notes.io background
what is notes.io
Fast | Easy | Short

Fast | Easy | Short

iptables -t filter -F
iptables -t filter -X
echo "Mise a 0"

iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP

iptables -A INPUT -p tcp --dport 80 -m limit --limit 20/s -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

iptables -A INPUT -p tcp --dport 443 -m limit --limit 20/s -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

iptables -A INPUT -p tcp --dport 11111 -m limit --limit 12/s -j ACCEPT
iptables -A INPUT -p tcp --dport 11111 -j DROP

iptables -A INPUT -p tcp --dport 53 -m limit --limit 20/s -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j DROP

iptables -A INPUT -p tcp --dport 20 -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j DROP

iptables -A INPUT -p tcp --dport 21 -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j DROP

iptables -A INPUT -p tcp --dport 25 -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

iptables -A INPUT -p tcp --dport 123 -m limit --limit 10/s -j ACCEPT
iptables -A INPUT -p tcp --dport 123 -j DROP


iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT

iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# SSH
iptables -t filter -A INPUT -p tcp --dport 5565 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 5565 -j ACCEPT

# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT

# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT

# FTP Out
iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 20 -j ACCEPT
# FTP In
iptables -t filter -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT

# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT

# PROTECT SSH
iptables -I INPUT -p tcp -m tcp --dport 5565 -m state --state NEW -m recent --set --name ssh
iptables -I INPUT -p tcp -m tcp --dport 5565 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name ssh -j DROP
echo "Bruteforce SSH"

# LIMIT
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --syn --dport 11111 -m connlimit --connlimit-above 2 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

### DROPspoofing packets
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 192.168.0.0/24 -j DROP

iptables -A INPUT -s 224.0.0.0/4 -j DROP
iptables -A INPUT -d 224.0.0.0/4 -j DROP
iptables -A INPUT -s 240.0.0.0/5 -j DROP
iptables -A INPUT -d 240.0.0.0/5 -j DROP
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -d 0.0.0.0/8 -j DROP
iptables -A INPUT -d 239.255.255.0/24 -j DROP
iptables -A INPUT -d 255.255.255.255 -j DROP

#for SMURF attack protection
#iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
#iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
#iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT

iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT

# Drop all invalid packets
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP

# Drop excessive RST packets to avoid smurf attacks
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT

# Attempt to block portscans
# Anyone who tried to portscan us is locked out for an entire day.
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP

# Once the day has passed, remove them from the portscan list
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan --remove
     
 
what is notes.io
 

Notes.io is a web-based application for taking notes. You can take your notes and share with others by providing the shorten url to a friend.


Fast: Notes.io is built for speed and performance. You can take notes quickly and browse your archive.

Easy: Notes.io doesn’t require installation. Just write and share shorten link!

Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q

Contact: hello@notes.io

     
 

Shortened Note Link

 
 
Looding Image
 
     
 

Long File

 
 

For written notes was greater than 18KB Unable to shorten.

To be smaller than 18KB, please organize your notes, or sign in.