Re: Många frågor blir det... :)
I mitt fall gäller det allt det här:
*************************************
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE
iptables -P FORWARD ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/conf/default/log_martians
echo 1 > /proc/sys/net/ipv4/conf/eth0/log_martians
echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians
echo 1 > /proc/sys/net/ipv4/conf/lo/log_martians
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_source_route
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
***********************************************************
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::64.71.128.82
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1F00:FFFF::46F/127
route -A inet6 add ::/0 dev sit1
*****************************************************************
Och sedan dom här ip:na som jag vill stoppa direkt vid uppstart:
/sbin/iptables -I INPUT -s 64.156.198.0/24 -j DROP && /sbin/iptables -I
INPUT -s 64.156.198.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 217.116.227.153 -j DROP && /sbin/iptables -I
INPUT -s 217.116.227.153 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 195.242.36.4 -j DROP && /sbin/iptables -I
INPUT -s 195.242.36.4 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 217.209.111.155 -j DROP && /sbin/iptables -I
INPUT -s 217.209.111.155 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 202.95.23.0/24 -j DROP && /sbin/iptables -I
INPUT -s 202.95.23.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 212.2.211.0/24 -j DROP && /sbin/iptables -I
INPUT -s 212.2.211.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 80.135.140.0/24 -j DROP && /sbin/iptables -I
INPUT -s 80.135.140.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 202.71.153.0/24 -j DROP && /sbin/iptables -I
INPUT -s 202.71.153.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 64.113.90.0/24 -j DROP && /sbin/iptables -I
INPUT -s 64.113.90.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 195.98.43.0/24 -j DROP && /sbin/iptables -I
INPUT -s 195.98.43.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 200.56.236.0/24 -j DROP && /sbin/iptables -I
INPUT -s 200.56.236.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 80.71.1.0/24 -j DROP && /sbin/iptables -I
INPUT -s 80.71.1.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 219.163.187.0/24 -j DROP && /sbin/iptables -I
INPUT -s 219.163.187.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 61.118.173.0/24 -j DROP && /sbin/iptables -I
INPUT -s 61.118.173.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 212.66.200.0/24 -j DROP && /sbin/iptables -I
INPUT -s 212.66.200.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 202.60.228.0/24 -j DROP && /sbin/iptables -I
INPUT -s 202.60.228.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 198.78.66.0/24 -j DROP && /sbin/iptables -I
INPUT -s 198.78.66.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 24.226.32.0/24 -j DROP && /sbin/iptables -I
INPUT -s 24.226.32.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 211.92.184.0/24 -j DROP && /sbin/iptables -I
INPUT -s 211.92.184.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 213.138.34.0/24 -j DROP && /sbin/iptables -I
INPUT -s 213.138.34.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 193.251.185.0/24 -j DROP && /sbin/iptables -I
INPUT -s 193.251.185.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 195.92.95.0/24 -j DROP && /sbin/iptables -I
INPUT -s 195.92.95.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 147.156.160.0/24 -j DROP && /sbin/iptables -I
INPUT -s 147.156.160.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 218.71.120.0/24 -j DROP && /sbin/iptables -I
INPUT -s 218.71.120.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 205.151.202.0/24 -j DROP && /sbin/iptables -I
INPUT -s 205.151.202.0/24 -m limit --limit 3/minute --limit-burst 5 -j
LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 212.11.49.0/24 -j DROP && /sbin/iptables -I
INPUT -s 212.11.49.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 80.61.76.0/24 -j DROP && /sbin/iptables -I
INPUT -s 80.61.76.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
/sbin/iptables -I INPUT -s 64.56.238.0/24 -j DROP && /sbin/iptables -I
INPUT -s 64.56.238.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG
--log-level DEBUG --log-prefix 'Portsentry: dropping: '
Lite jobbigt o klippa och klistra alla det här vid uppstart. :(
Du vet inga bättre regler som är "aggresivare" än dom jag har
Har du lust o förklara lite närmare? ( Är ganska ny på det här )
( Ursäkta om det blev lite stort mail, Men måste ju visa vad jag menar.
)
Mvh
/Thomas
Tommy Lindgren wrote:
>
> Thomas@starka.st writes:
>
> > Om jag vill att så mycke som möjlig konfigureras vid start. Var lägger
> > jag det?
> > T.ex: iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE,
>
> Tja, jag brukar då skapa ett skript i /etc/init.d och sedan
> länkar jag till det från /etc/rc2.d. I ditt fall skulle du kanske
> kunna använda dig av iptables-skriptet (/etc/init.d/iptables)
> som konfigureras från /etc/default/iptables.
>
> > echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Den där kan man iaf sätta i /etc/network/options.
>
> tomyl:~$ cat /etc/network/options
> ip_forward=yes
> ...
>
> --
> Tommy Lindgren | o y @ i u . u
> 41A942131CAA5C | t m l l n x n
> ^C^C
Reply to: