I am setting up anti-ddos iptables rules on a kali linux vm for a class. I have tried two methods, one being just the iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN rule and the other using the bash file from here https://github.com/xenvn/iptables-ddos-protect/blob/main/rules.sh. Both times I used a python script to test that looked like this:
target_ip = "127.0.0.1"
target_port = 80
syn_packet = IP(dst=target_ip) / TCP(dport=target_port, flags="S")
send(syn_packet, count=10000, inter=0.0001)
After setting up the rules and then running the script, I used the sudo iptables -L -v -n command to see what rules got hits. In each case, the rules came back with 0 results, so I am not sure if its the rules aren't working or if testing using the loopback address doesn't work. What am I doing wrong?
EDIT:
I added another rule to enable logging and made the file in /var/log. Using the sudo tail -f /var/log/iptables.log command is making the following output:
┌──(kali㉿kali)-[~]
└─$ sudo tail -f /var/log/iptables.log
May 5 17:43:09 kali kernel: [ 77.295500] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May 5 17:43:09 kali kernel: [ 77.295862] Sending monitor positions (8 of them) to the host: VINF_SUCCESS
May 5 17:43:09 kali kernel: [ 77.295918] RRScreenChangeNotify event received
May 5 17:43:09 kali kernel: [ 77.296002] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May 5 17:43:09 kali kernel: [ 77.296082] Sending monitor positions (8 of them) to the host: VINF_SUCCESS
May 5 17:43:09 kali kernel: [ 77.296132] RRScreenChangeNotify event received
May 5 17:43:09 kali kernel: [ 77.296754] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May 5 17:43:09 kali kernel: [ 77.297478] Sending monitor positions (8 of them) to the host: VINF_SUCCESS
May 5 17:45:49 kali kernel: [ 237.350100] device lo entered promiscuous mode
May 5 17:45:50 kali kernel: [ 238.332596] device lo left promiscuous mode
^C
