Disable old protections against spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN

2014-02-03 10:45:25 +01:00 · 2014-02-03 10:45:25 +01:00 · 88e1bfbfde
parent 8e43c63cc0
commit 88e1bfbfde
1 changed files with 1 additions and 18 deletions
--- a/19
+++ b/19
@ -251,25 +251,8 @@ start()
   fi

    ## block spoofing
-    log_action_msg "Block spoofing, scan port, Xmas Tree, null scanning, SYN/RST and SYN/FIN"
+    log_action_msg "Enable rp filter"
    echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
-    ## NMAP FIN/URG/PSH
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG --log-prefix 'iptables: Port scan: ' --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
-    ## stop Xmas Tree type scanning
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL ALL -j DROP
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG --log-prefix "iptables: Xmas tree: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-    ## stop null scanning
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j LOG --log-prefix "iptables: Null scanning: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags ALL NONE -j DROP
-    ## SYN/RST
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "iptables: SYN/RST: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
-    ## SYN/FIN
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "iptables: SYN/FIN: " --log-level 4
-    $IPTABLES -A EO-INPUT -i $WAN_INT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

    ## stop sync flood
    log_action_msg "Block Syn flood"