Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Post your iptables
#1
Post your iptables / ufw scripts!
Reply
#2
Code:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
:^)
ComputerTech is a legend.
Reply
#3
(12-27-2023, 03:27 AM)ComputerTech Wrote:
Code:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
:^)

lmao. all all traffic eh
Reply
#4
#!/usr/bin/bash
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -N shitlist
echo applying standard rules
/usr/bin/sh /root/iptables2
echo blocking custom blacklist
/usr/bin/sh /root/.blacklist/blacklist.sh
echo blocking China
/usr/bin/sh /root/.blacklist/cn.sh
echo blocking Russia
/usr/bin/sh /root/.blacklist/ru.sh
echo blocking Brasil
/usr/bin/sh /root/.blacklist/br.sh
echo blocking Iran
/usr/bin/sh /root/.blacklist/ir.sh
echo blocking known scanners
/usr/bin/sh /root/.blacklist/scanners.sh
echo blocking stretchoid scanners
/usr/bin/sh /root/.blacklist/stretchoid.sh
echo blocking shadowserver scanners
/usr/bin/sh .blacklist/shadowserver.sh
echo block TOR exit nodes
/usr/bin/sh /root/.blacklist/tor.sh
Reply
#5
(12-27-2023, 03:29 AM)m0n Wrote: #!/usr/bin/bash
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -N shitlist
echo applying standard rules
/usr/bin/sh /root/iptables2
echo blocking custom blacklist
/usr/bin/sh /root/.blacklist/blacklist.sh
echo blocking China
/usr/bin/sh /root/.blacklist/cn.sh
echo blocking Russia
/usr/bin/sh /root/.blacklist/ru.sh
echo blocking Brasil
/usr/bin/sh /root/.blacklist/br.sh
echo blocking Iran
/usr/bin/sh /root/.blacklist/ir.sh
echo blocking known scanners
/usr/bin/sh /root/.blacklist/scanners.sh
echo blocking stretchoid scanners
/usr/bin/sh /root/.blacklist/stretchoid.sh
echo blocking shadowserver scanners
/usr/bin/sh .blacklist/shadowserver.sh
echo block TOR exit nodes
/usr/bin/sh /root/.blacklist/tor.sh

Mind giving insight on those blacklist scripts or reveal your sources?
I'm currently using geoipsets and ipset to deny/drop traffic from certain countries

h4 - The only user with a username <3 characters!
Reply
#6
(12-29-2023, 11:14 AM)h4 Wrote:
(12-27-2023, 03:29 AM)m0n Wrote: #!/usr/bin/bash
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -N shitlist
echo applying standard rules
/usr/bin/sh /root/iptables2
echo blocking custom blacklist
/usr/bin/sh /root/.blacklist/blacklist.sh
echo blocking China
/usr/bin/sh /root/.blacklist/cn.sh
echo blocking Russia
/usr/bin/sh /root/.blacklist/ru.sh
echo blocking Brasil
/usr/bin/sh /root/.blacklist/br.sh
echo blocking Iran
/usr/bin/sh /root/.blacklist/ir.sh
echo blocking known scanners
/usr/bin/sh /root/.blacklist/scanners.sh
echo blocking stretchoid scanners
/usr/bin/sh /root/.blacklist/stretchoid.sh
echo blocking shadowserver scanners
/usr/bin/sh .blacklist/shadowserver.sh
echo block TOR exit nodes
/usr/bin/sh /root/.blacklist/tor.sh

Mind giving insight on those blacklist scripts or reveal your sources?
I'm currently using geoipsets and ipset to deny/drop traffic from certain countries

Source I've used for country specific CIDR networks: https://ipv4.fetus.jp/cn.txt

Custom lists that are updated daily:
https://www.m0n.org/pfblocker/stretchoid.txt
https://www.m0n.org/pfblocker/paloalto.txt
https://www.m0n.org/pfblocker/censys.txt
https://www.m0n.org/pfblocker/blacklist.txt (random but persistent shitty bots/scanners)

Example bash script I've written using RH iptables-services for cn.sh  
Code:
_input=/root/.blacklist/cn.db

IPT=/usr/sbin/iptables
while IFS= read -r ip
do
       $IPT -I INPUT -i ens3 -s $ip -m comment --comment "CHINA" -j DROP
done < "$_input"
Reply
#7
[code]-P INPUT DROP
Reply
#8
Please try Google before asking about Excellent Product Blog 4d0005_

Please try Google before asking about Cool Product Guide d5a9464
Reply
#9
Please try Google before asking about New Product Website 6ff6c4d
Reply
#10
Please try Google before asking about Updated Product Website 4d0007_
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)