API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 2nd, 2014
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.47 KB | None | 0 0
raw download clone embed print report
  1. # This file is interpreted as shell script.
  2. # Put your custom iptables rules here, they will
  3. # be executed with each firewall (re-)start.
  4.  
  5. BRUTEFORCE_PROTECTION_START=3
  6. BRUTEFORCE_DROPPORT=55555
  7. PROTO=tcp
  8. ROUTERIP=$(uci get network.lan.ipaddr)
  9.  
  10. ########################################
  11. #SSH Brute Force protection on port 2222
  12. PROTECTEDPORT=2222
  13. SERVICEPORT=22
  14. SERVICE=SSH
  15.  
  16. echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
  17. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
  18. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROP
  19. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
  20. ########################################
  21.  
  22. ########################################
  23. #FTP Brute Force protection on port 2221
  24. PROTECTEDPORT=2221
  25. SERVICEPORT=21
  26. SERVICE=FTP
  27.  
  28. echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
  29. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
  30. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROP
  31. iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
  32. ########################################
  33.  
  34. ########################################
  35. #Block URL on certain time for specified IP
  36. #
  37. #URL_STRING=facebook.com
  38. #LOCAL_IP=192.168.1.188
  39. #TIME_START=10:00
  40. #TIME_END=16:00
  41. #
  42. #echo Blocking $URL_STRING from $LOCAL_IP at time interval $TIME_START - $TIME_END
  43. #iptables -I FORWARD -s $LOCAL_IP -m string --string $URL_STRING --algo bm -m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $TIME_START --timestop $TIME_END -j DROP
  44. ########################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!