Skip to content

Instantly share code, notes, and snippets.

@rodrigobaron

rodrigobaron/basic.firewall

Last active September 26, 2015 11:47
Show Gist options
  • Save rodrigobaron/1092405 to your computer and use it in GitHub Desktop.
Save rodrigobaron/1092405 to your computer and use it in GitHub Desktop.
Download ZIP
Script iptables basico
Raw
basic.firewall
#! /bin/bash
#Autor: B4R0n
#Agradecimentos: Alexandre, Carlos, C00ler_, D3lf0, rem
#
echo "Configurando Firewall (basico) .."
iptables -N basic-chain
iptables -A basic-chain -j LOG
#ping da morte e scans default de nmap (noobs)
iptables -t filter -A basic-chain -p icmp --icmp-type echo-request -j DROP
#bloqueia nmap port scan (medio)
iptables -A basic-chain -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
#syn-flood
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#bloqueia ping da morte mas o ping funciona, comente a outra regra de ping da morte e descomente essa
#iptables -t filter -A basic-chain -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#iptables -t filter -A basic-chain -i eth0,wlan0 -p icmp --icmp-type echo-reply -m limit --limit 1/s -j RETURN
#limita 3 tentativas de ssh se falhar, he bloqueado por 1 minuto
iptables -A basic-chain -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 3 -j ACCEPT
iptables -A basic-chain -p tcp -m state --syn --state NEW --dport 22 -j DROP
#adiciona a nossa chain
iptables -A INPUT -j basic-chain
echo "Done!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment