vestjoe · May 17, 2018 11:55
diff --git a/set-iptables.sh b/set-iptables.sh
 # Basic IPTABLES Template Script
 # Author: Joe Vest, Andrew Chiles

 # NOTES:
 #  Description:
 #    Template script to protect C2 infrastructure
 #  Parameter Reference: 
 #    TARGET_RANGE1 - IPs allowed only to ALLOWED_PORTS
 #    ALLOWED_PORTS - port allowed from the TARGET_RANGE1
 #    TEAM_RANGE1   - IPs allowed to connect to all ports
 #    INTERFACE     - Interface name
 # Usage
 #   1) Modify the parameters to fit your needs
 #   2) run script


 # Target Organization IP Space
 TARGET_RANGE1="0.0.0.0/0"
 ALLOWED_PORTS="80,443,8080,8443" # Target space only allow here

 # Team Source IP Space
 TEAM_RANGE1="10.10.10.0/24"
 # NOTE: TEAM_RANGE1 is not blocked

 # System Settings
 INTERFACE="eth0"
 IPTABLES="/sbin/iptables"

 # Start of script
 echo "Basic iptables Configuration Script"
 echo "Using the following variables..."
 echo " TEAM_RANGE1:" $TEAM_RANGE1"
 echo " TARGET_RANGE1:" $TARGET_RANGE1"
 echo " Allowed Ports: $ALLOWED_PORTS"
 echo " Primary Interface: $INTERFACE"

 # Flush all existing rules
 echo " Clearing Existing Rules..."
 $IPTABLES -F INPUT 
 $IPTABLES -F FORWARD 
 $IPTABLES -F OUTPUT 
 $IPTABLES -F -t nat
 $IPTABLES -F LOGGING

 # Set default policies on each chain
 echo " Setting Default Policies..."
 $IPTABLES -P INPUT DROP
 $IPTABLES -P FORWARD DROP
 $IPTABLES -P OUTPUT ACCEPT

 echo " Setting New Rules..."
 # Accept imbound traffic on $ALLOWED_PORTS from the TARGET organization IP space
 $IPTABLES -A INPUT -i $INTERFACE -s $TARGET_RANGE1 -m multiport -p tcp --dports $ALLOWED_PORTS -j ACCEPT
 # Accept all traffic from teammates
 $IPTABLES -A INPUT -i $INTERFACE -s $TEAM_RANGE1 -j ACCEPT
 # Enable stateful firewall
 $IPTABLES -A INPUT -i $INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
 # Enable all outbound traffic
 $IPTABLES -A OUTPUT -o $INTERFACE -j ACCEPT
 # Ensure loopback traffic is allowed
 $IPTABLES -A INPUT -i lo -j ACCEPT
 $IPTABLES -A OUTPUT -o lo -j ACCEPT

 # Create logging for dropped packets
 echo " Setting Logging..."
 $IPTABLES -N LOGGING
 $IPTABLES -A INPUT -j LOGGING
 $IPTABLES -A LOGGING -m limit --limit 4/min -j LOG --log-prefix "IPTABLES-DROPPED "
 $IPTABLES -A LOGGING -j DROP

 echo "Done"
 echo "Use iptables -L to view the rules"
 echo "NOTE: These rules are not persistent !!!"
	# Basic IPTABLES Template Script
	# Author: Joe Vest, Andrew Chiles

	# NOTES:
	# Description:
	# Template script to protect C2 infrastructure
	# Parameter Reference:
	# TARGET_RANGE1 - IPs allowed only to ALLOWED_PORTS
	# ALLOWED_PORTS - port allowed from the TARGET_RANGE1
	# TEAM_RANGE1 - IPs allowed to connect to all ports
	# INTERFACE - Interface name
	# Usage
	# 1) Modify the parameters to fit your needs
	# 2) run script


	# Target Organization IP Space
	TARGET_RANGE1="0.0.0.0/0"
	ALLOWED_PORTS="80,443,8080,8443" # Target space only allow here

	# Team Source IP Space
	TEAM_RANGE1="10.10.10.0/24"
	# NOTE: TEAM_RANGE1 is not blocked

	# System Settings
	INTERFACE="eth0"
	IPTABLES="/sbin/iptables"

	# Start of script
	echo "Basic iptables Configuration Script"
	echo "Using the following variables..."
	echo " TEAM_RANGE1:" $TEAM_RANGE1"
	echo " TARGET_RANGE1:" $TARGET_RANGE1"
	echo " Allowed Ports: $ALLOWED_PORTS"
	echo " Primary Interface: $INTERFACE"

	# Flush all existing rules
	echo " Clearing Existing Rules..."
	$IPTABLES -F INPUT
	$IPTABLES -F FORWARD
	$IPTABLES -F OUTPUT
	$IPTABLES -F -t nat
	$IPTABLES -F LOGGING

	# Set default policies on each chain
	echo " Setting Default Policies..."
	$IPTABLES -P INPUT DROP
	$IPTABLES -P FORWARD DROP
	$IPTABLES -P OUTPUT ACCEPT

	echo " Setting New Rules..."
	# Accept imbound traffic on $ALLOWED_PORTS from the TARGET organization IP space
	$IPTABLES -A INPUT -i $INTERFACE -s $TARGET_RANGE1 -m multiport -p tcp --dports $ALLOWED_PORTS -j ACCEPT
	# Accept all traffic from teammates
	$IPTABLES -A INPUT -i $INTERFACE -s $TEAM_RANGE1 -j ACCEPT
	# Enable stateful firewall
	$IPTABLES -A INPUT -i $INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
	# Enable all outbound traffic
	$IPTABLES -A OUTPUT -o $INTERFACE -j ACCEPT
	# Ensure loopback traffic is allowed
	$IPTABLES -A INPUT -i lo -j ACCEPT
	$IPTABLES -A OUTPUT -o lo -j ACCEPT

	# Create logging for dropped packets
	echo " Setting Logging..."
	$IPTABLES -N LOGGING
	$IPTABLES -A INPUT -j LOGGING
	$IPTABLES -A LOGGING -m limit --limit 4/min -j LOG --log-prefix "IPTABLES-DROPPED "
	$IPTABLES -A LOGGING -j DROP

	echo "Done"
	echo "Use iptables -L to view the rules"
	echo "NOTE: These rules are not persistent !!!"