iptables is a utility that allows system admins to configure IP packet filtering rules for Linux’s kernel firewall. These rules are organized in separate tables and determine how to treat network packets. Using iptables is highly recommended and shouldn’t be overlooked unless required by your system’s architecture and/or you’re aware of the security implications.
The iptables Script
The iptables script offers additional protection for Core v3 nodes by using standard firewall tools to rate-limit certain connections.
- Parallel/simultaneous P2P connections are restricted to a total of 10 per IP address; this number can be adjusted using the
- Global connections are limited to 4 NEW connections per 30-second interval.
Running the Script
Download and execute the iptables script using the following commands:
wget -N https://raw.githubusercontent.com/ArkEcosystem/core/master/scripts/v3-iptables.sh bash ./v3-iptables.sh start
Creating a cron job
Because the filtering initiated by the iptables script does not persist after a system reboot, you should also consider adding the script to a cron job.
edit the crontab file (choose the ‘nano’ editor when prompted):
add the following line to the end of the crontab file:
@reboot bash ~/v3-iptables.sh start
save the changes and exit:
ctrl + x # press 'y' then 'enter' to confirm
apply the permissions:
sudo bash -c "echo \"$USER ALL=(ALL) NOPASSWD:/sbin/iptables\" >> /etc/sudoers"
Failing to apply permissions will prevent the iptables script from executing after a system reboot.