Firewall's untrust port Filter table's script ... Hoho ...

xiaoxiao2021-03-06  46

Use it, take it, you need to get some script to process the virus # / bin / bash ## Description: the scripts is buy to detect Internal Network

# 1 define interfaceiXP1 = "222.a.a.a" ixp0 = "222.b.b.b"

# 2 Insert Modules # modprobe ip_tables # modprobe iptable_conntrack # modprobe iptable_contrack_ftp # modprobe ip_log

# 3 Default Policyiptables -P Input Dropiptables -P Output DropipTables -P Forward Drop

# 4 Input Chainiptables -a INPUT -P TCP --DPORT 22 - 222.ccc -j acceptiptiles -a input -p icmpt # DNSIPTABLES -A INPUT -P TCP - Dport 53 -J Acceptiptables -a INPUT -P TCP --SPORT 53 -J Acceptiptables -a INPUT -P UDP - Dport 53 -J Acceptiptables -a INPUT -P UDP - Sport 53 -J ACCEPT

# 5 Output chainiptables -a output -p tcp --dport 80 -j acceptiptables -a output -p icmp -j acidpt

#dnsiptables -a output -p tcp --sport 53 -j acceptiptables -a output -p tcp --sport 53 -j accept -ptiptables -a output -p udp --dport 53 -j acceptiptables -a output -p udp --dport 53 -J ACCEPT

# 6 forward chain # Huada # Out ---> InipTables -a forward -p tcp --dport 2000 -i ixp1 -o ixp0 -j acceptiptables -a forward -p udp --dport 10010 -i ixp1 -o ixp0 -j Accept # in ---> outiptables -a forward -p tcp --sport 2000 -i ixp0 -o ixp1 -j acceptiptables -a forward -p udp --sport 10010 -i ixp1 -o ixp0 -j acid

#caiwuiptables -a forward -p tcp --dport 19876 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 19876 -i ixp1 -o ixp0 -j accept # pos # out ---> InipTables - A Forward -P TCP - Dport 9191: 9199 -i ixp1 -o ixp0 -j accept # in ---> Outiptables -a forward -p tcp --sport 9191: 9199 -i ixp0 -o ixp1 -j acceptpt

# http, www # Out ---> InipTables -a forward -p tcp --dport 80 -i ixp1 -o ixp0 -j acceptables -a forward -p tcp --dport 8080 -i ixp1 -o ixp0 -j acceptiptables - A forward -p tcp --dport 443 -i ixp1 -o ixp0 -j acceptiptables -a forward -p tcp --dport 4500 -i ixp1 -o ixp0 -j acidt # in ---> outiptables -a forward -p tcp --Sport 80 -i ixp0 -o ixp1 -j acceptables -a forward -p tcp --sport 8080 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 443 -i ixp0 -o ixp1 -j Acceptiptables -a forward -p tcp --sport 4500 -i ixp0 -o ixp1 -j accept # ftp # out ---> iniptables -a forward -p tcp --dport 21 -i ixp1 -o ixp0 -j acceptableptables -a Forward -P tcp --sport 21 -i ixp0 -o ixp1 -j accept

#Trust ---> DMZ 3389 # in ---> Outiptables -a forward -p tcp --dport 3389 -i ixp0 -o ixp0 -j account - ut ---> iniptables -a forward -p tcp --sport 3389 -i ixp0 -o ixp0 -j accept

#Trust ---> DMZ 135-139 # out ---> InipTables -a forward -p tcp --dport 135: 139 -i ixp0 -o ixp0 -j account # in ---> OutipTables -a forward -p TCP - Sport 135: 139 -i ixp0 -o ingp0 -j accept

# POP3, SMTP # OUT ---> InipTables -a forward -p tcp --dport 110 -i ixp1 -o ixp0 -j acceptiptables -a forward -p tcp --dport 25 -i ixp1 -o ixp0 -j acidept # in ---> Outiptables -a forward -p tcp --sport 110 -i ixp0 -o ixp1 -j acid -ptiptables -a forward -p tcp --sport 25 -i ixp0 -o ixp1 -j acceptpt

#rsa tcp 1645 # out ---> InipTables -a forward -p tcp --dport 1645 -i ixp1 -o ixp0 -j acceptiptables -a forward -p udp --dport 1645 -i ixp1 -o ixp0 -j acidept # In ---> Outiptables -a forward -p tcp --sport 1645 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 1645 -i ixp0 -o ixp1 -j acid

# ESP & UDP, IKE # espiptables -a forward -p 50 -j accept # out ---> iniptables -a forward -p udp --dport 65264 -j accountiptables -a forward -p udp --dport 500 -j acidt # in ---> Outiptables -a forward -p udp --sport 65264 -j acceptiptables -a forward -p udp --sport 500 -j accept # gmpiptables -a forward -p igmp -j accept

#Windows Virus and Dangerous # iptables -a forward -p tcp --dport 1433 -j drop # iptables -a forward -p tcp --sport 1433 -j drop # iptables -a forward -p tcp --dport 135 -j DROP #iptables -a forward -p tcp --sport 135 -j drop # iptables -a forward -p tcp --dport 139 -j drop # iptables -a forward -p tcp --sport 139 -j drop # iptables -a forward -p TCP - DPORT 445 -J Drop # iptables -a forward -p tcp --sport 445 -J Drop

# ldap # OUT ---> InipTables -a forward -p tcp --dport 3268 -j accept # in ---> Outiptables -a forward -p tcp --sport 3268 -j accept

# SMC # OUT ---> InipTables -a forward -p tcp --dport 6666 -j acceptiptables -a forward -p tcp --dport 7777 -j accept # in ---> OutipTables -a forward -p tcp - Sport 6666 -J Acceptiptables -a forward -p tcp --sport 7777 -j ACCEPT

# NTP, RELAX IPTABLES -A Forward -P TCP - Dport 123 -J Accept iptables -a forward -p tcp --sport 123 -j Accept leaves a backup: For / proc / net / ip_conntrack to find viral connection: CAT / proc / net / ip_conntrack | grep unrep | awk -f = {'print $ 2'} | sort | uniq -c | sort If more than 20 connections, even if the virus is defined, it is good Hello ... Alone give two unrestricted IP yourself, Hoho ...

转载请注明原文地址:https://www.9cbs.com/read-78651.html

New Post(0)