Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # sample configuration for ip6tables service
- # you can edit this manually or use system-config-firewall
- # please do not ask us to add additional ports/services to this default configuration
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp6-adm-prohibited
- -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
- COMMIT
- [root@ip-172-31-45-61 ~]# cat /etc/sysconfig/iptables
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- *mangle
- -A OUTPUT -p udp -m udp --sport 5060 -j DSCP --set-dscp-class cs3
- -A OUTPUT -p udp -m udp --dport 5060 -j DSCP --set-dscp-class cs3
- -A OUTPUT -p udp -m udp --sport 16384:32767 -j DSCP --set-dscp-class ef
- COMMIT
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- #Blacklist
- -A INPUT -s 186.225.25.133 -j DROP
- -A INPUT -s 104.206.96.186 -j DROP
- -A INPUT -s 163.172.205.227 -j DROP
- -A INPUT -s 195.154.230.48 -m state --state NEW -j DROP
- -A INPUT -s 199.48.164.49 -m state --state NEW -j DROP
- -A INPUT -s 212.129.2.176 -m state --state NEW -j DROP
- -A INPUT -s 46.165.243.199 -m state --state NEW -j DROP
- -A INPUT -s 100.81.7.51 -m state --state NEW -j DROP
- -A INPUT -s 195.154.63.172 -m state --state NEW -j DROP
- #Fim Blacklist
- #--------------------- Regras para Gerenciamento do Servidor
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 22004 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
- -A INPUT -s 54.94.218.234 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- -A INPUT -i lo -p tcp --dport mysql -j ACCEPT
- -A INPUT -p tcp --dport mysql -j DROP
- -A INPUT -p icmp --icmp-type echo-request -j REJECT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j REJECT
- #ZABBIX
- -A INPUT -m state --state NEW -m udp -p udp -s 172.31.39.188 --match multiport --dports 161,10050,10051 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp -s 54.94.218.234 --match multiport --dports 161,10050,10051 -j ACCEPT
- #--------------------- Fim Regras para Gerenciamento do Servidor
- #--------- Regra Temporario
- #--------- FIM Regra Temporario
- #Regras para ataques conhecidos
- -A INPUT -j DROP -p udp -m string --string "pplsip" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sipcli" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sipvicious" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sip-scan" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sipsak" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sundayddr" --algo bm
- -A INPUT -j DROP -p udp -m string --string "friendly-scanner" --algo bm
- -A INPUT -j DROP -p udp -m string --string "iWar" --algo bm
- -A INPUT -j DROP -p udp -m string --string "CSipSimple" --algo bm
- -A INPUT -j DROP -p udp -m string --string "SIVuS" --algo bm
- -A INPUT -j DROP -p udp -m string --string "Gulp" --algo bm
- -A INPUT -j DROP -p udp -m string --string "sipv" --algo bm
- -A INPUT -j DROP -p udp -m string --string "smap" --algo bm
- -A INPUT -j DROP -p udp -m string --string "friendly-request" --algo bm
- -A INPUT -j DROP -p udp -m string --string "VaxIPUserAgent" --algo bm
- -A INPUT -j DROP -p udp -m string --string "VaxSIPUserAgent" --algo bm
- -A INPUT -j DROP -p udp -m string --string "siparmyknife" --algo bm
- -A INPUT -j DROP -p udp -m string --string "Test" --algo bm
- -A INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm
- -A INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm
- -A INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
- -A INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm
- -A INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm
- -A INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxIPUserAgent" --algo bm
- -A INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm
- -A INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxIPUserAgent" --algo bm
- -A INPUT -p udp -m udp --dport 5060 -m string --string "iWar" --algo bm --to 65535 -j DROP
- -A INPUT -p udp -m udp --dport 5060 -m string --string "sipvicious" --algo bm --to 65535 -j DROP
- -A INPUT -p udp -m udp --dport 5060 -m string --string "sipsak" --algo bm --to 65535 -j DROP
- -A INPUT -p udp -m udp --dport 5060 -m string --string "sundayddr" --algo bm --to 65535 -j DROP
- -A INPUT -p udp -m udp --dport 5060 -m string --string "friendly-scanner" --algo bm --to 65535 -j DROP
- -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
- -A INPUT -f -j DROP
- -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
- -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- ##Fim da Regras para ataques conhecidos
- #-----------------------Provedores----------------------
- # -------- CODEXX SPV
- -A INPUT -s 52.67.120.136 -m state --state NEW -m udp -p udp -m udp --dport 5060:5061 -j ACCEPT
- -A INPUT -s 52.67.120.136 -m state --state NEW -m udp -p udp -m udp --dport 10000:60000 -j ACCEPT
- ####-------- Fim SPV
- # -------- IPCORP
- -A INPUT -s 177.38.217.16 -m state --state NEW -m udp -p udp -m udp --dport 5060:5061 -j ACCEPT
- -A INPUT -s 177.38.217.16 -m state --state NEW -m udp -p udp -m udp --dport 10000:60000 -j ACCEPT
- ####-------- Fim IPCORP
- #-----------------------Fim Provedores----------------------
- #-----------------------Clientes Registrados atraves da Internet----------------------
- -A INPUT -m state --state NEW -m udp -p udp -m udp --dport 5060:5061 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp -m udp --dport 10000:20000 -j ACCEPT
- # TALKIP
- -A INPUT -s 186.225.25.132 -m state --state NEW -m udp -p udp -m udp --dport 4569 -j ACCEPT
- -A INPUT -s 186.225.25.132 -m state --state NEW -m tcp -p tcp -m tcp --dport 4569 -j ACCEPT
- ####----- FIM TALKIP
- #-----------------------Fim Clientes Registrados atraves da Internet----------------------
- #Fim Regras Para uso do VoIP
- ##Regra pra uso do NFS
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p udp --dport 111 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 111 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 32803 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 892 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p udp --dport 32769 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 875 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p udp --dport 875 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p tcp --dport 662 -j ACCEPT
- -A INPUT -s 172.31.39.188,172.31.39.189 -m state --state NEW -p udp --dport 662 -j ACCEPT
- ###----Fim Rede interna
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement