API tools faq
paste
Advertisement
TNFModding

Simple ovh tables

TNFModding
Jun 27th, 2022 (edited)
390
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.12 KB | None | 0 0
raw download clone embed print report
  1. apt install busybox -y
  2.  
  3. apt install iptables-persistent netfilter-persistent conntrack nftables -y
  4.  
  5. systemctl enable netfilter-persistent
  6. systemctl start netfilter-persistent
  7.  
  8. # Drop Protocols that are Fragmented but accept legit traffic
  9. iptables -A INPUT -f -j DROP
  10. iptables -A INPUT -p tcp -j ACCEPT
  11. iptables -A INPUT -p udp -j ACCEPT
  12. iptables -A INPUT -p icmp -j DROP
  13. iptables -A INPUT -p tcp -f -j DROP
  14. iptables -A INPUT -p udp -f -j DROP
  15. iptables -A INPUT -p icmp -f -j DROP
  16.  
  17. iptables --policy INPUT ACCEPT
  18. iptables --policy OUTPUT ACCEPT
  19. iptables --policy FORWARD ACCEPT
  20.  
  21. #Shitty Flags
  22. iptables -t raw -A PREROUTING -p gre -j DROP
  23. iptables -t raw -A PREROUTING -p esp -j DROP
  24. iptables -t raw -A PREROUTING -p ah -j DROP
  25.  
  26. #Shout Out to the Homie Trinity for these
  27. iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  28. iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  29. iptables -A INPUT -p udp --sport 25000:65535 -j DROP
  30. iptables -A INPUT -p udp -m length --length 1000:65500 -j DROP
  31.  
  32. iptables -t raw -A PREROUTING -p udp -m multiport --sports 111,19,137,27036,17185,3702,7,3283,161,5060,1434,69,389,520 -j DROP
  33. iptables -t raw -A PREROUTING -p udp -m multiport --sports 5093,50000,7001,11211,10001,10080,48899,27960,30718,2362,41794,32414,17,5683 -j DROP
  34. iptables -t raw -A PREROUTING -p udp -m multiport --sports 37810,500,502,1194,53413,2049,33848,68,524,47808,47811:47823 -j DROP
  35.  
  36.  
  37. #Drop Raw Methods
  38. iptables -A PREROUTING -t raw -m rpfilter --invert -j DROP
  39. ip6tables -A PREROUTING -t raw -m rpfilter --invert -j DROP
  40.  
  41. #Only use this if you are using Wireguard
  42. iptables -A INPUT -i wg0 -j ACCEPT
  43.  
  44. #Only use this if you are using Openvpn
  45. iptables -A INPUT -i tun0 -j ACCEPT
  46.  
  47. #Drop Internals ips
  48. iptables -A INPUT -s 10.7.0.0/24 -j ACCEPT
  49. iptables -A INPUT -s 10.0.0.0/8 -j DROP
  50. iptables -A INPUT -s 169.254.0.0/16 -j DROP
  51. iptables -A INPUT -s 172.16.0.0/12 -j DROP
  52. iptables -A INPUT -s 192.168.0.0/16 -j DROP
  53. iptables -A INPUT -s 224.0.0.0/3 -j DROP
  54. iptables -A INPUT -s 127.0.0.0/8 -j DROP
  55.  
  56. iptables-save > /etc/iptables/rules.v4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!