My iptables script

[timodohmen]

nano firewall.sh;chmod 755 firewall.sh;./firewall.sh

#!/bin/sh
### BEGIN INIT INFO
# Provides:  iptables
# Required-Start:  $local_fs $network
# Required-Stop:  $local_fs $network
# Default-Start:  2 3 4 5
# Default-Stop:  0 1 6
# Short-Description: Firewall Rules for iptables
# Description: EDIT THIS FILE TO YOUR NEEDS BEFORE EXECUTING
### END INIT INFO#!/bin/sh
aptitude install iptables iptables-persistent fail2ban
service fail2ban stop
iptables -F
iptables -X
#DENY
iptables -N DENY
iptables -A DENY -p tcp -m tcp -m limit --limit 30/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with tcp-reset
iptables -A DENY -m limit --limit 30/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with icmp-proto-unreachable
iptables -A DENY -p tcp ! --syn -m state --state NEW -j DROP
iptables -A DENY -f -j DROP
iptables -A DENY -p tcp --tcp-flags ALL ALL -j DROP
iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
iptables -A DENY -p icmp --icmp-type echo-request -m limit --limit 1/s -m comment --comment "Limit Ping Flood" -j ACCEPT
#iptables -A DENY -j LOG --log-prefix "PORT DENIED: " --log-level 5 --log-ip-options --log-tcp-options --log-tcp-sequence
iptables -A DENY -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -m comment --comment "Anti-Portscan" -j ACCEPT
iptables -A DENY -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -m comment --comment "Anti-Portscan2" -j ACCEPT
#Drop unusual flags
iptables -A DENY -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A DENY -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A DENY -p tcp --tcp-flags ALL NONE -j DROP
iptables -A DENY -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A DENY -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A DENY -m comment --comment "Ignore everything else" -j DROP
#BLOCKED
iptables -N BLOCKED
#ALLOWED
iptables -N ALLOWED
#iptables -A ALLOWED -s <YOUR IP HERE> -j ACCEPT ###EDIT AND UNCOMMENT THIS LINE!
#SERVICES
iptables -N SERVICES
iptables -A SERVICES -p tcp -m tcp --dport 53 -m comment --comment "Allow: DNS" -j ACCEPT
iptables -A SERVICES -p udp -m udp --dport 53 -m comment --comment "Allow: DNS" -j ACCEPT
iptables -A SERVICES -p tcp -m tcp --dport 22 -m comment --comment "Allow: SSH-Access" -j ACCEPT
iptables -A SERVICES -p tcp -m multiport --dports 80,8080,443 -m comment --comment "Allow: Webserver" -j ACCEPT
iptables -A SERVICES -j RETURN
#TEAMSPEAK
iptables -N TEAMSPEAK
#iptables -A TEAMSPEAK -p tcp -m tcp --dport 2008 -m comment --comment "Allow: TeamSpeak Accounting" -j ACCEPT
iptables -A TEAMSPEAK -p tcp -m tcp --dport 10011 -m comment --comment "Allow: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -p tcp -m multiport --dports 30033 -m comment --comment "Allow: TeamSpeak FileTransfer" -j ACCEPT
iptables -A TEAMSPEAK -p tcp -m tcp --dport 41144 -m comment --comment "Allow: TeamSpeak TSDNS" -j ACCEPT
iptables -A TEAMSPEAK -p udp -m udp --dport 1:65535 -m comment --comment "Allow: TeamSpeak Voiceports" -j ACCEPT
iptables -A TEAMSPEAK -j RETURN
#INPUT
iptables -A INPUT -m comment --comment "Allow Whitelisted IP's" -j ALLOWED
iptables -A INPUT -m comment --comment "Block Blacklisted IP's" -j BLOCKED
iptables -A INPUT -i lo -m comment --comment "Allow: Loopback" -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Allow: Related and Established Connections" -j ACCEPT
iptables -A INPUT -m comment --comment "Allow Default Services" -j SERVICES
iptables -A INPUT -m comment --comment "Allow TeamSpeak Services" -j TEAMSPEAK
iptables -A INPUT -p icmp -m comment --comment "Allow: ICMP" -j ACCEPT
iptables -A INPUT -m comment --comment "Ignore everything else" -j DENY
iptables -P INPUT DROP
/etc/init.d/iptables-persistent save
service fail2ban start
clear
iptables -L

If you want to easily add or remove entries from the ALLOWED/BLOCKED chain, you can use the following script, created by @Supervisor:

nano firewall;chmod +x firewall

#!/bin/sh
case $1 in
block*) iptables -I BLOCKED -s ${2} -j DROP ;;
unblock*) iptables -D BLOCKED -s ${2} -j DROP ;;
allow*) iptables -I ALLOWED -s ${2} -j ACCEPT ;;
disallow*) iptables -D ALLOWED -s ${2} -j ACCEPT ;;
*) printf "Usage: ./firewall 'block|unblock|allow|disallow' IP\n" ;;
esac
exit 1

P.S. I managed to setup iptables with this Tutorial [DE].

IT Blocked the Source list ... and when i upload a pic or something like that i got a conection lost ....

 

[kamyrdol]

How uninstall this script? This script block me - apt-get instal...

 

[dzirikajaki]

How to unlock FTP, and sinusbot?

EDIT:

Anyone know?

 

[dzirikajaki]

Can anyone help ?

 

[Qraktzyl]

Can anyone help ?

And whats your clear question? What do you want to accomplish. Please explain with more than 10 words what you want

 

[dzirikajaki]

How to unlock FTP, and sinusbot?

I wrote above what I have a problem.
I did iptables from the first post but I can not connect to an ftp and sinusbot not want to play?

 

[Bluscream]

Search the for "FTP ports" and "sinusbot ports" ON Google and add them to the script before executing it.

 

[dzirikajaki]

This vsftpd FTP (port 21) and Sinusbot stream port 80
Adding these lines:
iptables -A SERVICES -p tcp -m tcp --dport 21 -m comment --comment "Allow: SSH-Access" -j ACCEPT
iptables -A SERVICES -p tcp -m tcp --dport 80 -m comment --comment "Allow: SSH-Access" -j ACCEPT
iptables -A ALLOWED -s 195.xxx.xxx.xxx -j ACCEPT

It does not work even restart VPS gives nothing

 

[Santiago]

This vsftpd FTP (port 21) and Sinusbot stream port 80
Adding these lines:
iptables -A SERVICES -p tcp -m tcp --dport 21 -m comment --comment "Allow: SSH-Access" -j ACCEPT
iptables -A SERVICES -p tcp -m tcp --dport 80 -m comment --comment "Allow: SSH-Access" -j ACCEPT
iptables -A ALLOWED -s 195.xxx.xxx.xxx -j ACCEPT

It does not work even restart VPS gives nothing

Use "/sbin/service iptables save "

 

[dzirikajaki]

-bash: /sbin/service: No such file or directory

 

[Santiago]

These can be saved in a file with the command iptables-save for IPv4.

Debian/Ubuntu: iptables-save > /etc/iptables/rules.v4
RHEL/CentOS: iptables-save > /etc/sysconfig/iptables

These files can be loaded again with the command iptables-restore for IPv4.

Debian/Ubuntu: iptables-restore < /etc/iptables/rules.v4
RHEL/CentOS: iptables-restore < /etc/sysconfig/iptables

If you would also like to use IPv6 rules, these can be stored in a separate file.

Debian/Ubuntu: ip6tables-save > /etc/iptables/rules.v6
RHEL/CentOS: ip6tables-save > /etc/sysconfig/ip6tables

 

[Santiago]

I recommend using Webmin http://www.webmin.com/download.html
It makes the job easier!

 

[spamek23]

How many packets this firewall protect? etc?

 

[Flux]

nice man, thx

 

[Magic]

How to remove all the firewall this script setup, specific please

 

[Magic]

After installing this no one even bots can do anything in query+banners dont appear.
Please help how to get rid of it.

 

[BrazaNATOR]

Can this avoid DDOS attacks and connection drops?

 

[timodohmen]

Can this avoid DDOS attacks and connection drops?

It can filter the connections so yes but not a lot of it .. >D

 

[BrazaNATOR]

It can filter the connections so yes but not a lot of it .. >D

Thanks mate.
I know the question i am going to ask is not related with this thread but i am really in doubt of what im going to do at momment.
I manage a Battlefield 4 clan that has arround 60 - 65 members, we have the NPL on our TeamSpeak, but we have been suffering from DDOS attacks lately, we run our whole system, website/teamspeak everything on our OVH cloud, and it seems the cloud firewall (OVH PRO) is totally unefficient to protect our network and they only can provide protection if i buy the gaming cloud that are very expensive for me now.
So i have been thinking lately to move from OVH to BLAZINGFAST.IO or NFO SERVERS because they have a really cheap VPS's with Mitigation protection.

May i ask you where do you host your teamspeaks? or even what provider do you recommend for me to use?

Thanks,
Best regards.

 

[JoKeR]

Thanks mate.
I know the question i am going to ask is not related with this thread but i am really in doubt of what im going to do at momment.
I manage a Battlefield 4 clan that has arround 60 - 65 members, we have the NPL on our TeamSpeak, but we have been suffering from DDOS attacks lately, we run our whole system, website/teamspeak everything on our OVH cloud, and it seems the cloud firewall (OVH PRO) is totally unefficient to protect our network and they only can provide protection if i buy the gaming cloud that are very expensive for me now.
So i have been thinking lately to move from OVH to BLAZINGFAST.IO or NFO SERVERS because they have a really cheap VPS's with Mitigation protection.

May i ask you where do you host your teamspeaks? or even what provider do you recommend for me to use?

Thanks,
Best regards.

First at all I would never run webserver, gameserver and teamspeak on one system. Teamspeak is a ddos magnet you should move it to a separate node or use an external teamspeak provider.