Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- aptitude install iptables iptables-persistent fail2ban
- service fail2ban stop
- iptables -F
- iptables -X
- #DENY
- iptables -I INPUT -s 79.135.179.221 -p tcp --dport 10011 -j ACCEPT
- iptables -I INPUT -s 79.135.179.221 -p udp --dport 10011 -j ACCEPT
- iptables -I INPUT -s 5.196.218.147 -j ACCEPT
- iptables -I INPUT -s 5.196.218.147 -p tcp --dport 10011 -j ACCEPT
- iptables -I INPUT -s 5.196.218.147 -p udp --dport 10011 -j ACCEPT
- iptables -I INPUT -s 127.0.0.1/8 -j ACCEPT
- iptables -I INPUT -s 108.61.78.150 -j ACCEPT
- iptables -I INPUT -s 108.61.78.149 -j ACCEPT
- iptables -I INPUT -s 108.61.78.148 -j ACCEPT
- iptables -I INPUT -s 108.61.78.147 -j ACCEPT
- iptables -I INPUT -s 208.167.241.189 -j ACCEPT
- iptables -I INPUT -s 208.167.241.183 -j ACCEPT
- iptables -I INPUT -s 208.167.241.186 -j ACCEPT
- iptables -I INPUT -s 208.167.241.185 -j ACCEPT
- iptables -I INPUT -s 208.167.241.190 -j ACCEPT
- iptables -I INPUT -s 188.165.121.219 -j ACCEPT
- iptables -I INPUT -s 31.14.135.45 -j DROP
- iptables -I INPUT -s 5.249.159.251 -j DROP
- iptables -I INPUT -s 212.27.32.66/32 -j DROP
- iptables -I INPUT -s 10.224.40.254 -j DROP
- iptables -I INPUT -s 10.224.40.6 -j DROP
- iptables -I INPUT -s 64.250.115.108 -j DROP
- iptables -I INPUT -s 64.250.115.106 -j DROP
- iptables -A INPUT -m state --state INVALID -j DROP
- iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m limit --limit 200/minute --limit-burst 200 -j ACCEPT
- iptables -N ts3droper
- iptables -A INPUT -p udp -m udp -m string --algo bm --hex-string '|545333494e|' -m limit --limit 200/s --limit-burst 250 -j ACCEPT
- iptables -A INPUT -p udp -m udp -m string --algo bm --hex-string '|545333494e|' -j ts3droper
- iptables -A ts3droper -m limit --limit 100/min -j LOG --log-prefix "TS3droper: " --log-level 4
- iptables -A ts3droper -j DROP
- iptables -N DENY
- iptables -A DENY -p tcp -m tcp -m limit --limit 80/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with tcp-reset
- iptables -A DENY -m limit --limit 80/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with icmp-proto-unreachable
- iptables -A DENY -p tcp ! --syn -m state --state NEW -j DROP
- iptables -A DENY -f -j DROP
- iptables -A DENY -p tcp --tcp-flags ALL ALL -j DROP
- iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
- iptables -A DENY -p icmp --icmp-type echo-request -m limit --limit 1/s -m comment --comment "Limit Ping Flood" -j ACCEPT
- iptables -A DENY -j LOG --log-prefix "PORT DENIED: " --log-level 5 --log-ip-options --log-tcp-options --log-tcp-sequence
- iptables -A DENY -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -m comment --comment "Anti-Portscan" -j ACCEPT
- iptables -A DENY -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -m comment --comment "Anti-Portscan2" -j ACCEPT
- #Drop unusual flags
- iptables -A DENY -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
- iptables -A DENY -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
- iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
- iptables -A DENY -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
- iptables -A DENY -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
- iptables -A DENY -m comment --comment "Ignore everything else" -j DROP
- #BLOCKED
- iptables -N BLOCKED
- #ALLOWED
- iptables -N ALLOWED
- #iptables -A ALLOWED -s 79.135.179.221 -j ACCEPT ###EDIT AND UNCOMMENT THIS LINE!
- #iptables -A ALLOWED -s 178.37.44.34 -j ACCEPT ###EDIT AND UNCOMMENT THIS LINE!
- #SERVICES
- iptables -N SERVICES
- iptables -A SERVICES -p tcp -m tcp --dport 53 -m comment --comment "Allow: DNS" -j DROP
- iptables -A SERVICES -p udp -m udp --dport 53 -m comment --comment "Allow: DNS" -j DROP
- iptables -A SERVICES -p udp -m udp --dport 9987 -m comment --comment "Allow: join" -j ACCEPT
- iptables -A SERVICES -p tcp -m tcp --dport 22 -m comment --comment "Allow: SSH-Access" -j ACCEPT
- iptables -A SERVICES -p tcp -m multiport --dports 80,8080,443 -m comment --comment "ACCEPT: Webserver" -j ACCEPT
- iptables -A SERVICES -j RETURN
- #TEAMSPEAK
- iptables -N TEAMSPEAK
- #iptables -A TEAMSPEAK -p tcp -m tcp --dport 2008 -m comment --comment "Allow: TeamSpeak Accounting" -j ACCEPT
- iptables -A TEAMSPEAK -p tcp -m tcp --dport 10011 -m comment --comment "Allow: TeamSpeak ServerQuery" -j DROP
- iptables -A INPUT -p tcp -m udp --dport 53 -m comment --comment "53" -j DROP
- iptables -A INPUT -p tcp -m tcp --dport 53 -m comment --comment "53" -j DROP
- iptables -A INPUT -p udp -m tcp --dport 53 -m comment --comment "53" -j DROP
- iptables -A INPUT -p TCP --dport 10011 -j REJECT
- iptables -A INPUT -p UDP --dport 10011 -j REJECT
- iptables -A TEAMSPEAK -p tcp -m multiport --dports 30033 -m comment --comment "Allow: TeamSpeak FileTransfer" -j ACCEPT
- iptables -A TEAMSPEAK -p tcp -m tcp --dport 41144 -m comment --comment "Allow: TeamSpeak TSDNS" -j ACCEPT
- #iptables -A TEAMSPEAK -p udp -m udp --dport 1:65535 -m comment --comment "Allow: TeamSpeak Voiceports" -j ACCEPT
- iptables -A TEAMSPEAK -j RETURN
- #INPUT
- iptables -A INPUT -p icmp -j DROP
- iptables -A INPUT -m comment --comment "Allow Whitelisted IP's" -j ALLOWED
- iptables -A INPUT -m comment --comment "Block Blacklisted IP's" -j BLOCKED
- iptables -A INPUT -i lo -m comment --comment "Allow: Loopback" -j ACCEPT
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow: Related and Established Connections" -j ACCEPT
- iptables -A INPUT -m comment --comment "Allow Default Services" -j SERVICES
- iptables -A INPUT -m comment --comment "Allow TeamSpeak Services" -j TEAMSPEAK
- iptables -A INPUT -p icmp -m comment --comment "Allow: ICMP" -j DROP
- iptables -A INPUT -m comment --comment "Ignore everything else" -j DENY
- iptables -P INPUT DROP
- /etc/init.d/iptables-persistent save
- service fail2ban start
- clear
- iptables -L
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement