Created
July 26, 2019 04:43
-
-
Save nidhhoggr/03c3dd27cd0d7d6f7547180162c5d39e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yum updtate -y | |
| yum install curl wget vim npm | |
| wget -qnc https://repo.nordvpn.com/yum/nordvpn/centos/noarch/Packages/n/nordvpn-release-1.0.0-1.noarch.rpm | |
| yum install nordvpn-release-1.0.0-1.noarch.rpm | |
| curl -sL https://rpm.nodesource.com/setup_10.x | sudo bash - | |
| yum install nodejs | |
| npm install n yarn -g | |
| n stable | |
| yum install nordvpn | |
| setenforce 0 | |
| tee /etc/sysconfig/selinux <<EOF | |
| # This file controls the state of SELinux on the system. | |
| # SELINUX= can take one of these three values: | |
| # enforcing - SELinux security policy is enforced. | |
| # permissive - SELinux prints warnings instead of enforcing. | |
| # disabled - No SELinux policy is loaded. | |
| SELINUX=disabled | |
| # SELINUXTYPE= can take one of three values: | |
| # targeted - Targeted processes are protected, | |
| # minimum - Modification of targeted policy. Only selected processes are protected. | |
| # mls - Multi Level Security protection. | |
| SELINUXTYPE=targeted | |
| EOF | |
| yum install iptables-services | |
| systemctl stop firewalld | |
| systemctl disable firewalld | |
| yum install iptables-services | |
| tee /etc/sysconfig/iptables <<EOF | |
| *filter | |
| :INPUT DROP [5:204] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT DROP [254:15435] | |
| #block null packets | |
| -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| #block syn flood attacks | |
| -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| #XMAS Attack | |
| -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 4432 -j ACCEPT | |
| #NordVPN ports | |
| -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT | |
| -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT | |
| -A INPUT -p udp -m udp --dport 1194 -j ACCEPT | |
| -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| -P OUTPUT ACCEPT | |
| -P INPUT DROP | |
| COMMIT | |
| EOF | |
| systemctl start iptables | |
| systemctl enable iptables | |
| #Need to allow incoming SSH | |
| tee -a /etc/rc.d/rc.local <<EOF | |
| /root/vpn-bypass | |
| EOF | |
| tee -a /root/vpn-bypass2 <<EOF | |
| #!/bin/bash | |
| #https://www.linode.com/community/questions/7381/openvpn-client-connected-to-a-server-while-listening-to-ssh#answer-36662 | |
| /bin/sleep 60 | |
| #IP on eth0 | |
| /sbin/ip rule add from X.X.X.X table 128 | |
| #Subnet mask | |
| /sbin/ip route add table 128 to X.X.X.X/24 dev eth0 | |
| #find from route -n | |
| /sbin/ip route add table 128 default via X.X.X.X | |
| /bin/systemctl restart iptables | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment