API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 30th, 2015
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. function start {
  4. echo "Whitelisting"
  5. cat /usr/local/etc/whitelist | while read ip; do
  6. iptables -I INPUT -s $ip -j ACCEPT
  7. iptables -I INPUT -d $ip -j ACCEPT
  8. iptables -I OUTPUT -s $ip -j ACCEPT
  9. iptables -I OUTPUT -d $ip -j ACCEPT
  10. iptables -I FORWARD -s $ip -j ACCEPT
  11. iptables -I FORWARD -d $ip -j ACCEPT
  12. done
  13. echo "Routing"
  14. iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
  15. iptables -t nat -A PREROUTING -d VIP1 -m tcp -p tcp --dport 80 -j DNAT --to-destination NET_SERV.201
  16. iptables -t nat -A PREROUTING -d VIP2 -m tcp -p tcp --dport 80 -j DNAT --to-destination NET_SERV.201
  17. iptables -t nat -A PREROUTING -d VIP3 -m tcp -p tcp --dport 80 -j DNAT --to-destination NET_SERV.201
  18. iptables -t nat -A PREROUTING -d VPN -m tcp -p tcp --dport 3006 -j DNAT --to-destination NET_SERV.101
  19. for chain in INPUT FORWARD; do
  20. echo "Block DOS - $chain - Ping of Death"
  21. iptables -A $chain -p ICMP --icmp-type echo-request -m length --length 60:65535 -j ACCEPT;
  22. echo "Block DOS - $chain - Teardrop"
  23. iptables -A $chain -p UDP -f -j DROP;
  24. echo "Block DDOS - $chain - SYN-flood"
  25. iptables -A $chain -p TCP ! --syn -m state --state NEW -j TARPIT;
  26. iptables -A $chain -p TCP ! --syn -m state --state NEW -j DROP;
  27. echo "Block DDOS - $chain - Smurf"
  28. iptables -A $chain -m pkttype --pkt-type broadcast -j DROP;
  29. iptables -A $chain -p ICMP --icmp-type echo-request -m pkttype --pkt-type broadcast -j DROP;
  30. iptables -A $chain -p ICMP --icmp-type echo-request -m limit --limit 3/s -j ACCEPT;
  31. echo "Block DDOS - $chain - UDP-flood (Pepsi)"
  32. iptables -A $chain -p UDP --dport 7 -j DROP;
  33. iptables -A $chain -p UDP --dport 19 -j DROP;
  34. echo "Block DDOS - $chain - SMBnuke"
  35. iptables -A $chain -p UDP --dport 135:139 -j DROP;
  36. iptables -A $chain -p TCP --dport 135:139 -j TARPIT;
  37. iptables -A $chain -p TCP --dport 135:139 -j DROP;
  38. echo "Block DDOS - $chain - Connection-flood"
  39. iptables -A $chain -p TCP --syn -m connlimit --connlimit-above 25 -j TARPIT;
  40. iptables -A $chain -p TCP --syn -m connlimit --connlimit-above 25 -j DROP;
  41. echo "Block DDOS - $chain - Fraggle"
  42. iptables -A $chain -p UDP -m pkttype --pkt-type broadcast -j DROP;
  43. iptables -A $chain -p UDP -m limit --limit 3/s -j ACCEPT;
  44. echo "Block DDOS - $chain - Jolt"
  45. iptables -A $chain -p ICMP -f -j DROP;
  46. done
  47. /etc/init.d/portsentry start
  48. }
  49. function stop {
  50. /etc/init.d/portsentry stop
  51. iptables -F
  52. iptables -X
  53. iptables -F -t nat
  54. iptables -X -t nat
  55. }
  56. case "$1" in
  57. start)
  58. start
  59. ;;
  60. stop)
  61. stop
  62. ;;
  63. restart|reload)
  64. stop
  65. start
  66. ;;
  67. *)
  68. echo "$0 <start|stop|restart|reload>"
  69. exit 1
  70. ;;
  71. esac
  72. exit 0
  73. #
  74. # End of file
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!