API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 16th, 2014
209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.48 KB | None | 0 0
raw download clone embed print report
  1.  
  2. # This file is interpreted as shell script.
  3. # Put your custom iptables rules here, they will
  4. # be executed with each firewall (re-)start.
  5.  
  6. BRUTEFORCE_PROTECTION_START=3
  7. BRUTEFORCE_DROPPORT=55555
  8. PROTO=tcp
  9. ROUTERIP=$(uci get network.lan.ipaddr)
  10.  
  11. ########################################
  12. #SSH Brute Force protection on port 2222
  13. PROTECTEDPORT=2222
  14. SERVICEPORT=22
  15. SERVICE=SSH
  16.  
  17. echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
  18. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
  19. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
  20. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
  21. ########################################
  22.  
  23. ########################################
  24. #FTP Brute Force protection on port 2221
  25. PROTECTEDPORT=2221
  26. SERVICEPORT=21
  27. SERVICE=FTP
  28.  
  29. echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
  30. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
  31. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
  32. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
  33. ########################################
  34.  
  35. ########################################
  36. #Block URL on certain time for specified IP
  37. #
  38. #URL_STRING=facebook.com
  39. #LOCAL_IP=192.168.1.188
  40. #TIME_START=10:00
  41. #TIME_END=16:00
  42. #
  43. #echo Blocking $URL_STRING from $LOCAL_IP at time interval $TIME_START - $TIME_END
  44. #iptables -I FORWARD -s $LOCAL_IP -m string --string $URL_STRING --algo bm -m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $TIME_START --timestop $TIME_END -j DROP
  45. ########################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!