Recently a lot of lightning services has been taken down by DDOS as well as some node operators. I had issues with my channels suddenly starting to disconnect one by one usually ending up closed for a day or more, just to recover aster while and running fine. I have done quite a bit of debugging being furious for loosing uptime, but after a while I got to conclusion that it was a force from outside cutting my channels down. Can't confirm it was DDOS, but it feels like it may have been. Just wanted to share few tips I implemented as per advice of others. Note that I can't yet confirm how effective it is, will need some days to see whether the problem reoccurs.
DDoS Protection (as per Lightning Engineering Guide
We suggest the following iptable rules for network flood protection:
Code: Select all
sudo iptables -N syn_flood
sudo iptables -A INPUT -p tcp --syn -j syn_flood
sudo iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
sudo iptables -A syn_flood -j DROP
sudo iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
sudo iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:
sudo iptables -A INPUT -p icmp -j DROP
sudo iptables -A OUTPUT -p icmp -j ACCEPT
lnd.conf change (change from true to false)
Stream isolation basically opens isolated extra TOR circuit for each channel. If disabled one circuit will connect to all. Still need to confirm whether there are any negative implications of having only one circuit to be opened and connected to all, but on first glimpse this will get your channels connected much faster and possibly very quickly reconnects in case the circuit drops.
Will update as I learn more about DDOS mitigation.