Home Newest Hot Active Unanswered Views Votes Tags Rank
 
mtxgaza

IpTables Firewall / By Montila


# Protege contra synflood
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Protecao contra ICMP Broadcasting
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

#Proteção Contra IP Spoofing
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

#Você tem que habilitar o repasse dos pacotes entre as interfaces.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Protecao diversas contra portscanners, ping of death, ataques DoS, pacotes danificados e etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -m limit --limit 1/s -j DROP
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -N VALID_CHECK
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL NONE -j DROP

#LIMITAR CONEXOES, NUMERO DE CONEXOES AO SITE

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 1 --hitcount 7 -j DROP

#Proteção Contra IP Spoofing

# iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP

# iptables -A INPUT -s 172.16.0.0/16 -i eth0 -j DROP

# iptables -A INPUT -s 192.168.0.0/24 -i eth0 -j DROP

# iptables -A FORWARD -i eth0 -s ! 192.168.0.0/16 -j DROP

# Protecao contra port scanners ocultos
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

# Libera portas

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 27015 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT


Google Ads
GuruQA
GuruQA
 
 
Anderson

iptables para HLDS - Testado em CentOS 6.5 e 7.2

mtxgaza

proteçao 27015 by Montila

Anderson

Server de Counter-Strike - Configurando Firewall Linux - CentOS

mtxgaza

Script iptables para limpa as regras do firewall !

Anderson

Bloquear ataques Fake Players - HLDS

Anderson

iptables CentOS 7.1

jherchani

Ajuda porfavor

Anderson

Ativando os logs do iptables no Centos 6.5

Anderson

Bloquear HLBrute e HLXBrute - HLDS

Anderson

iptables para HLDS