-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipt.conf
21 lines (21 loc) · 1.34 KB
/
ipt.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/bash
iptables -A INPUT -i enp0s3 -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -i enp0s3 -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
iptables -A INPUT -i enp0s3 -f -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
iptables -A INPUT -i enp0s3 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -N port-scanning
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
iptables -A port-scanning -j DROP