IPTables Script - Security

This is a discussion on IPTables Script - Security ; #!/bin/bash #@(#) IPTables Logger #@(#) Must be run by root #@(#) 2 APR 2006 /usr/sbin/iptables -N LOGDROP /usr/sbin/iptables -A LOGDROP -j LOG --log-level 4 /usr/sbin/iptables -A LOGDROP -j DROP # Stuff from LACNIC, RIPE and broadband # /usr/sbin/iptables -A INPUT ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: IPTables Script

  1. IPTables Script

    #!/bin/bash
    #@(#) IPTables Logger
    #@(#) Must be run by root
    #@(#) 2 APR 2006

    /usr/sbin/iptables -N LOGDROP
    /usr/sbin/iptables -A LOGDROP -j LOG --log-level 4
    /usr/sbin/iptables -A LOGDROP -j DROP


    # Stuff from LACNIC, RIPE and broadband

    # /usr/sbin/iptables -A INPUT -s 200.0.0.0/8 -j LOG --log-level debug # LACNIC whois servers are in this range
    # /usr/sbin/iptables -A INPUT -s 201.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 4.0.0.0/8 -j LOGDROP # my IP address is in this range
    # /usr/sbin/iptables -A INPUT -s 12.0.0.0/8 -j LOGDROP # www.latimes.com is in this range
    # /usr/sbin/iptables -A INPUT -s 24.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 80.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 81.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 82.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 83.0.0.0/8 -j LOGDROP
    # /usr/sbin/iptables -A INPUT -s 84.0.0.0/8 -j LOGDROP

    # Crap from Wasilla, AK FAST COLOCATION SERVICES 28 FEB 2006
    /usr/sbin/iptables -A INPUT -s 204.16.208.0/22 -j LOGDROP


    # Crap from China
    /usr/sbin/iptables -A INPUT -s 221.0.0.1/8 -j LOGDROP

    # PSINET Cogentco
    /usr/sbin/iptables -A INPUT -s 38.0.0.0/8 -j LOGDROP

    # Crap from Bharti in India
    /usr/sbin/iptables -A INPUT -s 61.95.128.1/17 -j LOGDROP

    # More Chinese crap

    /usr/sbin/iptables -A INPUT -s 202.111.173.42/16 -j LOGDROP

    # Crap from advertising.com SAVVIS??? Earthlink crap

    /usr/sbin/iptables -A INPUT -s 209.225.0.0/18 -j DROP
    /usr/sbin/iptables -A INPUT -s 209.225.64.0/19 -j DROP
    /usr/sbin/iptables -A INPUT -s 209.225.0.6/18 -j DROP
    /usr/sbin/iptables -A INPUT -s 209.225.64.0/19 -j DROP
    /usr/sbin/iptables -A INPUT -s 209.225.0.2/19 -j DROP

    # Crap from Akamai Everywhere
    /usr/sbin/iptables -A INPUT -s 80.67.66.66/24 -j LOGDROP
    /usr/sbin/iptables -A INPUT -s 72.246.0.0/16 -j LOGDROP
    /usr/sbin/iptables -A INPUT -s 72.247.0.0/18 -j LOGDROP


    # FTP DATA
    /usr/sbin/iptables -A INPUT -p TCP --dport 20 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 20 -j LOGDROP
    # FTP CONTROL
    /usr/sbin/iptables -A INPUT -p TCP --dport 21 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 21 -j LOGDROP

    # SSH
    /usr/sbin/iptables -A INPUT -p TCP --dport 22 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 22 -j LOGDROP

    # TELNET
    /usr/sbin/iptables -A INPUT -p TCP --dport 23 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 23 -j LOGDROP

    # SMTP
    /usr/sbin/iptables -A INPUT -p TCP --dport 25 -j DROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 25 -j DROP

    # BIND/named Name server
    /usr/sbin/iptables -A INPUT -p TCP --dport 53 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 53 -j LOGDROP

    # HTTP
    /usr/sbin/iptables -A INPUT -p TCP --dport 80 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 80 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p TCP --dport 8080 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 8080 -j LOGDROP

    # POP3
    /usr/sbin/iptables -A INPUT -p TCP --dport 110 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 110 -j LOGDROP


    # NNTP Network News
    /usr/sbin/iptables -A INPUT -p TCP --dport 119 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 119 -j LOGDROP


    # Port 123 Network Time
    /usr/sbin/iptables -A INPUT -p TCP --dport 123 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 123 -j LOGDROP


    # Microsoft
    /usr/sbin/iptables -A INPUT -p TCP --dport 135:139 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 135:139 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p TCP --dport 445 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 445 -j LOGDROP

    # RPC Commented out. Generates false hits on 127.0.0.1
    # No one in his right mind runs RPC

    #/usr/sbin/iptables -A INPUT -p TCP --dport 111 -j LOGDROP
    #/usr/sbin/iptables -A INPUT -p UDP --dport 111 -j LOGDROP

    # IMAP
    /usr/sbin/iptables -A INPUT -p TCP --dport 143 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 143 -j LOGDROP


    # Print spooler
    /usr/sbin/iptables -A INPUT -p TCP --dport 515 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 515 -j LOGDROP

    # IPP Internet Printer Protocol
    /usr/sbin/iptables -A INPUT -p TCP --dport 631 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 631 -j LOGDROP

    # Port 1026, 1027, 1028, 1029
    /usr/sbin/iptables -A INPUT -p TCP --dport 1026:1029 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 1026:1029 -j LOGDROP


    # Port 953 I have no idea what this is
    /usr/sbin/iptables -A INPUT -p TCP --dport 953 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 953 -j LOGDROP


    # X Windows
    /usr/sbin/iptables -A INPUT -p TCP --dport 6000:6063 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 6000:6063 -j LOGDROP

    # X Windows Commented out. This generates an error message.
    #/usr/sbin/iptables -A OUPUT -p UDP --dport 6000:6063 -j LOGDROP

    #xdmcp 177 X Display Manager Control Protocol
    /usr/sbin/iptables -A INPUT -p TCP --dport 177 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 177 -j LOGDROP

    # open proxy port address
    /usr/sbin/iptables -A INPUT -p TCP --dport 65506 -j LOGDROP
    /usr/sbin/iptables -A INPUT -p UDP --dport 65506 -j LOGDROP

    exit




    --

    Felix Tilley
    OICFLLD
    Colonel Fanatic Legions
    Senior LARTvocate
    Fanatic Legions
    1-800-555-LART


  2. Re: IPTables Script

    Felix Tilley wrote:

    [162 lines]

    Hello Felix,

    Was there a question here that I missed?

    --
    colloquy_no_9 {at-sign} spam-mailingaddress.org
    eliminate the spam-


  3. Re: IPTables Script

    Felix Tilley (06-04-14 00:34:13):

    > [iptables-script]


    How impressive. But I don't seem to get the point.


    Regards.

  4. Re: IPTables Script

    In article ,
    Felix Tilley wrote:

    ># SSH
    >/usr/sbin/iptables -A INPUT -p TCP --dport 22 -j LOGDROP
    >/usr/sbin/iptables -A INPUT -p UDP --dport 22 -j LOGDROP


    Have you thought of using the tarpit option for some of this stuff?

  5. Re: IPTables Script

    Felix Tilley wrote:

    > # RPC Commented out. Generates false hits on 127.0.0.1
    > # No one in his right mind runs RPC


    Hmm - ever heard of NFS? Maybe I should do the "sane" thing and run a Samba
    server to share files on my Linux/Unix LAN?

    My point - horses for courses. OTOH, what was your point?

    Cheers,

    James
    --
    rcw: Oh yay---I haven't been involved in a good flamewar in at
    least ... 5 minutes!


  6. Re: IPTables Script

    In article ,
    Centurion wrote:

    >Felix Tilley wrote:
    >
    >> # RPC Commented out. Generates false hits on 127.0.0.1
    >> # No one in his right mind runs RPC

    >
    >Hmm - ever heard of NFS?


    We rest our case.

  7. Re: IPTables Script

    On Fri, 14 Apr 2006 00:34:13 -0700, Felix Tilley wrote:

    > #!/bin/bash
    > #@(#) IPTables Logger
    > #@(#) Must be run by root
    > #@(#) 2 APR 2006
    >
    > /usr/sbin/iptables -N LOGDROP
    > /usr/sbin/iptables -A LOGDROP -j LOG --log-level 4
    > /usr/sbin/iptables -A LOGDROP -j DROP


    [snip]

    So you are dropping all of these. Are you allowing anything through?
    You know if this is your firewall then you are working sdrawkcab ss@ (@ss
    Backwards). But hey, it's not my machine


    --

    Regards
    Robert

    Smile... it increases your face value!


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----

+ Reply to Thread