Support
Forums
Contact Me
Download
Demo
Restrictive Iptables Based Firewall for Webserver script
- Details
- Category: Linux
- Published on Sunday, 29 January 2012 18:53
- Written by Administrator
- Hits: 1592
This script is working on all Linux standard distribution, but use at your own risk! The script has been made to automated the creation of iptables rules. There is an easy to use menu as well
root:~# ./firewall.sh Firewall script by www.waltercedric.com Credits to all various authors - GNU/GPL 3.0 Script Choose one of the following options: [N]ew firewall rules [C]lear all firewall rules [T]est firewall rules [S]ave firewall rules to /etc/network/iptables [E]xit
Features
To use it, just edit the file firewall.sh and change the variables.
IPT="/sbin/iptables" ########## Interfaces ########################################## PUB_IF="eth0" # public interface LO_IF="lo" # loopback SERVER_IP=$(ifconfig eth0 | grep 'inet addr:' |
awk -F'inet addr:' '{ print $2}' | awk '{ print $1}') ########## Allow/block services ################################ ALLOW_SSH="true" ALLOW_HTTP="true" ALLOW_FTP="false" ALLOW_OUTGOING_NTP="true" ALLOW_OUTGOING_SMTP="true" ALLOW_INCOMING_ICMP="true" USE_HARDENING_RULESET="true"########## SSH ################################################# SSH_PORT=22 # This notes every NEW connection to port ${SSH_PORT} and adds it to the recent "list" # If your IP is on the recent list, and you have ${SSH_LOGIN_ATTEMPT}
# or more entries on the list in the # last ${SSH_LOGIN_ATTEMPT_TIMEFRAME} seconds, we drop your request. SSH_LOGIN_ATTEMPT_PROTECTION="true" SSH_LOGIN_ATTEMPT=4 SSH_LOGIN_ATTEMPT_TIMEFRAME_SECONDS=90 SSH_ALLOW_ONLY_IP="false" SSH_ALLOW_ONLY_IP_LIST="122.xx.yy.zz/29" #### FILES ##### BLOCKED_IP_TDB=/root/.fw/blocked.ip.txt SPOOFIP=""
The file is available as a Gist https://gist.github.com/1690823
Donations
My Other Sites
Services
Joomla!
WEB 2.0
Fun
Skype
But dont abuse of it!