11 年前 · 2758e5bc4e
--- a/beaglebone.txt
+++ b/beaglebone.txt
 
															 # limit ssh logins to no more than 3 per min
														
 
															 iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SSH-DROP
														
 
															 # Limit web connections to 20 per min
														
 
															 iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix HTTP-DROP
														
 
															 iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix HTTPS-DROP
														
 
															 # Limit number of XMPP connections
														
 
															 iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix XMPP-DROP
														
 
															 # Limit IRC connections
														
 
															 iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix IRC-DROP
														
 
															 # Limit gopher connections
														
 
															 iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix GOPH-DROP
														
 
															 # Limit IMAP connections
														
 
															 iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix IMAP-DROP
														
 
															 # Limit SIP connections
														
 
															 iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix SIP-DROP
														
 
															 # Limit SMTP/SMTPS connections
														
 
															 iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SMTP-DROP
														
 
															 iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SMTPS-DROP
														
 
															 # Limit Bitmessage connections
														
 
															 iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
														
 
															-iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix BM-DROP
														
 
															 # Limit the number of incoming tcp connections
														
 
															 # Interface 0 incoming syn-flood protection