If you are under a DoS attack, it is best to route the offending IP to a blackhole or null route rather than rejecting or other actions on the traffic. Here’s how it works in Linux!
Create a new route for the offender’s IP as follows:
$ sudo ip route add blackhole 172.16.1.212
View current routes with:
$ sudo ip route show
stmiller@brahms:~$ sudo ip route show default via 172.16.1.1 dev eth1 proto static 172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.202 blackhole 172.16.1.212
It is also possible to remove that blackhole route like so:
$ sudo ip route del 172.16.1.212