Correct setting DDoS Deflate

It turns out that such a handy tool to combat DDoS attacks (or rather, spambots) like DDoS Deflate (which is used when there is no possibility to use the connlimit module in iptables), after installation, is incorrectly inclined to configure itself. This leads to the fact that protection does not work.

By the way, it is very important to remember that, in contrast to the limitation of simultaneous connections from 1 ip address using iptables , when attempts to establish new connections simply fail, when using DDoS Deflate ip address that has reached the limit of connections, it will be banned and all connections with it will stop interval (after which ip unban).

First, the config needs to be fixed.

##### 1 (.. , -
##### 10 ,
##### NAT (ipv6 !)
NO_OF_CONNECTIONS=64

##### APF_BAN=0 ( iptables, APF)
APF_BAN=0

Then you need to properly configure the cron. Since I don’t like different cron-files in the /etc/cron.d/ folder, I recommend adding a slightly edited line to launch the script to your personal root crontab, and the /etc/cron.d/ddos.cron file to delete:
')
crontab -e
*/1 * * * * nice -n -5 /usr/local/ddos/ddos.sh

here we are increasing the priority of the DDoS Deflate process, so that when the system is bent from a multitude of connections, the script will work and ban someone who needs it, and for whom the penalty time has elapsed - unban.