Use it, take it, you need to get some script to process the virus # / bin / bash ## Description: the scripts is buy to detect Internal Network
# 1 define interfaceiXP1 = "222.a.a.a" ixp0 = "222.b.b.b"
# 2 Insert Modules # modprobe ip_tables # modprobe iptable_conntrack # modprobe iptable_contrack_ftp # modprobe ip_log
# 3 Default Policyiptables -P Input Dropiptables -P Output DropipTables -P Forward Drop
# 4 Input Chainiptables -a INPUT -P TCP --DPORT 22 - 222.ccc -j acceptiptiles -a input -p icmpt # DNSIPTABLES -A INPUT -P TCP - Dport 53 -J Acceptiptables -a INPUT -P TCP --SPORT 53 -J Acceptiptables -a INPUT -P UDP - Dport 53 -J Acceptiptables -a INPUT -P UDP - Sport 53 -J ACCEPT
# 5 Output chainiptables -a output -p tcp --dport 80 -j acceptiptables -a output -p icmp -j acidpt
#dnsiptables -a output -p tcp --sport 53 -j acceptiptables -a output -p tcp --sport 53 -j accept -ptiptables -a output -p udp --dport 53 -j acceptiptables -a output -p udp --dport 53 -J ACCEPT
# 6 forward chain # Huada # Out ---> InipTables -a forward -p tcp --dport 2000 -i ixp1 -o ixp0 -j acceptiptables -a forward -p udp --dport 10010 -i ixp1 -o ixp0 -j Accept # in ---> outiptables -a forward -p tcp --sport 2000 -i ixp0 -o ixp1 -j acceptiptables -a forward -p udp --sport 10010 -i ixp1 -o ixp0 -j acid
#caiwuiptables -a forward -p tcp --dport 19876 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 19876 -i ixp1 -o ixp0 -j accept # pos # out ---> InipTables - A Forward -P TCP - Dport 9191: 9199 -i ixp1 -o ixp0 -j accept # in ---> Outiptables -a forward -p tcp --sport 9191: 9199 -i ixp0 -o ixp1 -j acceptpt
# http, www # Out ---> InipTables -a forward -p tcp --dport 80 -i ixp1 -o ixp0 -j acceptables -a forward -p tcp --dport 8080 -i ixp1 -o ixp0 -j acceptiptables - A forward -p tcp --dport 443 -i ixp1 -o ixp0 -j acceptiptables -a forward -p tcp --dport 4500 -i ixp1 -o ixp0 -j acidt # in ---> outiptables -a forward -p tcp --Sport 80 -i ixp0 -o ixp1 -j acceptables -a forward -p tcp --sport 8080 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 443 -i ixp0 -o ixp1 -j Acceptiptables -a forward -p tcp --sport 4500 -i ixp0 -o ixp1 -j accept # ftp # out ---> iniptables -a forward -p tcp --dport 21 -i ixp1 -o ixp0 -j acceptableptables -a Forward -P tcp --sport 21 -i ixp0 -o ixp1 -j accept
#Trust ---> DMZ 3389 # in ---> Outiptables -a forward -p tcp --dport 3389 -i ixp0 -o ixp0 -j account - ut ---> iniptables -a forward -p tcp --sport 3389 -i ixp0 -o ixp0 -j accept
#Trust ---> DMZ 135-139 # out ---> InipTables -a forward -p tcp --dport 135: 139 -i ixp0 -o ixp0 -j account # in ---> OutipTables -a forward -p TCP - Sport 135: 139 -i ixp0 -o ingp0 -j accept
# POP3, SMTP # OUT ---> InipTables -a forward -p tcp --dport 110 -i ixp1 -o ixp0 -j acceptiptables -a forward -p tcp --dport 25 -i ixp1 -o ixp0 -j acidept # in ---> Outiptables -a forward -p tcp --sport 110 -i ixp0 -o ixp1 -j acid -ptiptables -a forward -p tcp --sport 25 -i ixp0 -o ixp1 -j acceptpt
#rsa tcp 1645 # out ---> InipTables -a forward -p tcp --dport 1645 -i ixp1 -o ixp0 -j acceptiptables -a forward -p udp --dport 1645 -i ixp1 -o ixp0 -j acidept # In ---> Outiptables -a forward -p tcp --sport 1645 -i ixp0 -o ixp1 -j acceptiptables -a forward -p tcp --sport 1645 -i ixp0 -o ixp1 -j acid
# ESP & UDP, IKE # espiptables -a forward -p 50 -j accept # out ---> iniptables -a forward -p udp --dport 65264 -j accountiptables -a forward -p udp --dport 500 -j acidt # in ---> Outiptables -a forward -p udp --sport 65264 -j acceptiptables -a forward -p udp --sport 500 -j accept # gmpiptables -a forward -p igmp -j accept
#Windows Virus and Dangerous # iptables -a forward -p tcp --dport 1433 -j drop # iptables -a forward -p tcp --sport 1433 -j drop # iptables -a forward -p tcp --dport 135 -j DROP #iptables -a forward -p tcp --sport 135 -j drop # iptables -a forward -p tcp --dport 139 -j drop # iptables -a forward -p tcp --sport 139 -j drop # iptables -a forward -p TCP - DPORT 445 -J Drop # iptables -a forward -p tcp --sport 445 -J Drop
# ldap # OUT ---> InipTables -a forward -p tcp --dport 3268 -j accept # in ---> Outiptables -a forward -p tcp --sport 3268 -j accept
# SMC # OUT ---> InipTables -a forward -p tcp --dport 6666 -j acceptiptables -a forward -p tcp --dport 7777 -j accept # in ---> OutipTables -a forward -p tcp - Sport 6666 -J Acceptiptables -a forward -p tcp --sport 7777 -j ACCEPT
# NTP, RELAX IPTABLES -A Forward -P TCP - Dport 123 -J Accept iptables -a forward -p tcp --sport 123 -j Accept leaves a backup: For / proc / net / ip_conntrack to find viral connection: CAT / proc / net / ip_conntrack | grep unrep | awk -f = {'print $ 2'} | sort | uniq -c | sort If more than 20 connections, even if the virus is defined, it is good Hello ... Alone give two unrestricted IP yourself, Hoho ...