Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- HIT='9'
- SECONDS='30'
- echo "Cancello iptables"
- iptables -F INPUT
- iptables -F OUTPUT
- iptables -F Minecraft
- iptables -t raw -F
- iptables -X Minecraft
- #protezione basilare
- iptables -A INPUT -p gre -j ACCEPT
- iptables -A OUTPUT -p gre -j ACCEPT
- echo "Creo le regole"
- iptables -N Minecraft
- iptables -A INPUT -i eth0 -p tcp -m tcp --dport 25565 -m state --state NEW -j Minecraft
- iptables -A Minecraft -m recent --set --name BOT --rsource
- iptables -A Minecraft -m recent --update --seconds $SECONDS --hitcount $HIT --name BOT --rsource
- -j LOG --log-prefix "Attacco BOT in corso " --log-level 6
- echo "blocco"
- iptables -A Minecraft -p tcp -m recent --update --seconds $SECONDS --hitcount $HIT --name BOT --r
- source -j DROP
- echo "Fine creazione"
- iptables -A OUTPUT -p udp --dport 53 -d 62.141.32.5 -j ACCEPT
- iptables -A OUTPUT -p udp --dport 53 -d 62.141.32.4 -j ACCEPT
- iptables -A OUTPUT -p udp --dport 53 -d 62.141.32.3 -j ACCEPT
- iptables -A OUTPUT -p udp --dport 53 -d 62.141.32.2 -j ACCEPT
- iptables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 4 -j LOG --log-prefix
- "TROPPE CONNESSIONI " --log-level 6
- iptables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 4 -j DROP
- iptables -A INPUT -m state --state INVALID -j DROP
- iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
- iptables -A INPUT -f -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- #configurazioni kernel
- sysctl -w net/ipv4/tcp_syncookies=1
- sysctl -w net/ipv4/tcp_timestamps=1
- sysctl -w net/netfilter/nf_conntrack_tcp_loose=0
- echo 2500000 > /sys/module/nf_conntrack/parameters/hashsize
- sysctl -w net/netfilter/nf_conntrack_max=2000000
- #protezione connectTrack
- iptables -t raw -I PREROUTING -p tcp --syn -j CT --notrack
- iptables -I INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm
- --timestamp --wscale 7 --mss 1460
- iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
- #Blocco tutto il traffico UDP eccetto i DNS
- echo "Protocollo UDP Bloccato"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement