My FireWall !

iNulleD

Member
Joined
Mar 13, 2016
Messages
19
Points
38
Age
18
Location
Brasil
Speaks Galera all beauty with you? Today I have come to bring basic protection of my servers because I saw several people with difficulty iptables make good use!

Link >
Or

Code:
#!/bin/bash


 # Projeto        :  FireWall ( Power By Steam Host )
 # Contato        :  https://www.fb.com/matheusasales
 # Nome do Autor  :  Matheus F. Sales
 # Site do Autor  :  http://www.steamhost.com.br
 # Descrição      :  Anti-DDoS
 # Data Inicio    :  13/09/2016
 # Versão corrente:  0.5


 
# Limpando regras padrão
echo "Limpando todas as regras do iptables"
echo "..........................[OK]"
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

echo "Atualizando iptables"
echo "..........................[OK]"

# Alterando políticas padrão das chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
 
# Liberando loopback
iptables -A INPUT -i lo -j ACCEPT


# ===== REGRAS PERSONALIZADAS ====== #
 
# ----------- TEAMSPEAK ---------------#

# Porta Filetransfer
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT

# Porta serverquery
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT

# Porta weblist
iptables -A OUTPUT -p udp --dport 2010 -j ACCEPT

# Porta padrão da conta weblist
iptables -A OUTPUT -p tcp --dport 2008 -j ACCEPT

# Porta padrão TSDNS
iptables -A INPUT -p tcp --dport 41144 -j ACCEPT

# Portas Serviços TS
# -->Clientes
iptables -A INPUT -p udp --dport 9000:9500 -j ACCEPT

# --> Parcerias
iptables -A INPUT -p udp --dport 10000:10100 -j ACCEPT


# ---------- FIM DO TEAMSPEAK --------------#


# ------ OUTROS SERVIÇOS ----------------#



# Libera ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Syn block
iptables -A INPUT -p tcp --syn -j DROP

# Liberando conexões estabelecidas
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Habilitando RP Filter
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP

# Criando Regras de conexão

iptables -N UDPLENGTH
iptables -A INPUT -p udp -j UDPLENGTH
iptables -A UDPLENGTH -p udp -m length --length 0:100 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 101:150 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 151:200 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 201:250 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 251:300 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 301:350 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 351:400 -j ACCEPT
iptables -A UDPLENGTH -p udp -m length --length 401:65530 -j ACCEPT
 

Terror

Member
Joined
Dec 4, 2015
Messages
12
Points
35
Age
54
How do I run/install this?
create a file called firewall in /etc/init.d/
open the file and copy the script above also check if you need to add / edit / remove any ports especially the ssh port
open a putty season and type:

Code:
chmod 755 /etc/init.d/firewall
and start the firewall with

Code:
/etc/init.d/firewall
try to open a new putty season while keeping the old open - this is important or you might lock yourself out. if you get a timeout run the following code in your old putty session and check if you forwarded the correct ports and start the firewall again.

Code:
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

if everything works you can add the firewall to your autostart with

Code:
update-rc.d firewall defaults
 

Top