free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

Drop bogons

Bob Mottram 11 anos atrás
pai
f942eda9e0
commit
b029bd493f
1 arquivos alterados com 15 adições e 0 exclusões
Visão unificada Mostrar estatísticas do Diff
  1. 15
    0
      install-freedombone.sh

+ 15
- 0
install-freedombone.sh Ver arquivo

882 
   ip6tables -P INPUT DROP
 882 
   ip6tables -P INPUT DROP
883 
   iptables -A INPUT -i lo -j ACCEPT
 883 
   iptables -A INPUT -i lo -j ACCEPT
884 
   iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 884 
   iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
885 
+
886 
+  # Make sure incoming tcp connections are SYN packets
887 
+  iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
888 
+
889 
+  # Drop packets with incoming fragments
890 
+  iptables -A INPUT -f -j DROP
891 
+
892 
+  # Drop bogons
893 
+  iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
894 
+  iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
895 
+  iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
896 
+
897 
+  # Incoming malformed NULL packets:
898 
+  iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
899 
+
885 
   echo 'configure_firewall' >> $COMPLETION_FILE
 900 
   echo 'configure_firewall' >> $COMPLETION_FILE
886 
 }
 901 
 }
887
902