|
|
@@ -146,6 +146,20 @@ function configure_firewall {
|
|
146
|
146
|
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
|
|
147
|
147
|
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
|
148
|
148
|
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
|
|
149
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
|
|
|
150
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
|
|
|
151
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
|
|
|
152
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
|
|
|
153
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
|
|
|
154
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
|
|
|
155
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
|
|
|
156
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
|
|
|
157
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
|
|
|
158
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
|
|
|
159
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
|
|
|
160
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
|
|
|
161
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
|
|
|
162
|
+ iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
|
|
149
|
163
|
|
|
150
|
164
|
# Incoming malformed NULL packets:
|
|
151
|
165
|
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
Bob Mottram
8 년 전