API tools faq
paste
Advertisement
Sweetening

Untitled

Sweetening
Mar 15th, 2024
30
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # iptables configuration script for enhanced security
  4.  
  5. # Define commonly used ports
  6. SSH_PORT=22
  7. MINECRAFT_PORT=25565
  8. DYNMAP_PORT=8123
  9. #HTTP_PORT=80
  10. #HTTPS_PORT=443
  11. #EXAMPLE_UDP_PORT=5021
  12.  
  13. # Kernel parameters for network protection
  14. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  15. echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
  16. echo 1 > /proc/sys/net/ipv4/tcp_syncookies
  17. echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
  18. echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
  19. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
  20. echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
  21.  
  22. # Flush existing iptables rules
  23. /sbin/iptables --flush
  24.  
  25. # Accept loopback interface traffic
  26. /sbin/iptables -A INPUT -i lo -j ACCEPT
  27. /sbin/iptables -A OUTPUT -o lo -j ACCEPT
  28.  
  29. # Default policies
  30. /sbin/iptables --policy INPUT DROP
  31. /sbin/iptables --policy OUTPUT DROP
  32. /sbin/iptables --policy FORWARD DROP
  33.  
  34. # Accept established connections
  35. /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  36. /sbin/iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  37.  
  38. # Rate limit SSH connections to prevent brute-force attacks
  39. /sbin/iptables -A INPUT -p tcp --dport $SSH_PORT -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
  40. /sbin/iptables -A INPUT -p tcp --dport $SSH_PORT -m state --state NEW -m recent --set
  41. /sbin/iptables -A INPUT -p tcp --dport $SSH_PORT -m state --state NEW -j ACCEPT
  42.  
  43. # Open ports for specific services
  44. /sbin/iptables -A INPUT -p tcp --dport $MINECRAFT_PORT -m state --state NEW -j ACCEPT
  45. /sbin/iptables -A INPUT -p tcp --dport $DYNMAP_PORT -m state --state NEW -j ACCEPT
  46.  
  47. # Examples for other services (uncomment as needed)
  48. #/sbin/iptables -A INPUT -p tcp --dport $HTTP_PORT -m state --state NEW -j ACCEPT
  49. #/sbin/iptables -A INPUT -p tcp --dport $HTTPS_PORT -m state --state NEW -j ACCEPT
  50. #/sbin/iptables -A INPUT -p udp --dport $EXAMPLE_UDP_PORT -m state --state NEW -j ACCEPT
  51.  
  52. # Allow ICMP ping requests
  53. /sbin/iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  54.  
  55. # Drop all other incoming traffic
  56. /sbin/iptables -A INPUT -j DROP
  57.  
  58. # Display the active rules
  59. /sbin/iptables -nL
  60.  
  61. # Uncomment the following line to save iptables rules on systems using iptables-persistent or similar
  62. # This may vary depending on your Linux distribution
  63. # sudo iptables-save > /etc/iptables/rules.v4
  64.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!