Firewall rules

1. #!/bin/sh
2.  
3. # firewall.rull
4.  
5. #Flush table :
6. iptables -F
7. iptables -X
8.  
9. #change policy
10. iptables -P INPUT DROP
11. iptables -P OUTPUT DROP
12. iptables -P FORWARD DROP
13.  
14. #Autorise established connexions
15. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
16. iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
17.  
18. #Manage SSH
19. iptables -A INPUT -p tcp --dport 2222 -i enp0s3 -j ACCEPT
20. iptables -A INPUT -p tcp --dport 2222 -m state --state NEW -m recent --name BLACKLIST --set
21. iptables -A INPUT -p tcp --dport 2222 -m state --state NEW -m recent --name BLACKLIST --update --seconds 60 --hitcount 5 --rttl -j DROP
22.  
23. #Manage DNS
24. iptables -A OUTPUT --protocol udp --destination-port 53 -j ACCEPT
25. iptables -A INPUT --protocol udp --dport 53 -j ACCEPT
26. iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --name BLACKLIST --set
27. iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --name BLACKLIST --update --seconds 10 --hitcount 10 --rttl -j DROP
28.  
29. #Manage HTTP
30. iptables -A INPUT -p tcp --dport http -i enp0s3 -j ACCEPT
31. iptables -A OUTPUT -p tcp -m multiport --dports http -j ACCEPT
32. iptables -A INPUT -p tcp --dport http -m state --state NEW -m recent --name BLACKLIST --set
33. iptables -A INPUT -p tcp --dport http -m state --state NEW -m recent --name BLACKLIST --update --seconds 10 --hitcount 10 --rttl -j DROP
34.  
35. #Manage HTTPS
36. iptables -A INPUT -p tcp --dport https -i enp0s3 -j ACCEPT
37. iptables -A OUTPUT -p tcp -m multiport --dports https -j ACCEPT
38. iptables -A INPUT -p tcp --dport https -m state --state NEW -m recent --name BLACKLIST --set
39. iptables -A INPUT -p tcp --dport https -m state --state NEW -m recent --name BLACKLIST --update --seconds 10 --hitcount 10 --rttl -j DROP
40.  
41. # Mail SMTP:25
42. #iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
43. #iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
44. #iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name BLACKLIST --set
45. #iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name BLACKLIST --update --seconds 10 --hitcount 10 --rttl -j DROP
46.  
47. #manage Mail SMTP:MailHub
48. iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
49. iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
50. iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent --name BLACKLIST --set
51. iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent --name BLACKLIST --update --seconds 10 --hitcount 10 --rttl -j DROP
52.  
53. #manage Port Scan
54. iptables -A INPUT -i enp0s3 -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
55. iptables -A INPUT -i enp0s3 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
56. iptables -A INPUT -i enp0s3 -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP
57.  
58. #Incoming malformed XMAS packets
59. iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL ALL -j DROP
60. #Incoming malformed NULL packets
61. iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL NONE -j DROP
62.  
63. #Adding Security ruls
64. iptables -A INPUT -p all -j DROP
65. iptables -A OUTPUT -p all -j DROP
66. iptables -A FORWARD -p all -j DROP
67.  
68. #Log to the file
69. iptables -N LOGGING
70. iptables -A INPUT -j LOGGING
71. iptables -A OUTPUT -j LOGGING
72. iptables -A FORWARD -j LOGGING
73. iptables -A LOGGING -m limit --limit 4/sec -j LOG --log-level 4 --log-prefix "IPTables-Dropped: "
74. iptables -A LOGGING -j DROP