/ / / / Flood ve DoS Saldırılarını Hafifletmek Amaçlı IPTables

Flood ve DoS Saldırılarını Hafifletmek Amaçlı IPTables

, , Edit


KOD:

Kod:
#!/bin/bash
#TCP Türevi
iptables -N syn_flood
iptables -I INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -p tcp -m tcpmss --mss 0:500
iptables -A syn_flood -m limit --limit 3/s --limit-burst 10 -j RETURN
iptables -A syn_flood -m connlimit --connlimit-above 5 -j REJECT
iptables -A syn_flood -m hashlimit --hashlimit 1/s --hashlimit-mode dstip,dstport --hashlimit-name hosts --hashlimit-burst 3 -j RETURN
iptables -A syn_flood -m state --state INVALID,UNTRACKED -j REJECT
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j REJECT
iptables -I INPUT -p tcp -s 192.168.1.31 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j RETURN
iptables -A syn_flood -j DROP

#UDP
iptables -N udp_flood
iptables -A INPUT -p udp --dport 11111 -j udp_flood
iptables -A INPUT -f -j DROP
iptables -A udp_flood -m length --length 0:58 -j REJECT
iptables -A udp_flood -m length --length 2401:65535 -j REJECT
iptables -A udp_flood -m state --state NEW -m recent --update --second 1 --hitcount 10 -j RETURN
iptables -A udp_flood -s 192.168.1.31 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j RETURN
iptables -A udp_flood -j DROP

#ICMP
iptables -I INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -I INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j LOG --log-prefix "PING-DROP;-
iptables -I INPUT -p icmp --icmp-type "echo-request" -m length --length 86:0xffff -j DROP
iptables -I INPUT -p icmp -j DROP
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -I INPUT -p icmp -m state --state RELATED -m limit --limit 3/s --limit-burst 8
iptables -I INPUT -p icmp -m state --state ESTABLISHED -m limit --limit 3/s --limit-burst 8 -j ACCEPT
iptables -I INPUT -p icmp --fragment -j DROP
iptables -I INPUT -p icmp --icmp-type "echo-request" -m limit --limit 3/s --limit-burst 8 -j ACCEPT
iptables -I INPUT -p icmp -j DROP
Share on Google Plus

About Life

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 yorum:

Yorum Gönder

Kaydol: Kayıt Yorumları ( Atom )