Firewallscript nur zum blocken von FTP-Bruteforce-Attacken

Aus wiki.shutdown-system.de
Wechseln zu: Navigation, Suche
  #!/bin/sh
  # description: Enable IPTABLES Firewalling
  #
  # processname: iptables   
  # config: /etc/firewall.conf
  #
 
  # SET FWDEBUG=0 TO MAKE IT WORK!
  FWDEBUG=0
 
  IPT=/sbin/iptables
  NAME=iptables
  DESC="stateful firewall"
  TABLES="filter nat"
  IM=/sbin/modprobe
  RMM=/sbin/rmmod
  MAIN_IF="eth0"
 
  if [ "$FWDEBUG" = "1" ]; then
          IPT="echo $IPT"
          IM="echo $IM"
          RMM="echo $RMM"
  fi
 
 
  case "$1" in
    start)
      [ "$FWDEBUG" = "1" ] && \
          echo "NOT Starting $DESC. The following rules would be applied:" || \
          echo -n "Starting $DESC: "  
 
      # zusaetzliche kernelmodule laden
      $IM ip_tables
      $IM ip_conntrack_ftp
      $IM ip_conntrack
 
      # proc stuff
      echo 0 > /proc/sys/net/ipv4/ip_forward
      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
 
      # alles flushen und defaultpolicy setzen
      $IPT -P FORWARD DROP
      $IPT -P INPUT ACCEPT
      $IPT -P OUTPUT ACCEPT
      for tbl in $TABLES;do $IPT -t $tbl -F;$IPT -t $tbl -X;done
 
      # new chains
      $IPT -N FTP_CHECK
 
      $IPT -A INPUT -p tcp --dport ftp -m state --state NEW -j FTP_CHECK
      $IPT -A FTP_CHECK -m recent --set --name FTP
      $IPT -A FTP_CHECK -m recent --update --seconds 60 --hitcount 4 --name FTP -j LOG --log-prefix "FTP_Brute_Force: "
      $IPT -A FTP_CHECK -m recent --update --seconds 60 --hitcount 4 --name FTP -j DROP
 
      ## ende der filterregeln
 
      [ "$FWDEBUG" = "1" ] && echo "PLEASE MODIFY $0" || \
          echo "$NAME."
    ;;
 
    stop)
      echo -n "Stopping $DESC: "
      $IPT -P INPUT ACCEPT
      $IPT -P OUTPUT ACCEPT
      $IPT -P FORWARD ACCEPT
      for tbl in $TABLES;do $IPT -t $tbl -F;$IPT -t $tbl -X;done
 
      echo "$NAME."
    ;;
 
    restart)
      $0 stop
      $0 start
    ;;
 
    status)
      for tbl in $TABLES; do
      echo "Statistics for table: $tbl"
      $IPT -t $tbl -nvL
      done
    ;;
 
    *)
      echo "Usage: $0 {start|stop|restart|status}" >&2
      exit 1
    ;;
  esac
  exit 0

Meine Werkzeuge