The author has one start out by implementing sysctl changes which have no relation to the subject matter at hand (printk, sysrq, panic, etc.). A number of comments on the article point out flaws and misconfigurations in the rulesets presented.
A lot of people seems to be thinking that it is pointless to use iptables to drop unwanted traffic in 2019. That is far from the truth.<p>Most attacks are usually small(<10 Gbps) and effective iptables rules can go a long way, both against unwanted application traffic and packet floods.
From the article: "This drops all ICMP packets. ICMP is only used to ping a host to find out if it’s still alive."<p>Please stop this non-sense, there are too many ICMP blackholes already.
This can protect you from simple DoS attack by some script kiddie, not real DDoS attack. Just use CloudFlare or a provider that have active protections against DDoS attacks. Iptables will NOT help you with any real DDoS attack.
I wouldn’t bother with iptables. I’ve done it before and it quickly gets overrun on any large scale attacks. Cloudflare on your front end will stop a lot of garbage and take the brunt of volumetric attacks, or use nginx/varnish/haproxy to rate limit and or block attackers before they reach your app.