Proper DDoS Deflate Setup

It turns out that such a convenient tool for dealing with DDOS attacks (or rather with spambots) like DDoS Deflate (which is used when iptables does not have the ability to use the connlimit module) is incorrectly inclined to configure itself after installation. This leads to the fact that the protection does not work.

By the way, it is very important to remember that, in contrast to the limitation of simultaneous connections from 1 ip address using iptables , when attempts to establish new connections simply fail, when using DDoS Deflate, the ip address that has reached the connection limit falls into the ban and all connections with it go to the configured one interval (after which ip is unbanned).

Firstly, the config needs to be fixed

##### Количество соединений с 1 айпиадреса (т.к. тех, кто исчерпал лимит -
##### баним на 10 минут, лучше устанавливать не слишком маленькое значение
##### рискуем забанить офис за NAT транслятором (ipv6 ещё не пришол!)
NO_OF_CONNECTIONS=64

##### APF_BAN=0 (Включаем бан через iptables, а не по APF)
APF_BAN=0

Then you need to configure the crowns correctly. Since I don’t like different cron files in the /etc/cron.d/ folder, I recommend that you add a slightly edited line to run the script in your personal root crontab, and delete the /etc/cron.d/ddos.cron file: here we increase the priority of the DDoS Deflate process, so that when the system is bent from many connections, the script will work and ban anyone who needs it, and who has expired the fine, it will unban.

crontab -e
*/1 * * * * nice -n -5 /usr/local/ddos/ddos.sh