citadel

All software on this website is free software. If you find value in any of my projects or technical articles, please consider a donation to ensure continued development and updates.


Summary

Citadel is a tool that can help ease certain types of DoS attacks by limiting the amount of connections per IPv4 address. It is somewhat similar to dos-deflate (ddos.sh), but implemented in almost 100% pure Perl and configurable via /etc/citadel/citadel.conf.

What citadel doesn't do:
1.) No IPv6 support
2.) No nftable support.

Installation:


CentOS/RHEL:


if [ ! -f '/etc/yum.repos.d/ssullivanorg.repo' ] ; then
  cat << EOF > /etc/yum.repos.d/ssullivanorg.repo 
[ssullivanorg-generic_noarch]
name=Generic packages
baseurl = http://repos.ssullivan.org/redhat/$(awk '{print substr($3,0,1) }' /etc/redhat-release)/noarch/
enabled=1
gpgcheck=0
EOF

  fi
yum clean all
yum install citadel
  

Usage

After installation, you do not need to do anything else to start "using" citadel as it is already enabled. However, you can tweak its behavior such as connection limits per IP, and backing firewall tool. If you wish to change any of these defaults, change the appropriate value(s) in /etc/citadel/citadel.conf. You can see what citadel has done by checking /var/log/citadel.log, this file will have logs of all startups and shutdowns. Including any action citadel takes between these two times.

Feature Requests/Bug Reports

Please send feature requests and bug reports to scottgregorysullivan at gmail.com. Or, open an issue on GitHub.