Scribd Logo
Upload

Welcome to Scribd!

  • 21 views

    Iptables Fix

    Uploaded by

    vincen
    The document contains iptables firewall rules that filter and drop inbound network traffic based on protocol, port, length, flags, and string matching. Rules are defined for both raw and filter table chains to log or drop packets in the PREROUTING and INPUT stages respectively based on deep packet inspection of UDP and TCP headers and payload. Accept rules are included to allow traffic between certain ports and IP addresses.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Iptables Fix

    Uploaded by

    vincen
    21 views2 pages
    The document contains iptables firewall rules that filter and drop inbound network traffic based on protocol, port, length, flags, and string matching. Rules are defined for both raw and filter table chains to log or drop packets in the PREROUTING and INPUT stages respectively based on deep packet inspection of UDP and TCP headers and payload. Accept rules are included to allow traffic between certain ports and IP addresses.

    Original Description:

    Iptables

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains iptables firewall rules that filter and drop inbound network traffic based on protocol, port, length, flags, and string matching. Rules are defined for both raw and filter table chains to log or drop packets in the PREROUTING and INPUT stages respectively based on deep packet inspection of UDP and TCP headers and payload. Accept rules are included to allow traffic between certain ports and IP addresses.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    21 views2 pages

    Iptables Fix

    Uploaded by

    vincen
    The document contains iptables firewall rules that filter and drop inbound network traffic based on protocol, port, length, flags, and string matching. Rules are defined for both raw and filter table chains to log or drop packets in the PREROUTING and INPUT stages respectively based on deep packet inspection of UDP and TCP headers and payload. Accept rules are included to allow traffic between certain ports and IP addresses.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    iptables -t raw -I PREROUTING -p udp -m udp --sport 53 -j DROP

    -A PREROUTING -p udp -m udp --dport 53 -j DROP


    -A PREROUTING -p udp -m udp --sport 53 -j DROP
    *filter
    :INPUT ACCEPT [4714:2265259]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [34536:20727694]
    -A INPUT -p udp -m udp --sport 53 -j DROP
    -A INPUT -p udp -m udp --dport 53 -j DROP
    -A INPUT -p udp -m length --length 102 -j DROP
    -A INPUT -p udp -m length --length 1500 -j DROP
    -A INPUT -p udp -m length --length 1000 -j DROP
    -A INPUT -p udp -m length --length 64 -j DROP
    -A INPUT -p udp -m length --length 1476 -j DROP
    -A INPUT -p udp -m length --length 44 -j DROP
    -A INPUT -p udp -m udp --dport 25345 -j DROP
    -A INPUT -p udp -m udp -m u32 --u32 0x6&0xff=0x11&&0x0>>0x16&0x3c@0x2&0xff=0x8&&
    0x0>>0x16&0x3c@0x6&0xffff=0x0 -j DROP
    -A INPUT -p udp -m u32 --u32 0x2>>0x16&0x3c@0xc>>0x1a&0x3c@0x0=0x280000 -j DROP
    -A INPUT -p udp -m string --hex-string "|1d4281800001|" --algo bm --to 65535 -m
    udp --sport 53 -j DROP
    -A INPUT -p udp -m string --hex-string "|1d4281050001|" --algo bm --to 65535 -m
    udp --sport 53 -j DROP
    -A INPUT -p udp -m string --hex-string "|1d4281000001|" --algo bm --to 65535 -m
    udp --sport 53 -j DROP
    -A INPUT -p udp -m string --hex-string "|1d4281820001|" --algo bm --to 65535 -m
    udp --sport 53 -j DROP
    -A INPUT -p udp -m length --length 28 -j DROP
    -A INPUT -p udp -m length --length 128 -j DROP
    -A INPUT -p udp -m length --length 43 -j DROP
    -A INPUT -p udp -m length --length 48 -j DROP
    -A INPUT -p udp -m length --length 60 -j DROP
    -A INPUT -p udp -m length --length 33 -j DROP
    -A INPUT -p udp -m length --length 29 -j DROP
    -A INPUT -p udp -m string --hex-string "|2021 2223 2425|" --algo bm --to 65535 j DROP
    -A INPUT -p udp -m string --hex-string "|666c6f6f6400|" --algo bm --to 65535 -j
    DROP
    -A INPUT -p udp -m string --hex-string "|7a7a7a7a0000|" --algo bm --to 65535 -j
    DROP
    -A INPUT -p udp -m udp --sport 1024:65535 --dport 5000:55000 -j ACCEPT
    -A INPUT -p udp -m length --length 32 -m udp --sport 1024:65535 --dport 5000:550
    00 -j ACCEPT
    -A INPUT -p tcp -m tcp -m u32 --u32 0x6&0xff=0x6&&0x4&0x1fff=0x0&&0x0>>0x16&0x3c
    @0xc&0xffff=0x0 -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m u
    32 --u32 0x2&0xffff=0x2fe -j DROP
    -A INPUT -s 64.40.9.0/24 -p tcp -j ACCEPT
    -A INPUT -s 64.40.8.0/24 -p tcp -j ACCEPT
    COMMIT
    # Completed on Wed Oct 16 09:21:28 2013
    # Generated by iptables-save v1.4.7 on Wed Oct 16 09:21:28 2013
    *raw
    :PREROUTING ACCEPT [203:20760]
    :OUTPUT ACCEPT [130815:79744753]
    -A PREROUTING -p udp -m udp --sport 53 -j DROP
    -A PREROUTING -p udp -m udp --dport 53 -j DROP
    -A PREROUTING -p udp -m length --length 102 -j DROP

    -A PREROUTING -p udp -m length --length 1500 -j DROP


    -A PREROUTING -p udp -m length --length 1000 -j DROP
    -A PREROUTING -p udp -m length --length 64 -j DROP
    -A PREROUTING -p udp -m udp --dport 25345 -j DROP
    -A PREROUTING -p udp -m length --length 1476 -j DROP
    -A PREROUTING -p udp -m length --length 44 -j DROP
    -A PREROUTING -p udp -m udp -m u32 --u32 0x6&0xff=0x11&&0x0>>0x16&0x3c@0x2&0xff=
    0x8&&0x0>>0x16&0x3c@0x6&0xffff=0x0 -j DROP
    -A PREROUTING -p udp -m u32 --u32 0x2>>0x16&0x3c@0xc>>0x1a&0x3c@0x0=0x280000 -j
    DROP
    -A PREROUTING -p udp -m string --hex-string "|1d4281800001|" --algo bm --to 6553
    5 -m udp --sport 53 -j DROP
    -A PREROUTING -p udp -m string --hex-string "|1d4281050001|" --algo bm --to 6553
    5 -m udp --sport 53 -j DROP
    -A PREROUTING -p udp -m string --hex-string "|1d4281000001|" --algo bm --to 6553
    5 -m udp --sport 53 -j DROP
    -A PREROUTING -p udp -m string --hex-string "|1d4281820001|" --algo bm --to 6553
    5 -m udp --sport 53 -j DROP
    -A PREROUTING -p udp -m length --length 28 -j DROP
    -A PREROUTING -p udp -m length --length 60 -j DROP
    -A PREROUTING -p udp -m length --length 128 -j DROP
    -A PREROUTING -p udp -m length --length 43 -j DROP
    -A PREROUTING -p udp -m length --length 29 -j DROP
    -A PREROUTING -p udp -m length --length 48 -j DROP
    -A PREROUTING -p udp -m length --length 38 -j DROP
    -A PREROUTING -p udp -m length --length 47 -j DROP
    -A PREROUTING -p udp -m length --length 33 -j DROP
    -A PREROUTING -p udp -m length --length 34 -j DROP
    -A PREROUTING -p udp -m string --hex-string "|2021 2223 2425|" --algo bm --to 65
    535 -j DROP
    -A PREROUTING -p udp -m udp --sport 1024:65535 --dport 5000:55000 -j ACCEPT
    -A PREROUTING -p udp -m length --length 32 -m udp --sport 1024:65535 --dport 500
    0:55000 -j ACCEPT
    -A PREROUTING -p tcp -m tcp -m u32 --u32 0x6&0xff=0x6&&0x4&0x1fff=0x0&&0x0>>0x16
    &0x3c@0xc&0xffff=0x0 -j DROP
    -A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW
    -m u32 --u32 0x2&0xffff=0x2fe -j DROP
    -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 113 -j DROP
    -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 112 -j DROP
    -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 114 -j DROP
    COMMIT
    # Completed on Wed Oct 16 09:21:28 2013

    You might also like