API tools faq
paste
Guest User

Untitled

a guest
Jan 24th, 2018
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.64 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. conntrack -F
  4.  
  5. iptables -P INPUT DROP
  6. iptables -P FORWARD DROP
  7. iptables -P OUTPUT ACCEPT
  8.  
  9. iptables -F
  10. iptables -X
  11.  
  12. iptables -A INPUT -i lo -j ACCEPT
  13.  
  14. iptables -A INPUT -m limit --limit 2/min -j NFLOG --nflog-prefix "DROP INPUT: " --nflog-group 1
  15. iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  16. iptables -A INPUT -m conntrack --ctstate INVALID -m limit --limit 2/min -j NFLOG --nflog-prefix "DROP INVALID IN: "
  17. iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
  18.  
  19.  
  20. iptables -A FORWARD -m conntrack --ctstate INVALID -j NFLOG --nflog-prefix "DROP INVALID FWD: "
  21. iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP
  22.  
  23.  
  24. iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  25. iptables -A OUTPUT -m conntrack --ctstate INVALID -m limit --limit 2/min -j NFLOG --nflog-prefix "DROP INVALID OUT: "
  26. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP
  27.  
  28. # Example configuration for ulogd
  29. # Adapted to Debian by Achilleas Kotsis <achille@debian.gr>
  30.  
  31. [global]
  32. ######################################################################
  33. # GLOBAL OPTIONS
  34. ######################################################################
  35.  
  36.  
  37. # logfile for status messages
  38. logfile="/var/log/ulogd.log"
  39.  
  40. # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
  41. # loglevel=1
  42.  
  43. ######################################################################
  44. # PLUGIN OPTIONS
  45. ######################################################################
  46.  
  47. # We have to configure and load all the plugins we want to use
  48.  
  49. # general rules:
  50. # 1. load the plugins _first_ from the global section
  51. # 2. options for each plugin in seperate section below
  52.  
  53.  
  54. plugin="@pkglibdir@/ulogd_inppkt_NFLOG.so"
  55. #plugin="@pkglibdir@/ulogd_inppkt_ULOG.so"
  56. #plugin="@pkglibdir@/ulogd_inppkt_UNIXSOCK.so"
  57. plugin="@pkglibdir@/ulogd_inpflow_NFCT.so"
  58. plugin="@pkglibdir@/ulogd_filter_IFINDEX.so"
  59. plugin="@pkglibdir@/ulogd_filter_IP2STR.so"
  60. plugin="@pkglibdir@/ulogd_filter_IP2BIN.so"
  61. #plugin="@pkglibdir@/ulogd_filter_IP2HBIN.so"
  62. plugin="@pkglibdir@/ulogd_filter_PRINTPKT.so"
  63. plugin="@pkglibdir@/ulogd_filter_HWHDR.so"
  64. plugin="@pkglibdir@/ulogd_filter_PRINTFLOW.so"
  65. #plugin="@pkglibdir@/ulogd_filter_MARK.so"
  66. plugin="@pkglibdir@/ulogd_output_LOGEMU.so"
  67. plugin="@pkglibdir@/ulogd_output_SYSLOG.so"
  68. plugin="@pkglibdir@/ulogd_output_XML.so"
  69. #plugin="@pkglibdir@/ulogd_output_SQLITE3.so"
  70. plugin="@pkglibdir@/ulogd_output_GPRINT.so"
  71. #plugin="@pkglibdir@/ulogd_output_NACCT.so"
  72. #plugin="@pkglibdir@/ulogd_output_PCAP.so"
  73. #plugin="@pkglibdir@/ulogd_output_PGSQL.so"
  74. #plugin="@pkglibdir@/ulogd_output_MYSQL.so"
  75. #plugin="@pkglibdir@/ulogd_output_DBI.so"
  76. plugin="@pkglibdir@/ulogd_raw2packet_BASE.so"
  77. plugin="@pkglibdir@/ulogd_inpflow_NFACCT.so"
  78. plugin="@pkglibdir@/ulogd_output_GRAPHITE.so"
  79. #plugin="@pkglibdir@/ulogd_output_JSON.so"
  80.  
  81. # this is a stack for logging packet send by system via LOGEMU
  82. #stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
  83.  
  84. # this is a stack for packet-based logging via LOGEMU
  85. #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
  86.  
  87. # this is a stack for ULOG packet-based logging via LOGEMU
  88. #stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
  89.  
  90. # this is a stack for packet-based logging via LOGEMU with filtering on MARK
  91. #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
  92.  
  93. # this is a stack for packet-based logging via GPRINT
  94. #stack=log1:NFLOG,gp1:GPRINT
  95.  
  96. # this is a stack for flow-based logging via LOGEMU
  97. #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
  98.  
  99. # this is a stack for flow-based logging via GPRINT
  100. #stack=ct1:NFCT,gp1:GPRINT
  101.  
  102. # this is a stack for flow-based logging via XML
  103. #stack=ct1:NFCT,xml1:XML
  104.  
  105. # this is a stack for logging in XML
  106. #stack=log1:NFLOG,xml1:XML
  107.  
  108. # this is a stack for accounting-based logging via XML
  109. #stack=acct1:NFACCT,xml1:XML
  110.  
  111. # this is a stack for accounting-based logging to a Graphite server
  112. #stack=acct1:NFACCT,graphite1:GRAPHITE
  113.  
  114. # this is a stack for NFLOG packet-based logging to PCAP
  115. #stack=log2:NFLOG,base1:BASE,pcap1:PCAP
  116.  
  117. # this is a stack for logging packet to MySQL
  118. #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
  119.  
  120. # this is a stack for logging packet to PGsql after a collect via NFLOG
  121. #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
  122.  
  123. # this is a stack for logging packet to JSON formatted file after a collect via NFLOG
  124. #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON
  125.  
  126. # this is a stack for logging packets to syslog after a collect via NFLOG
  127. #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
  128.  
  129. # this is a stack for logging packets to syslog after a collect via NuFW
  130. #stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
  131.  
  132. # this is a stack for flow-based logging to MySQL
  133. #stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
  134.  
  135. # this is a stack for flow-based logging to PGSQL
  136. #stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
  137.  
  138. # this is a stack for flow-based logging to PGSQL without local hash
  139. #stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
  140.  
  141. # this is a stack for flow-based logging to SQLITE3
  142. #stack=ct1:NFCT,sqlite3_ct:SQLITE3
  143.  
  144. # this is a stack for logging packet to SQLITE3
  145. #stack=log1:NFLOG,sqlite3_pkt:SQLITE3
  146.  
  147. # this is a stack for flow-based logging in NACCT compatible format
  148. #stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
  149.  
  150. # this is a stack for accounting-based logging via GPRINT
  151. #stack=acct1:NFACCT,gp1:GPRINT
  152.  
  153. [ct1]
  154. #netlink_socket_buffer_size=217088
  155. #netlink_socket_buffer_maxsize=1085440
  156. #netlink_resync_timeout=60 # seconds to wait to perform resynchronization
  157. #pollinterval=10 # use poll-based logging instead of event-driven
  158. # If pollinterval is not set, NFCT plugin will work in event mode
  159. # In this case, you can use the following filters on events:
  160. #accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
  161. #accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
  162. #accept_proto_filter=tcp,sctp # layer 4 proto of connections
  163.  
  164. [ct2]
  165. #netlink_socket_buffer_size=217088
  166. #netlink_socket_buffer_maxsize=1085440
  167. #reliable=1 # enable reliable flow-based logging (may drop packets)
  168. hash_enable=0
  169.  
  170. # Logging of system packet through NFLOG
  171. [log1]
  172. # netlink multicast group (the same as the iptables --nflog-group param)
  173. # Group O is used by the kernel to log connection tracking invalid message
  174. group=0
  175. #netlink_socket_buffer_size=217088
  176. #netlink_socket_buffer_maxsize=1085440
  177. # set number of packet to queue inside kernel
  178. #netlink_qthreshold=1
  179. # set the delay before flushing packet in the queue inside kernel (in 10ms)
  180. #netlink_qtimeout=100
  181.  
  182. # packet logging through NFLOG for group 1
  183. [log2]
  184. # netlink multicast group (the same as the iptables --nflog-group param)
  185. group=1 # Group has to be different from the one use in log1
  186. #netlink_socket_buffer_size=217088
  187. #netlink_socket_buffer_maxsize=1085440
  188. # If your kernel is older than 2.6.29 and if a NFLOG input plugin with
  189. # group 0 is not used by any stack, you need to have at least one NFLOG
  190. # input plugin with bind set to 1. If you don't do that you may not
  191. # receive any message from the kernel.
  192. #bind=1
  193.  
  194. # packet logging through NFLOG for group 2, numeric_label is
  195. # set to 1
  196. [log3]
  197. # netlink multicast group (the same as the iptables --nflog-group param)
  198. group=2 # Group has to be different from the one use in log1/log2
  199. numeric_label=1 # you can label the log info based on the packet verdict
  200. #netlink_socket_buffer_size=217088
  201. #netlink_socket_buffer_maxsize=1085440
  202. #bind=1
  203.  
  204. [ulog1]
  205. # netlink multicast group (the same as the iptables --ulog-nlgroup param)
  206. nlgroup=1
  207. #numeric_label=0 # optional argument
  208.  
  209. [nuauth1]
  210. socket_path="/tmp/nuauth_ulogd2.sock"
  211.  
  212. [emu1]
  213. file="/var/log/ulogd_syslogemu.log"
  214. sync=1
  215.  
  216. [op1]
  217. file="/var/log/ulogd_oprint.log"
  218. sync=1
  219.  
  220. [gp1]
  221. file="/var/log/ulogd_gprint.log"
  222. sync=1
  223. timestamp=1
  224.  
  225. [xml1]
  226. directory="/var/log/"
  227. sync=1
  228.  
  229. [json1]
  230. sync=1
  231. #file="/var/log/ulogd.json"
  232. #timestamp=0
  233. # device name to be used in JSON message
  234. #device="My awesome Netfilter firewall"
  235. # If boolean_label is set to 1 then the numeric_label put on packet
  236. # by the input plugin is coding the action on packet: if 0, then
  237. # packet has been blocked and if non null it has been accepted.
  238. #boolean_label=1
  239.  
  240. [pcap1]
  241. #default file is /var/log/ulogd.pcap
  242. #file="/var/log/ulogd.pcap"
  243. sync=1
  244.  
  245. [mysql1]
  246. db="nulog"
  247. host="localhost"
  248. user="nupik"
  249. table="ulog"
  250. pass="changeme"
  251. procedure="INSERT_PACKET_FULL"
  252. # backlog configuration:
  253. # set backlog_memcap to the size of memory that will be
  254. # allocated to store events in memory if data is temporary down
  255. # and insert them when the database came back.
  256. #backlog_memcap=1000000
  257. # number of events to insert at once when backlog is not empty
  258. #backlog_oneshot_requests=10
  259.  
  260. [mysql2]
  261. db="nulog"
  262. host="localhost"
  263. user="nupik"
  264. table="conntrack"
  265. pass="changeme"
  266. procedure="INSERT_CT"
  267.  
  268. [pgsql1]
  269. db="nulog"
  270. host="localhost"
  271. user="nupik"
  272. table="ulog"
  273. #schema="public"
  274. pass="changeme"
  275. procedure="INSERT_PACKET_FULL"
  276. # connstring can be used to define PostgreSQL connection string which
  277. # contains all parameters of the connection. If set, this value has
  278. # precedence on other variables used to build the connection string.
  279. # See http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
  280. # for a complete description of options.
  281. #connstring="host=localhost port=4321 dbname=nulog user=nupik password=changeme"
  282. #backlog_memcap=1000000
  283. #backlog_oneshot_requests=10
  284. # If superior to 1 a thread dedicated to SQL request execution
  285. # is created. The value stores the number of SQL request to keep
  286. # in the ring buffer
  287. #ring_buffer_size=1000
  288.  
  289. [pgsql2]
  290. db="nulog"
  291. host="localhost"
  292. user="nupik"
  293. table="ulog2_ct"
  294. #schema="public"
  295. pass="changeme"
  296. procedure="INSERT_CT"
  297.  
  298. [pgsql3]
  299. db="nulog"
  300. host="localhost"
  301. user="nupik"
  302. table="ulog2_ct"
  303. #schema="public"
  304. pass="changeme"
  305. procedure="INSERT_OR_REPLACE_CT"
  306.  
  307. [pgsql4]
  308. db="nulog"
  309. host="localhost"
  310. user="nupik"
  311. table="nfacct"
  312. #schema="public"
  313. pass="changeme"
  314. procedure="INSERT_NFACCT"
  315.  
  316. [dbi1]
  317. db="ulog2"
  318. dbtype="pgsql"
  319. host="localhost"
  320. user="ulog2"
  321. table="ulog"
  322. pass="ulog2"
  323. procedure="INSERT_PACKET_FULL"
  324.  
  325. [sqlite3_ct]
  326. table="ulog_ct"
  327. db="/var/log/ulogd.sqlite3db"
  328. buffer=200
  329.  
  330. [sqlite3_pkt]
  331. table="ulog_pkt"
  332. db="/var/log/ulogd.sqlite3db"
  333. buffer=200
  334.  
  335. [sys2]
  336. facility=LOG_LOCAL2
  337.  
  338. [nacct1]
  339. sync = 1
  340. #file = /var/log/ulogd_nacct.log
  341.  
  342. [mark1]
  343. mark = 1
  344.  
  345. [acct1]
  346. pollinterval = 2
  347. # If set to 0, we don't reset the counters for each polling (default is 1).
  348. #zerocounter = 0
  349. # Set timestamp (default is 0, which means not set). This timestamp can be
  350. # interpreted by the output plugin.
  351. #timestamp = 1
  352.  
  353. [graphite1]
  354. host="127.0.0.1"
  355. port="2003"
  356. # Prefix of data name sent to graphite server
  357. prefix="netfilter.nfacct"
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!