Can someone translate the MikroTik way of DDOS prevention into OpenWRT iptables script.
Source: https://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
Thanks in advance.
this blocks ip's if there are more than 32 new connections per second from it.
afaik this can and will hit legitimate applications (like a web-browser) and is a bad idea
do you have any idea why you want it?
DDoS protection doesn't work on your local equipment, it's only useful on the next hop, i.e. your ISP's equipment. There's no point dropping packets once they've come down the rate-limited bit of copper/fibre from your ISP as it's already used up your limited bandwidth, and you're using CPU from your router to block it. This is why companies such as Cloudlfare operate, they sit between the Internet and your server to block/drop DDoS attacks.
Bandwidth protection isn't the only reason for ddos measures. Dropping packets at the router will protect your LAN devices from receiving the packets which can be useful. In addition you might want to block suspicious outgoing traffic if you might have a compromised device on your network. For example a guest Network or coffee shop.