In order to protect the server and services from flooding at the operating system level, you need to configure a firewall, set limits on the number of simultaneous connections, we will look at restrictions on some services. By analogy, you can add rules for your services by substituting the necessary ports.
ICMP
To protect yourself from icmp flood, you need to add a limit on the number of pings per second:
-A INPUT -p icmp -m hashlimit --hashlimit-upto 6/sec --hashlimit-burst 4 --hashlimit-name icmp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
In this example, we are allowing a maximum of 4 pings, with a maximum of 6 per second.
HTTP and HTTPS
The rules limit the number of simultaneous connections, this number can be adjusted to suit your traffic, and it should be noted that the value must be greater than in the rules of the ddos deflate service.
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with tcp -reset
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 500 --connlimit-mask 32 -j REJECT --reject-with tcp -reset
SSH
We recommend changing the default port from 22 to another, for example 3022, etc. Since there are so many attempts to guess passwords, most of the connections are made to the ssh service.
-A INPUT -p tcp -m tcp --dport 3022 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp -reset
If you have other services, such as mail, create rules in a similar way.