Защита от ddos с iptables и ipset

Начал заниматься настройкой сервера. Нашел в гугле темку. Нужно добавить правила Iptables:

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
 
# Enables the magic-sysrq key
kernel.sysrq = 1
 
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
 
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
 
net.ipv4.ip_forward = 1
net.ipv4.ip_dynaddr = 1
 
# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536
 
# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536
 
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
 
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
 
net.ipv4.tcp_keepalive_time = 15
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 5
 
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
 
net.ipv4.netfilter.ip_conntrack_max = 224000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 190
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 30


Куда это вставлять? в консоль?