Dapadii

1. #!/bin/bash
2. #http://townx.org/simple_firewall_for_ubuntu_using_iptables
3. ############################################################
4. #---- Script to setup a simple firewall using iptables -----
5. ###
6. # * Blocks all incoming connections, except those opened by
7. # me, or related to already open connections
8. # * Blocks all forward requests
9. # * Allows all outgoing connections
10. ###
11. ############################################################
12.  
13. # Clearing all previous rules
14. iptables -F
15. # Setting Default Policies
16. iptables -P INPUT DROP
17. iptables -P OUTPUT ACCEPT
18. iptables -P FORWARD DROP
19. # Allowing already-established and related-incoming connections
20. #iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
21. #->better
22. iptables -A INPUT -p udp -s 0/0 --sport 53 -d 0/0 -j ACCEPT
23.  
24. #stealth + ppp  
25. iptables -A INPUT -i ppp+ -p udp -j DROP
26. iptables -A INPUT -i ppp+ -p tcp -m tcp --syn -j DROP
27. iptables -A INPUT -i ppp+ -p icmp -j DROP
28. iptables -A INPUT -j DROP -p tcp --sport 0
29. iptables -A INPUT -j DROP -p udp --sport 0
30. iptables -A INPUT -j DROP -p tcp --dport 0
31. iptables -A INPUT -j DROP -p udp --dport 0
32. iptables -A INPUT -j DROP -p tcp --sport 1
33. iptables -A INPUT -j DROP -p udp --sport 1
34. iptables -A INPUT -j DROP -p tcp --dport 1
35. iptables -A INPUT -j DROP -p udp --dport 1
36.  
37.  
38. #open ports www + ssh
39. iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
40. iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
41.  
42.  
43. #against bruteforce 3x1 min url: http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
44. iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
45. iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP