[Bash] Ip Tables Firewall script

rofl cake

Well-Known Member
May 25, 2015
204
451
108
I put together a quick Linux bash script to help your server from certain flood attack methods. Make sure you have iptables installed. Please feel free to modify the bash script.
View blacklisted ip's with command:
cat /proc/net/xt_recent/black_list


PHP:
#!/bin/bash

# Clean Previous Rules

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

##########################################################

# The file is created which are blocked ip's updated every 200 seconds

iptables -A  blacklist -m recent --name black_list --rcheck --seconds 200 -j DROP

# Stop ICMP flood #

# icmp-flood Chain created
iptables -N icmp-flood

# Chain activated when ICMP is detected
iptables -A INPUT -p icmp -j icmp-flood

# Avoid if exceeds 4 per second
iptables -A icmp-flood -m limit --limit 4/s --limit-burst 8 -m comment --comment "ICMP Limit Reached" -j RETURN

# Recorded in the log
iptables -A icmp-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "ICMP flood Detected"

# Sent IP to blacklist for 200 seconds
iptables -A icmp-flood -m recent --name black_list --set -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Stop UDP flood #

# udp-flood Chain created
iptables -N udp-flood

# Chain activated when UDP is detected
iptables -A INPUT -p  udp -j udp-flood

# Max UDP 10 per/sec  limited to 20
iptables -A udp-flood -m limit --limit 10/s --limit-burst 20 -m comment --comment "UDP Limit Reached" -j RETURN

# Recorded in the log
iptables -A udp-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "UDP flood Detected"

# Sent IP to blacklist for 200 seconds
iptables -A icmp-flood -m recent --name black_list --set -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Stop SYN flood #

# More of the same commands
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 2/s --limit-burst 6 -j RETURN
iptables -A syn-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "SYN flood Detected"
iptables -A syn-flood -m recent --name black_list --set -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Malformed/Bad packets #

iptables -N malformed_packets
iptables -A malformed_packets -m state --state INVALID -j DROP
iptables -A malformed_packets -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
iptables -A malformed_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A malformed_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A malformed_packets -p tcp ! --syn -m state --state NEW -j DROP
iptables -A malformed_packets -f -j DROP
iptables -A malformed_packets -j RETURN

##########################################################

# r4p3 Firewall v1.0 Rofl Cake #
 
Last edited:

Leon

Member
Aug 22, 2015
32
8
43
I don't can use the firewall :/
iptables: No chain/target/match by that name.
 

applestar

Member
Sep 12, 2015
21
4
50
I put together a quick Linux bash script to help your server from certain flood attack methods. Make sure you have iptables installed. Please feel free to modify the bash script.
View blacklisted ip's with command:



PHP:
#!/bin/bash

# Clean Previous Rules

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

##########################################################

# The file is created which are blocked ip's updated every 200 seconds

iptables -A  blacklist -m recent --name black_list --rcheck --seconds 200 -j DROP

# Stop ICMP flood #

# icmp-flood Chain created
iptables -N icmp-flood

# Chain activated when ICMP is detected
iptables -A INPUT -p icmp -j icmp-flood

# Avoid if exceeds 4 per second
iptables -A icmp-flood -m limit --limit 4/s --limit-burst 8 -m comment --comment "ICMP Limit Reached" -j RETURN

# Recorded in the log
iptables -A icmp-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "ICMP flood Detected"

# Sent IP to blacklist for 200 seconds
iptables -A icmp-flood -m recent --name black_list --set -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Stop UDP flood #

# udp-flood Chain created
iptables -N udp-flood

# Chain activated when UDP is detected
iptables -A INPUT -p  udp -j udp-flood

# Max UDP 10 per/sec  limited to 20
iptables -A udp-flood -m limit --limit 10/s --limit-burst 20 -m comment --comment "UDP Limit Reached" -j RETURN

# Recorded in the log
iptables -A udp-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "UDP flood Detected"

# Sent IP to blacklist for 200 seconds
iptables -A icmp-flood -m recent --name black_list --set -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Stop SYN flood #

# More of the same commands
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 2/s --limit-burst 6 -j RETURN
iptables -A syn-flood -m limit --limit 6/h --limit-burst 1 -j LOG --log-prefix "SYN flood Detected"
iptables -A syn-flood -m recent --name black_list --set -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -m comment --comment "Black Listed IP" -j DROP

##########################################################

# Malformed/Bad packets #

iptables -N malformed_packets
iptables -A malformed_packets -m state --state INVALID -j DROP
iptables -A malformed_packets -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
iptables -A malformed_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A malformed_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A malformed_packets -p tcp ! --syn -m state --state NEW -j DROP
iptables -A malformed_packets -f -j DROP
iptables -A malformed_packets -j RETURN

##########################################################

# r4p3 Firewall v1.0 Rofl Cake #
How save and run this script ? Save in random file firewall.sh ? And cat /proc/net/xt_recent/black_list - no found
 
Top