Scripts com Iptables

Hide the menu at down Opens a blank page Hide the menu at right

Back to Home   

Home
Apresentação
:: Objetivos & Estratégia
:: Dados do Autor
Visão Geral
:: Scripts com o Iptables
:: Malformed Packets
ARP Poisoning
:: ARP Poisoning & default gateway
:: ARP Poisoning & Iptables
Denial of Service
:: TCP SYN FLOOD: características
:: Syn Flood: Resultados
:: Syn Flood: reações mais comuns
:: Syn Flood: reação viável atualmente
:: Syn Flood & Netfilter
:: Denial of Service (DoS): outros tipos

Exemplo de um script com recursos diversos

        #!/bin/bash
#
# (C) by Antonio Batista 
# Licensed as a free software under GNU GPL version 2
#

# Iptables programs directory
PRGDIR="/usr/local/iptables/bin"
# Iptables data directory
DATDIR="/usr/local/iptables/data"

# Load appropriate modules.
# modprobe ip_tables
# modprobe ip_conntrack
# modprobe ip_conntrack_ftp

# to protect against arp poisoning
GW="10.1.1.1"
MAC="00:02:4B:CB:11:00"
/usr/sbin/arp -s $GW $MAC 2>/dev/null

# These lines are here in case rules are already in place and the script is
# ever rerun on the fly.
# We want to remove all rules and pre-exisiting user defined chains and zero
# the counters
# before we implement new rules.
iptables -F
iptables -X
iptables -Z

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

## ============================================================
# RULES

# A custom chain to log and drop.
# We must remember that the LOG target is a
# "non-terminating target", i.e., a match on this rule does
# not stop the rules traversal, and the next target (DROP) 
# results evaluated as well.
iptables -N dropcounter
iptables -A dropcounter -j RETURN

iptables -N logdrop
iptables -A logdrop -m limit --limit 10/s --limit-burst 4 -j LOG --log-prefix "[SYN FLOOD] "
iptables -A logdrop -j dropcounter
iptables -A logdrop -j DROP

iptables -N logmalform
iptables -A logmalform -m limit --limit 10/s --limit-burst 4 -j LOG --log-prefix "[MALFORMED] "
iptables -A logmalform -j DROP

iptables -N malf-group
#$PRGDIR/malf-group.sh
iptables -A malf-group -p tcp --tcp-flags SYN,FIN SYN,FIN  -j logmalform
iptables -A malf-group -p tcp --tcp-flags SYN,RST SYN,RST  -j logmalform
iptables -A malf-group -p tcp --tcp-flags FIN,RST FIN,RST  -j logmalform
iptables -A malf-group -j RETURN

###############################################
# INPUT chain groups
###############################################
iptables -N in-best-group
#$PRGDIR/in-best-group.sh
iptables -A in-best-group -j RETURN

# iptables -N in-pre-ids-group
# $PRGDIR/in-pre-ids-group.sh
# iptables -A in-pre-ids-group -j RETURN

iptables -N in-malf-group
#$PRGDIR/in-malf-group.sh
iptables -A in-malf-group -j malf-group
iptables -A in-malf-group -j RETURN

iptables -N in-bad-group
#$PRGDIR/in-bad-group.sh
iptables -A in-bad-group -j RETURN

iptables -N in-good-group
#$PRGDIR/in-good-group.sh
iptables -A in-good-group -j RETURN

iptables -N in-deny-group
#$PRGDIR/in-deny-group.sh
iptables -A in-deny-group -j RETURN

iptables -N in-accept-group
#$PRGDIR/in-accept-group.sh
iptables -A in-accept-group -j RETURN

iptables -N in-dsg-group
#$PRGDIR/in-dsg-group.sh
iptables -A in-dsg-group -j RETURN

iptables -N in-customer-group
#$PRGDIR/in-customer-group.sh
iptables -A in-customer-group -j RETURN

# iptables -N in-ids-group
# $PRGDIR/in-ids-group.sh
# iptables -A in-ids-group -j RETURN

iptables -N in-fw-group
$PRGDIR/in-fw-group.sh
iptables -A in-fw-group -j RETURN

###############################################
# FORWARD chain groups
###############################################
# iptables -N fwd-best-group
# $PRGDIR/fwd-best-group.sh
# iptables -A fwd-best-group -j RETURN

# iptables -N fwd-malf-group
#$PRGDIR/fwd-malf-group.sh
# iptables -A fwd-malf-group -j malf-group
# iptables -A fwd-malf-group -j RETURN

# iptables -N fwd-bad-group
# $PRGDIR/fwd-bad-group.sh
# iptables -A fwd-bad-group -j RETURN

# iptables -N fwd-good-group
# $PRGDIR/fwd-good-group.sh
# iptables -A fwd-good-group -j RETURN

# iptables -N fwd-deny-group
#$PRGDIR/fwd-deny-group.sh
# iptables -A fwd-deny-group -j RETURN

# iptables -N fwd-accept-group
#$PRGDIR/fwd-accept-group.sh
# iptables -A fwd-accept-group -j RETURN

# iptables -N fwd-dsg-group
#$PRGDIR/fwd-accept-group.sh
# iptables -A fwd-dsg-group -j RETURN

# iptables -N fwd-customer-group
# $PRGDIR/fwd-customer-group.sh
# iptables -A fwd-customer-group -j RETURN

# iptables -N fwd-fw-group
#$PRGDIR/fwd-fw-group.sh
# iptables -A fwd-fw-group -j RETURN

###############################################
# OUTPUT chain groups
###############################################
iptables -N out-malf-group
$PRGDIR/out-malf-group.sh
iptables -A out-malf-group -j malf-group
iptables -A out-malf-group -j RETURN

iptables -N out-good-group
$PRGDIR/out-good-group.sh
iptables -A out-good-group -j RETURN

iptables -N out-fw-group
$PRGDIR/out-fw-group.sh
iptables -A out-fw-group -j RETURN



## SYN-FLOOD
#
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 50/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j logdrop

###############################################
# INPUT
###############################################
# The conventional chains
iptables -A INPUT  -i lo -j ACCEPT
# Best Group
iptables -A INPUT -j in-best-group
# Pre-IDS Group
# iptables -A INPUT -j in-pre-ids-group
# Malformed
iptables -A INPUT -j in-malf-group
# Bad VIP
iptables -A INPUT -j in-bad-group
# Good VIP
iptables -A INPUT -j in-good-group
# Deny Group
iptables -A INPUT -j in-deny-group
# Accept Group
iptables -A INPUT -j in-accept-group
# Deny Services Group
iptables -A INPUT -j in-dsg-group
# Customer Group
iptables -A INPUT -j in-customer-group
# Syn Flood
iptables -A INPUT -p tcp --syn -j syn-flood
# Firewall
iptables -A INPUT -j in-fw-group
# DEFAULT DROP
iptables -A INPUT -m limit --limit 10/s --limit-burst 4 -j LOG --log-prefix "[INPUT FW] "
iptables -A INPUT -j DROP  
# IDS Group
# iptables -A INPUT -j in-ids-group
# iptables -A INPUT -j DROP  


###############################################
# FORWARD
###############################################
# Best VIP
# iptables -A FORWARD -j fwd-best-group
# Malformed
# iptables -A FORWARD -j fwd-malf-group
# Bad VIP
# iptables -A FORWARD -j fwd-bad-group
# Good VIP
# iptables -A FORWARD -j fwd-good-group
# Deny Group
# iptables -A FORWARD -j fwd-deny-group
# Accept Group
# iptables -A FORWARD -j fwd-accept-group
# Deny Services Group
# iptables -A FORWARD -j fwd-dsg-group
# Customer VIP
# iptables -A FORWARD -j fwd-customer-group
# Syn Flood
# iptables -A FORWARD -p tcp --syn -j syn-flood
# Firewall
# iptables -A FORWARD -j fwd-fw-group
# DEFAULT ACCEPT
#iptables -A FORWARD -m limit --limit 10/s --limit-burst 4 -j LOG --log-prefix "[FORWARD FW] "
# iptables -A FORWARD -j ACCEPT  


###############################################
# OUTPUT
###############################################
iptables -A OUTPUT -o lo -j ACCEPT
# Malformed
iptables -A OUTPUT -j out-malf-group
# Good VIP
iptables -A OUTPUT -j out-good-group
# Deny Group
# Accept Group
# Deny Services Group
# SynFlood
iptables -A OUTPUT -p tcp --syn -j syn-flood
# Firewall
iptables -A OUTPUT -j out-fw-group
# DEFAULT ACCEPT
iptables -A OUTPUT -j ACCEPT

# THE END
# ==================================================================


      

      
      

Área de conteúdo atualizada em Tuesday, 2003-April-08 21:29:27 GMT-3 (São Paulo, Brazil, South America)