = 1
- On your terminal run:
# config-shield
- You can now see the changes on the Nginx configuration
The domain must point to the net-Shield instance otherwise will fail let's encrypt verification.
Logs are diplayed on: /var/log/nshield.log
How it works
Basically this script is set by default to run every 30 minutes and execute these operations:
- Get latest Bot,Spammers,Bad IP/Net reputation lists and blocks if those Bad guys are attacking your server (Thank you FireHol http://iplists.firehol.org/ )
- Enable basic Anti-DDoS methods to deny unwanted/malicious traffic
- Rate limits when under attack
- Allows HTTP(S) Proxying to protect your site
Demo
Tested on Ubuntu 16.04 and 14.04 LTS
Contributors
Feel free to open issues or send me an email
Binaries
In case you cannot compile it your self and/or run the install.sh you can find the binaries on: https://github.com/fnzv/net-Shield/tree/master/binaries
License
Code distributed under MIT licence.