SharpMan · March 27, 2016 22:30
diff --git a/.sh b/.sh
 # Vider les tables actuelles
 iptables -t filter -F

 # Vider les r�gles personnelles
 iptables -t filter -X

 # Zero counters
 iptables -t filter -Z

 iptables --policy INPUT   ACCEPT
 iptables --policy OUTPUT  ACCEPT
 iptables --policy FORWARD ACCEPT

 echo "Allow access to servers..."
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp --dport 3306 -s 199.83.50.83 -j ACCEPT

 #START=======eth2:199.83.49.35
 echo "Loading [199.83.49.35]Rules..."

 echo " Disabling ICMP requests (ping etc)..."
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.35 -j DROP

 echo " Blocking Emulator ports (24,4436)..."
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 24 -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 4436 -j DROP

 echo "5552 - GameServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5552 -m state --state NEW -m recent --name BLACKLIST_5552_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5552 -m state --state NEW -m recent --name BLACKLIST_5552_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5552 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5552 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5552 -m connlimit --connlimit-above 9 -j DROP

 echo "5555 - GameServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5555 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5555 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5555 -m connlimit --connlimit-above 9 -j DROP

 echo "5558 - GameServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5558 -m state --state NEW -m recent --name BLACKLIST_5555_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5558 -m state --state NEW -m recent --name BLACKLIST_5555_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5558 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5558 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 5558 -m connlimit --connlimit-above 9 -j DROP

 echo "441 - RealmServer rules..."

 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 441 -m state --state NEW -m recent --name BLACKLIST_441_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 441 -m state --state NEW -m recent --name BLACKLIST_441_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 441 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 441 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 441 -m connlimit --connlimit-above 9 -j DROP

 echo "443 - RealmServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 443 -m state --state NEW -m recent --name BLACKLIST_443_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 443 -m state --state NEW -m recent --name BLACKLIST_443_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 443 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 443 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 443 -m connlimit --connlimit-above 9 -j DROP

 echo "448 - RealmServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 448 -m state --state NEW -m recent --name BLACKLIST_443_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 448 -m state --state NEW -m recent --name BLACKLIST_443_49_35 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 448 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 448 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --dport 448 -m connlimit --connlimit-above 9 -j DROP

 echo "All ports rules..."
 	#Block TCP-SYN scan attempts (only SYN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags SYN,FIN SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags SYN,RST SYN,RST -j DROP

 	#On empeche le broadcasting et le multicasting (multi diffusion)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 -m pkttype --pkt-type multicast -j DROP

 	#Xmas et null
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags ALL ALL -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags ALL NONE -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.35 --tcp-flags SYN,RST SYN,RST -j DROP

 	#Block TCP-FIN scan attempts (only FIN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.35 --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP

 	#Block TCP-ACK scan attempts (only ACK bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.35 --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP

 	#Block DOS - Ping of Death
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.35 --icmp-type echo-request -m length --length 60:65535 -j ACCEPT

 	#Block DOS - Teardrop
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.35 -f -j DROP

 	#Block DDOS - Smurf
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m pkttype -d 199.83.49.35 --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.35 --icmp-type echo-request -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.35 --icmp-type echo-request -m limit --limit 3/s -j ACCEPT

 	#Block DDOS - Connection-flood
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.35 -m connlimit --connlimit-above 50 -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.35 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_35 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.35 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_35 --update --seconds 3 --hitcount 12 --rttl -j DROP

 	#Block DDOS - Fraggle
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.35 -m pkttype --pkt-type broadcast -j DROP

 	#Block DDOS - Jolt
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.35 -f -j DROP

 	#SYN_FLOOD
 	#iptables -N syn_flood_49_35
 	#iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.35 --syn -j syn_flood_49_35
 	#iptables -A syn_flood_49_35 -m limit --limit 2/s --limit-burst 4 -j RETURN
 	#iptables -A syn_flood_49_35 -j DROP

 	#UDP_FLOOD
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.35 -m limit --limit 3/s -j ACCEPT

 echo "[199.83.49.35] Ok"

 #START========eth2:199.83.49.235
 echo "Loading [199.83.49.235]Rules..."

 echo " Disabling ICMP requests (ping etc)..."
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.235 -j DROP

 echo "5555 - GameServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_235 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_235 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 5555 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 5555 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 5555 -m connlimit --connlimit-above 9 -j DROP

 echo "444 - RealmServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 444 -m state --state NEW -m recent --name BLACKLIST_444_49_235 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 444 -m state --state NEW -m recent --name BLACKLIST_444_49_235 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 444 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 444 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --dport 444 -m connlimit --connlimit-above 9 -j DROP

 echo "All ports rules..."
 	#Block TCP-SYN scan attempts (only SYN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags SYN,FIN SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags SYN,RST SYN,RST -j DROP

 	#On empeche le broadcasting et le multicasting (multi diffusion)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 -m pkttype --pkt-type multicast -j DROP

 	#Xmas et null
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags ALL ALL -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags ALL NONE -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.235 --tcp-flags SYN,RST SYN,RST -j DROP

 	#Block TCP-FIN scan attempts (only FIN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.235 --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP

 	#Block TCP-ACK scan attempts (only ACK bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.235 --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP

 	#Block DOS - Ping of Death
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.235 --icmp-type echo-request -m length --length 60:65535 -j ACCEPT

 	#Block DOS - Teardrop
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.235 -f -j DROP

 	#Block DDOS - Smurf
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m pkttype -d 199.83.49.235 --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.235 --icmp-type echo-request -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.235 --icmp-type echo-request -m limit --limit 3/s -j ACCEPT

 	#Block DDOS - Connection-flood
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.235 -m connlimit --connlimit-above 50 -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.235 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_235 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.235 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_235 --update --seconds 3 --hitcount 12 --rttl -j DROP

 	#Block DDOS - Fraggle
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.235 -m pkttype --pkt-type broadcast -j DROP

 	#Block DDOS - Jolt
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.235 -f -j DROP

 	#SYN_FLOOD
 	iptables -N syn_flood_49_235
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.235 --syn -j syn_flood_49_235
 	iptables -A syn_flood_49_235 -m limit --limit 2/s --limit-burst 4 -j RETURN
 	iptables -A syn_flood_49_235 -j DROP

 	#UDP_FLOOD
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.235 -m limit --limit 3/s -j ACCEPT

 echo "[199.83.49.235] Ok"

 #START========eth2:199.83.49.163
 echo "Loading [199.83.49.163]Rules..."

 echo " Disabling ICMP requests (ping etc)..."
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.163 -j DROP

 echo "5555 - GameServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_163 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 5555 -m state --state NEW -m recent --name BLACKLIST_5555_49_163 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 5555 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 5555 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 5555 -m connlimit --connlimit-above 14 -j DROP

 echo "444 - RealmServer rules..."
 	#Intervale co / ip
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 444 -m state --state NEW -m recent --name BLACKLIST_444_49_163 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 444 -m state --state NEW -m recent --name BLACKLIST_444_49_163 --update --seconds 5 --hitcount 12 --rttl -j DROP

 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 444 -m string --to 50 --algo bm --string 'GET' -j REJECT --reject-with tcp-reset
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 444 -m string --to 50 --algo bm --string 'HTTP' -j REJECT --reject-with tcp-reset

 	#CO / IP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --dport 444 -m connlimit --connlimit-above 14 -j DROP

 echo "All ports rules..."
 	#Block TCP-SYN scan attempts (only SYN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags SYN,FIN SYN,FIN -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags SYN,RST SYN,RST -j DROP

 	#On empeche le broadcasting et le multicasting (multi diffusion)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 -m pkttype --pkt-type multicast -j DROP

 	#Xmas et null
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags ALL ALL -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags ALL NONE -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p tcp -d 199.83.49.163 --tcp-flags SYN,RST SYN,RST -j DROP

 	#Block TCP-FIN scan attempts (only FIN bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.163 --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP

 	#Block TCP-ACK scan attempts (only ACK bit packets)
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m conntrack --ctstate NEW -p tcp -d 199.83.49.163 --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP

 	#Block DOS - Ping of Death
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.163 --icmp-type echo-request -m length --length 60:65535 -j ACCEPT

 	#Block DOS - Teardrop
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.163 -f -j DROP

 	#Block DDOS - Smurf
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -m pkttype -d 199.83.49.163 --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.163 --icmp-type echo-request -m pkttype --pkt-type broadcast -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.163 --icmp-type echo-request -m limit --limit 3/s -j ACCEPT

 	#Block DDOS - Connection-flood
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.163 -m connlimit --connlimit-above 50 -j DROP
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.163 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_163 --set
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.163 -m state --state NEW -m recent --name BLACKLIST_GLOB_49_163 --update --seconds 3 --hitcount 12 --rttl -j DROP

 	#Block DDOS - Fraggle
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.163 -m pkttype --pkt-type broadcast -j DROP

 	#Block DDOS - Jolt
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p ICMP -d 199.83.49.163 -f -j DROP

 	#SYN_FLOOD
 	iptables -N syn_flood_49_163
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p TCP -d 199.83.49.163 --syn -j syn_flood_49_163
 	iptables -A syn_flood_49_163 -m limit --limit 2/s --limit-burst 4 -j RETURN
 	iptables -A syn_flood_49_163 -j DROP

 	#UDP_FLOOD
 	iptables -A FORWARD -m physdev --physdev-in eth1 --physdev-out eth2 -p UDP -d 199.83.49.163 -m limit --limit 3/s -j ACCEPT

 echo "[199.83.49.163] Ok"
 #END========eth2:199.83.49.163