#!/bin/sh
# squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
Memaparkan catatan dengan label iptables. Papar semua catatan
Memaparkan catatan dengan label iptables. Papar semua catatan
Selasa, 28 September 2010
Selasa, 6 Oktober 2009
Menangkis brute force dengan iptables
Oct 6 08:11:10 jeruk sshd(pam_unix)[21960]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: check pass; user unknown
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: check pass; user unknown
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: check pass; user unknown
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: check pass; user unknown
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:33 jeruk kernel: Blocked: IN=eth1 OUT= MAC=00:10:18:2f:78:31:00:d0:d0:36:d3:42:08:00 SRC=61.167.49.106 DST=60.52.204.6 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34905 DF PROTO=TCP SPT=37951 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
serangan diatas telah berjaya ditangkis dan diletakkan didalam senarai hitam.. maka kepada sesiapa penjahat yang telah gagal menceroboh kebun saya anda bakal berdepan dengan masalah. berikut adalah comand iptables bagi menangkis si penjahat2 dia alam maya ini.
/sbin/iptables -N SSH
/sbin/iptables -N SSH_BLACKLIST
/sbin/iptables -A SSH_BLACKLIST -m recent --name SSH_COUNTER --set -j LOG --log-level warn --log-prefix "Blocked: "
/sbin/iptables -A SSH_BLACKLIST -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --update --seconds 300 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_BLACKLIST
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "Added: "
/sbin/iptables -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --remove -j LOG --log-level warn --log-prefix "Removed: "
/sbin/iptables -A SSH -m recent --name SSH --set -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j SSH
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: check pass; user unknown
Oct 6 08:11:15 jeruk sshd(pam_unix)[21963]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: check pass; user unknown
Oct 6 08:11:20 jeruk sshd(pam_unix)[21966]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: check pass; user unknown
Oct 6 08:11:25 jeruk sshd(pam_unix)[21968]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: check pass; user unknown
Oct 6 08:11:30 jeruk sshd(pam_unix)[21971]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.167.49.106
Oct 6 08:11:33 jeruk kernel: Blocked: IN=eth1 OUT= MAC=00:10:18:2f:78:31:00:d0:d0:36:d3:42:08:00 SRC=61.167.49.106 DST=60.52.204.6 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34905 DF PROTO=TCP SPT=37951 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
serangan diatas telah berjaya ditangkis dan diletakkan didalam senarai hitam.. maka kepada sesiapa penjahat yang telah gagal menceroboh kebun saya anda bakal berdepan dengan masalah. berikut adalah comand iptables bagi menangkis si penjahat2 dia alam maya ini.
/sbin/iptables -N SSH
/sbin/iptables -N SSH_BLACKLIST
/sbin/iptables -A SSH_BLACKLIST -m recent --name SSH_COUNTER --set -j LOG --log-level warn --log-prefix "Blocked: "
/sbin/iptables -A SSH_BLACKLIST -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --update --seconds 300 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_BLACKLIST
/sbin/iptables -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "Added: "
/sbin/iptables -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
/sbin/iptables -A SSH -m recent --name SSH_COUNTER --remove -j LOG --log-level warn --log-prefix "Removed: "
/sbin/iptables -A SSH -m recent --name SSH --set -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j SSH
Langgan:
Catatan (Atom)