yuki-antiddos is a simple project aimed at mitigating most of the L3-L4 attacks by using just nftables and kernel tweaks. It's made for servers, desktops (what if you need more security in public networks for your Linux laptop?), and routers (additional configuration needed in this case). It's capable of filtering even the most sophisticated attacks at the same time leaving your legitimate traffic untouched and not impacting the overall performance and CPU load. To know how is this possible, continue reading.
Most of the ruleset makers forget about optimization; We don't. Our custom techniques allow for filtering out attacks with massive PPS rates without causing unnecessary strain on your server’s CPU.
- 🛡️ Split-chain system
- ⛔ Default drop policy
- 📶 Two-stage UDP stateful rate limiting
- 🧩 Sysctl-level kernel tuning
sudo apt update && sudo apt purge ufw firewalld -y && sudo apt install nftables git bc iproute2 -y && git clone https://github.com/mintyYuki/antiddos && cd antiddos && sudo bash antiddos-yuki && cd ..
| Distribution | Status |
|---|---|
| Ubuntu 24.04+ | Fully supported and recommended |
| Ubuntu < 24.04 | Not recommended |
| Debian 12+ | Partially supported |
| Other distros | Not supported |
- Nftables, for packet filtering
- Git, to clone the repository