Exemple de règles iptables
jeudi 23 juillet 2015 à 14:46Oros links 14:46
#!/bin/bash
## Script iptables by BeAvEr
## update by Oros
## Règles iptables.
## http://doc.ubuntu-fr.org/iptables
## On flush iptables.
iptables -F
## On supprime toutes les chaînes utilisateurs.
iptables -X
## On drop tout le trafic entrant.
iptables -P INPUT DROP
## On drop tout le trafic sortant.
iptables -P OUTPUT DROP
## On drop le forward.
iptables -P FORWARD DROP
## On drop les scans XMAS et NULL.
iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
## Dropper silencieusement tous les paquets broadcastés.
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
## Permettre à une connexion ouverte de recevoir du trafic en entrée.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
## Permettre à une connexion ouverte de recevoir du trafic en sortie.
iptables -A OUTPUT -m state ! --state INVALID -j ACCEPT
## On accepte la boucle locale en entrée.
iptables -I INPUT -i lo -j ACCEPT
## On log les paquets en entrée.
iptables -A INPUT -j LOG
## On log les paquets forward.
iptables -A FORWARD -j LOG
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT
#TMG
iptables -A INPUT -m iprange --src-range 85.159.236.253-85.159.236.254 -j DROP
iptables -A INPUT -m iprange --src-range 85.159.232.81-85.159.232.83 -j DROP
iptables -A INPUT -m iprange --src-range 193.107.240.1-193.107.240.4 -j DROP
iptables -I INPUT -s 82.138.81.211 -j DROP
#baidu
iptables -A INPUT -m iprange --src-range 119.63.192.0-119.63.192.255 -j DROP
iptables -A INPUT -m iprange --src-range 123.125.71.0-123.125.71.255 -j DROP
iptables -A INPUT -m iprange --src-range 180.76.15.0-180.76.15.255 -j DROP
iptables -A INPUT -m iprange --src-range 220.181.108.0-220.181.108.255 -j DROP
#google
iptables -A INPUT -m iprange --src-range 64.233.160.0-64.233.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.102.0.0-66.102.15.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.249.64.0-66.249.95.255 -j DROP
iptables -A INPUT -m iprange --src-range 72.14.192.0-72.14.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 74.125.0.0-74.125.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 209.85.128.0-209.85.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 216.239.32.0-216.239.63.255 -j DROP
#MSN/Live
iptables -A INPUT -m iprange --src-range 64.4.0.0-64.4.63.255 -j DROP
iptables -A INPUT -m iprange --src-range 65.52.0.0-65.55.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 131.253.21.0-131.253.47.255 -j DROP
iptables -A INPUT -m iprange --src-range 157.54.0.0-157.60.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 207.46.0.0-207.46.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 207.68.128.0-207.68.207.255 -j DROP
#Yahoo
iptables -A INPUT -m iprange --src-range 8.12.144.0-8.12.144.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.196.64.0-66.196.127.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.228.160.0-66.228.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 67.195.0.0-67.195.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 68.142.192.0-68.142.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 72.30.0.0-72.30.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 74.6.0.0-74.6.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 98.136.0.0-98.139.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 202.160.176.0-202.160.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 209.191.64.0-209.191.127.255 -j DROP
exit 0
(Permalink)
## Script iptables by BeAvEr
## update by Oros
## Règles iptables.
## http://doc.ubuntu-fr.org/iptables
## On flush iptables.
iptables -F
## On supprime toutes les chaînes utilisateurs.
iptables -X
## On drop tout le trafic entrant.
iptables -P INPUT DROP
## On drop tout le trafic sortant.
iptables -P OUTPUT DROP
## On drop le forward.
iptables -P FORWARD DROP
## On drop les scans XMAS et NULL.
iptables -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
## Dropper silencieusement tous les paquets broadcastés.
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
## Permettre à une connexion ouverte de recevoir du trafic en entrée.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
## Permettre à une connexion ouverte de recevoir du trafic en sortie.
iptables -A OUTPUT -m state ! --state INVALID -j ACCEPT
## On accepte la boucle locale en entrée.
iptables -I INPUT -i lo -j ACCEPT
## On log les paquets en entrée.
iptables -A INPUT -j LOG
## On log les paquets forward.
iptables -A FORWARD -j LOG
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport ssh -j ACCEPT
#TMG
iptables -A INPUT -m iprange --src-range 85.159.236.253-85.159.236.254 -j DROP
iptables -A INPUT -m iprange --src-range 85.159.232.81-85.159.232.83 -j DROP
iptables -A INPUT -m iprange --src-range 193.107.240.1-193.107.240.4 -j DROP
iptables -I INPUT -s 82.138.81.211 -j DROP
#baidu
iptables -A INPUT -m iprange --src-range 119.63.192.0-119.63.192.255 -j DROP
iptables -A INPUT -m iprange --src-range 123.125.71.0-123.125.71.255 -j DROP
iptables -A INPUT -m iprange --src-range 180.76.15.0-180.76.15.255 -j DROP
iptables -A INPUT -m iprange --src-range 220.181.108.0-220.181.108.255 -j DROP
iptables -A INPUT -m iprange --src-range 64.233.160.0-64.233.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.102.0.0-66.102.15.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.249.64.0-66.249.95.255 -j DROP
iptables -A INPUT -m iprange --src-range 72.14.192.0-72.14.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 74.125.0.0-74.125.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 209.85.128.0-209.85.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 216.239.32.0-216.239.63.255 -j DROP
#MSN/Live
iptables -A INPUT -m iprange --src-range 64.4.0.0-64.4.63.255 -j DROP
iptables -A INPUT -m iprange --src-range 65.52.0.0-65.55.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 131.253.21.0-131.253.47.255 -j DROP
iptables -A INPUT -m iprange --src-range 157.54.0.0-157.60.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 207.46.0.0-207.46.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 207.68.128.0-207.68.207.255 -j DROP
#Yahoo
iptables -A INPUT -m iprange --src-range 8.12.144.0-8.12.144.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.196.64.0-66.196.127.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.228.160.0-66.228.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 67.195.0.0-67.195.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 68.142.192.0-68.142.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 72.30.0.0-72.30.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 74.6.0.0-74.6.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 98.136.0.0-98.139.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 202.160.176.0-202.160.191.255 -j DROP
iptables -A INPUT -m iprange --src-range 209.191.64.0-209.191.127.255 -j DROP
exit 0
(Permalink)