Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ipset create blacklist -exist hash:net family inet hashsize 16384 maxelem 131072
- ipset create bl-tcp-ports bitmap:port range 0-65535
- ipset create bl-udp-ports bitmap:port range 0-65535
- ipset add bl-tcp-ports 21 ## File Transfer Protocol (FTP)
- ipset add bl-tcp-ports 22 ## Secure Shell (SSH), secure logins, file transfers (scp, sftp) and port forwarding
- ipset add bl-tcp-ports 23 ## Telnet protocol—unencrypted text communications
- ipset add bl-tcp-ports 88 ## Kerberos authentication system
- ipset add bl-tcp-ports 445 ## SMB Windows Shares
- ipset add bl-tcp-ports 1080 ## Socks Proxy
- ipset add bl-tcp-ports 1433 ## Microsoft SQL Server database management system (MSSQL) server
- ipset add bl-tcp-ports 2323 ## TELNET-ALT
- ipset add bl-tcp-ports 3306 ## MySQL database system
- ipset add bl-tcp-ports 3389 ## Microsoft Terminal Server (RDP)
- ipset add bl-tcp-ports 5060 ## Session Initiation Protocol (SIP)
- ipset add bl-tcp-ports 5061 ## Session Initiation Protocol (SIP) over TLS
- ipset add bl-tcp-ports 5900 ## Virtual Network Computing (VNC) Remote Frame Buffer RFB protocol
- ipset add bl-udp-ports 69 ## Trivial File Transfer Protocol (TFTP)
- ipset add bl-udp-ports 123 ## Network Time Protocol (NTP)
- ipset add bl-udp-ports 135 ##
- ipset add bl-udp-ports 137 ##
- ipset add bl-udp-ports 138 ##
- ipset add bl-udp-ports 139 ##
- ipset add bl-udp-ports 445 ## SMB Windows Shares
- ipset add bl-udp-ports 5060 ## Session Initiation Protocol (SIP)
- iptables -I FORWARD 1 -p tcp -m tcp -m set --match-set bl-tcp-ports dst -j SET --add-set blacklist src
- iptables -I FORWARD 2 -p udp -m udp -m set --match-set bl-udp-ports dst -j SET --add-set blacklist src
- iptables -I FORWARD 3 -m set --match-set blacklist src -j LOG
- iptables -I FORWARD 4 -m set --match-set blacklist src -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement