My FireWall !

iNulleD · Sep 30, 2016

Speaks Galera all beauty with you? Today I have come to bring basic protection of my servers because I saw several people with difficulty iptables make good use!

Link >
Or

Code:

#!/bin/bash # Projeto : FireWall ( Power By Steam Host ) # Contato : https://www.fb.com/matheusasales # Nome do Autor : Matheus F. Sales # Site do Autor : http://www.steamhost.com.br # Descrição : Anti-DDoS # Data Inicio : 13/09/2016 # Versão corrente: 0.5 # Limpando regras padrão echo "Limpando todas as regras do iptables" echo "..........................[OK]" iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X echo "Atualizando iptables" echo "..........................[OK]" # Alterando políticas padrão das chains iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Liberando loopback iptables -A INPUT -i lo -j ACCEPT # ===== REGRAS PERSONALIZADAS ====== # # ----------- TEAMSPEAK ---------------# # Porta Filetransfer iptables -A INPUT -p tcp --dport 30033 -j ACCEPT # Porta serverquery iptables -A INPUT -p tcp --dport 10011 -j ACCEPT # Porta weblist iptables -A OUTPUT -p udp --dport 2010 -j ACCEPT # Porta padrão da conta weblist iptables -A OUTPUT -p tcp --dport 2008 -j ACCEPT # Porta padrão TSDNS iptables -A INPUT -p tcp --dport 41144 -j ACCEPT # Portas Serviços TS # -->Clientes iptables -A INPUT -p udp --dport 9000:9500 -j ACCEPT # --> Parcerias iptables -A INPUT -p udp --dport 10000:10100 -j ACCEPT # ---------- FIM DO TEAMSPEAK --------------# # ------ OUTROS SERVIÇOS ----------------# # Libera ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Syn block iptables -A INPUT -p tcp --syn -j DROP # Liberando conexões estabelecidas iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Habilitando RP Filter echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter iptables -A INPUT -m state --state INVALID -j DROP # Criando Regras de conexão iptables -N UDPLENGTH iptables -A INPUT -p udp -j UDPLENGTH iptables -A UDPLENGTH -p udp -m length --length 0:100 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 101:150 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 151:200 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 201:250 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 251:300 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 301:350 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 351:400 -j ACCEPT iptables -A UDPLENGTH -p udp -m length --length 401:65530 -j ACCEPT

ixM7MDz · Oct 1, 2016

I like it

Keep Calm And Develope!

OGKush · Oct 22, 2016

How do I run/install this?

Terror · Oct 22, 2016

OGKush said:
How do I run/install this?

create a file called firewall in /etc/init.d/
open the file and copy the script above also check if you need to add / edit / remove any ports especially the ssh port
open a putty season and type:

Code:

chmod 755 /etc/init.d/firewall

and start the firewall with

Code:

/etc/init.d/firewall

try to open a new putty season while keeping the old open - this is important or you might lock yourself out. if you get a timeout run the following code in your old putty session and check if you forwarded the correct ports and start the firewall again.

Code:

    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

if everything works you can add the firewall to your autostart with

Code:

update-rc.d firewall defaults

My FireWall !

iNulleD

Member

ixM7MDz

OGKush

Member

Terror

Member