Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #CABAL FIREWALL SCRIPT BY PX2000
- clear
- service iptables stop
- IPTABLE="/sbin/iptables"
- $IPTABLE -F
- $IPTABLE -Z
- $IPTABLE -X
- #Cabal Secure Ports
- #DBAgent,GlobalMgrSvr,AuthDBAgent,RockAndRollITS,EventDBAgent
- #CashDBAgent,PCBangDBAgent,EventMgrSvr,GlobalDBAgent,PartySvr
- SecPorts="41387,42689,53311,62581,24567,41317,62811,32689,38180,63214"
- #Cabal Open Ports
- lPort="54329" #LoginSvr Port
- cPort="61387" #ChatNode Port
- aPort="53211" #AgentShop Port
- #WorldSvr Ports
- Port1="62356"
- Port2="62357"
- Port3="62358"
- Port4="62359"
- Port5="62360"
- Port6="62361"
- Port7="62363"
- Port8="58172"
- Port9="62362"
- PortSSH="6565"
- $IPTABLE -A INPUT -p tcp --dport $PortSSH -j ACCEPT
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp -m multiport --dports $SecPorts -j DROP
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $lPort -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $cPort -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $aPort -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port1 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port2 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port3 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port4 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port5 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port6 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port7 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port8 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- $IPTABLE -A INPUT ! -s 127.0.0.1 -p tcp --dport $Port9 -m string --hex-string '|0000e2b7|' --algo bm -j REJECT --reject-with tcp-reset
- # DoS Protection
- /sbin/iptables -A INPUT -p tcp --syn --dport 62356 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62357 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62358 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62359 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62360 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62361 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62362 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 62363 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 58172 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 54329 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 61387 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- /sbin/iptables -A INPUT -p tcp --syn --dport 53211 -m connlimit --connlimit-above 5 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
- #DROPAR TODO O RESTO NOT ALLOWED
- /sbin/iptables -A INPUT -j DROP
- /sbin/iptables -A FORWARD -j DROP
- service iptables save
- service iptables start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement