entrouvert
/
eofirewall
Archived
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Disable old protections against spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN

master
Jérôme Schneider 2014-02-03 10:45:25 +01:00
parent 8e43c63cc0
commit 88e1bfbfde
1 changed files with 1 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
eofirewall
View File

@ -251,25 +251,8 @@ start()
fi
## block spoofing
log_action_msg "Block spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN"
log_action_msg "Enable rp filter"
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
## NMAP FIN/URG/PSH
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix 'iptables: Port scan: ' --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
## stop Xmas Tree type scanning
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
## stop null scanning
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "iptables: Null scanning: " --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j DROP
## SYN/RST
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "iptables: SYN/RST: " --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
## SYN/FIN
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "iptables: SYN/FIN: " --log-level 4
$IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
## stop sync flood
log_action_msg "Block Syn flood"