All software on this website is free software. If you find value in any of my projects or technical articles, please consider a donation to ensure continued development and updates.


Citadel is a tool that can help ease certain types of DoS attacks by limiting the amount of connections per IPv4 address. It is somewhat similar to dos-deflate (, but implemented in almost 100% pure Perl and configurable via /etc/citadel/citadel.conf.

What citadel doesn't do:
1.) No IPv6 support
2.) No nftable support.



if [ ! -f '/etc/yum.repos.d/ssullivanorg.repo' ] ; then
  cat << EOF > /etc/yum.repos.d/ssullivanorg.repo 
name=Generic packages
baseurl =$(awk '{print substr($3,0,1) }' /etc/redhat-release)/noarch/

yum clean all
yum install citadel


After installation, you do not need to do anything else to start "using" citadel as it is already enabled. However, you can tweak its behavior such as connection limits per IP, and backing firewall tool. If you wish to change any of these defaults, change the appropriate value(s) in /etc/citadel/citadel.conf. You can see what citadel has done by checking /var/log/citadel.log, this file will have logs of all startups and shutdowns. Including any action citadel takes between these two times.

Feature Requests/Bug Reports

Please send feature requests and bug reports to scottgregorysullivan at Or, open an issue on GitHub.