Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #http://townx.org/simple_firewall_for_ubuntu_using_iptables
- ############################################################
- #---- Script to setup a simple firewall using iptables -----
- ###
- # * Blocks all incoming connections, except those opened by
- # me, or related to already open connections
- # * Blocks all forward requests
- # * Allows all outgoing connections
- ###
- ############################################################
- # Clearing all previous rules
- iptables -F
- # Setting Default Policies
- iptables -P INPUT DROP
- iptables -P OUTPUT ACCEPT
- iptables -P FORWARD DROP
- # Allowing already-established and related-incoming connections
- #iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- #->better
- iptables -A INPUT -p udp -s 0/0 --sport 53 -d 0/0 -j ACCEPT
- #stealth + ppp
- iptables -A INPUT -i ppp+ -p udp -j DROP
- iptables -A INPUT -i ppp+ -p tcp -m tcp --syn -j DROP
- iptables -A INPUT -i ppp+ -p icmp -j DROP
- iptables -A INPUT -j DROP -p tcp --sport 0
- iptables -A INPUT -j DROP -p udp --sport 0
- iptables -A INPUT -j DROP -p tcp --dport 0
- iptables -A INPUT -j DROP -p udp --dport 0
- iptables -A INPUT -j DROP -p tcp --sport 1
- iptables -A INPUT -j DROP -p udp --sport 1
- iptables -A INPUT -j DROP -p tcp --dport 1
- iptables -A INPUT -j DROP -p udp --dport 1
- #open ports www + ssh
- iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
- iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
- #against bruteforce 3x1 min url: http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
- iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
- iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement