ddos protection
block udp ddos attacks drop em if they are sent more then 15 times
iptables -A INPUT -p udp -m connlimit --connlimit-above 15 -j DROP
iptables -A OUTPUT -p udp -m connlimit --connlimit-above 10 -j DROP


block public scanners
iptables -A INPUT -s 137.226.113.0/26 -j DROP
iptables -A OUTPUT -s 137.226.113.0/26 -j DROP


block port iptable syntax: 
iptables -A INPUT -p tcp --dport 5900 -j DROP

provide stronger auth with port knocking
extra:
apt-get install knockd
