Advertisement
Guest User

Untitled

a guest
Feb 23rd, 2017
144
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.58 KB | None | 0 0
  1. aptitude install iptables iptables-persistent fail2ban
  2. service fail2ban stop
  3. iptables -F
  4. iptables -X
  5. #DENY
  6. iptables -I INPUT -s 79.135.179.221 -p tcp --dport 10011 -j ACCEPT
  7. iptables -I INPUT -s 79.135.179.221 -p udp --dport 10011 -j ACCEPT
  8. iptables -I INPUT -s 5.196.218.147 -j ACCEPT
  9. iptables -I INPUT -s 5.196.218.147 -p tcp --dport 10011 -j ACCEPT
  10. iptables -I INPUT -s 5.196.218.147 -p udp --dport 10011 -j ACCEPT
  11. iptables -I INPUT -s 127.0.0.1/8 -j ACCEPT
  12. iptables -I INPUT -s 108.61.78.150 -j ACCEPT
  13. iptables -I INPUT -s 108.61.78.149 -j ACCEPT
  14. iptables -I INPUT -s 108.61.78.148 -j ACCEPT
  15. iptables -I INPUT -s 108.61.78.147 -j ACCEPT
  16. iptables -I INPUT -s 208.167.241.189 -j ACCEPT
  17. iptables -I INPUT -s 208.167.241.183 -j ACCEPT
  18. iptables -I INPUT -s 208.167.241.186 -j ACCEPT
  19. iptables -I INPUT -s 208.167.241.185 -j ACCEPT
  20. iptables -I INPUT -s 208.167.241.190 -j ACCEPT
  21. iptables -I INPUT -s 188.165.121.219 -j ACCEPT
  22. iptables -I INPUT -s 31.14.135.45 -j DROP
  23. iptables -I INPUT -s 5.249.159.251 -j DROP
  24. iptables -I INPUT -s 212.27.32.66/32 -j DROP
  25. iptables -I INPUT -s 10.224.40.254 -j DROP
  26. iptables -I INPUT -s 10.224.40.6 -j DROP
  27. iptables -I INPUT -s 64.250.115.108 -j DROP
  28. iptables -I INPUT -s 64.250.115.106 -j DROP
  29. iptables -A INPUT -m state --state INVALID -j DROP
  30. iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m limit --limit 200/minute --limit-burst 200 -j ACCEPT
  31. iptables -N ts3droper
  32. iptables -A INPUT -p udp -m udp -m string --algo bm --hex-string '|545333494e|' -m limit --limit 200/s --limit-burst 250 -j ACCEPT
  33. iptables -A INPUT -p udp -m udp -m string --algo bm --hex-string '|545333494e|' -j ts3droper
  34. iptables -A ts3droper -m limit --limit 100/min -j LOG --log-prefix "TS3droper: " --log-level 4
  35. iptables -A ts3droper -j DROP
  36. iptables -N DENY
  37. iptables -A DENY -p tcp -m tcp -m limit --limit 80/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with tcp-reset
  38. iptables -A DENY -m limit --limit 80/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with icmp-proto-unreachable
  39. iptables -A DENY -p tcp ! --syn -m state --state NEW -j DROP
  40. iptables -A DENY -f -j DROP
  41. iptables -A DENY -p tcp --tcp-flags ALL ALL -j DROP
  42. iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
  43. iptables -A DENY -p icmp --icmp-type echo-request -m limit --limit 1/s -m comment --comment "Limit Ping Flood" -j ACCEPT
  44. iptables -A DENY -j LOG --log-prefix "PORT DENIED: " --log-level 5 --log-ip-options --log-tcp-options --log-tcp-sequence
  45. iptables -A DENY -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -m comment --comment "Anti-Portscan" -j ACCEPT
  46. iptables -A DENY -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -m comment --comment "Anti-Portscan2" -j ACCEPT
  47. #Drop unusual flags
  48. iptables -A DENY -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
  49. iptables -A DENY -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
  50. iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
  51. iptables -A DENY -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
  52. iptables -A DENY -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
  53. iptables -A DENY -m comment --comment "Ignore everything else" -j DROP
  54. #BLOCKED
  55. iptables -N BLOCKED
  56. #ALLOWED
  57. iptables -N ALLOWED
  58. #iptables -A ALLOWED -s 79.135.179.221 -j ACCEPT ###EDIT AND UNCOMMENT THIS LINE!
  59. #iptables -A ALLOWED -s 178.37.44.34 -j ACCEPT ###EDIT AND UNCOMMENT THIS LINE!
  60. #SERVICES
  61. iptables -N SERVICES
  62. iptables -A SERVICES -p tcp -m tcp --dport 53 -m comment --comment "Allow: DNS" -j DROP
  63. iptables -A SERVICES -p udp -m udp --dport 53 -m comment --comment "Allow: DNS" -j DROP
  64. iptables -A SERVICES -p udp -m udp --dport 9987 -m comment --comment "Allow: join" -j ACCEPT
  65. iptables -A SERVICES -p tcp -m tcp --dport 22 -m comment --comment "Allow: SSH-Access" -j ACCEPT
  66. iptables -A SERVICES -p tcp -m multiport --dports 80,8080,443 -m comment --comment "ACCEPT: Webserver" -j ACCEPT
  67. iptables -A SERVICES -j RETURN
  68. #TEAMSPEAK
  69. iptables -N TEAMSPEAK
  70. #iptables -A TEAMSPEAK -p tcp -m tcp --dport 2008 -m comment --comment "Allow: TeamSpeak Accounting" -j ACCEPT
  71. iptables -A TEAMSPEAK -p tcp -m tcp --dport 10011 -m comment --comment "Allow: TeamSpeak ServerQuery" -j DROP
  72. iptables -A INPUT -p tcp -m udp --dport 53 -m comment --comment "53" -j DROP
  73. iptables -A INPUT -p tcp -m tcp --dport 53 -m comment --comment "53" -j DROP
  74. iptables -A INPUT -p udp -m tcp --dport 53 -m comment --comment "53" -j DROP
  75. iptables -A INPUT -p TCP --dport 10011 -j REJECT
  76. iptables -A INPUT -p UDP --dport 10011 -j REJECT
  77. iptables -A TEAMSPEAK -p tcp -m multiport --dports 30033 -m comment --comment "Allow: TeamSpeak FileTransfer" -j ACCEPT
  78. iptables -A TEAMSPEAK -p tcp -m tcp --dport 41144 -m comment --comment "Allow: TeamSpeak TSDNS" -j ACCEPT
  79. #iptables -A TEAMSPEAK -p udp -m udp --dport 1:65535 -m comment --comment "Allow: TeamSpeak Voiceports" -j ACCEPT
  80. iptables -A TEAMSPEAK -j RETURN
  81. #INPUT
  82. iptables -A INPUT -p icmp -j DROP
  83. iptables -A INPUT -m comment --comment "Allow Whitelisted IP's" -j ALLOWED
  84. iptables -A INPUT -m comment --comment "Block Blacklisted IP's" -j BLOCKED
  85. iptables -A INPUT -i lo -m comment --comment "Allow: Loopback" -j ACCEPT
  86. iptables -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow: Related and Established Connections" -j ACCEPT
  87. iptables -A INPUT -m comment --comment "Allow Default Services" -j SERVICES
  88. iptables -A INPUT -m comment --comment "Allow TeamSpeak Services" -j TEAMSPEAK
  89. iptables -A INPUT -p icmp -m comment --comment "Allow: ICMP" -j DROP
  90. iptables -A INPUT -m comment --comment "Ignore everything else" -j DENY
  91. iptables -P INPUT DROP
  92. /etc/init.d/iptables-persistent save
  93. service fail2ban start
  94. clear
  95. iptables -L
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement