Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This file is interpreted as shell script.
- # Put your custom iptables rules here, they will
- # be executed with each firewall (re-)start.
- BRUTEFORCE_PROTECTION_START=3
- BRUTEFORCE_DROPPORT=55555
- PROTO=tcp
- ROUTERIP=$(uci get network.lan.ipaddr)
- ########################################
- #SSH Brute Force protection on port 2222
- PROTECTEDPORT=2222
- SERVICEPORT=22
- SERVICE=SSH
- echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
- ########################################
- ########################################
- #FTP Brute Force protection on port 2221
- PROTECTEDPORT=2221
- SERVICEPORT=21
- SERVICE=FTP
- echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
- iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
- ########################################
- ########################################
- #Block URL on certain time for specified IP
- #
- #URL_STRING=facebook.com
- #LOCAL_IP=192.168.1.188
- #TIME_START=10:00
- #TIME_END=16:00
- #
- #echo Blocking $URL_STRING from $LOCAL_IP at time interval $TIME_START - $TIME_END
- #iptables -I FORWARD -s $LOCAL_IP -m string --string $URL_STRING --algo bm -m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $TIME_START --timestop $TIME_END -j DROP
- ########################################
- ########################################
- #Próbálkozások megakadályozása a 94.23.201.82 IP-ről
- iptables -I INPUT -s 94.23.201.82 -j DROP
- ########################################
- iptables -A INPUT -p udp --dport 68 -j DROP
- iptables -A INPUT -p udp --dport 67 -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement