forked from cohabit/server_config
feat: add iptables
config files
This commit is contained in:
parent
8eca961a57
commit
aaabd915f5
2
iptables/_deploy.sh
Normal file
2
iptables/_deploy.sh
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
iptables -F
|
||||||
|
source ./iptables/rules.sh
|
1
iptables/_install.sh
Normal file
1
iptables/_install.sh
Normal file
|
@ -0,0 +1 @@
|
||||||
|
nala install iptables
|
29
iptables/iptables/rules.sh
Normal file
29
iptables/iptables/rules.sh
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# General rules
|
||||||
|
iptables -P INPUT DROP
|
||||||
|
iptables -P FORWARD DROP
|
||||||
|
iptables -P OUTPUT DROP
|
||||||
|
|
||||||
|
# Fail2Ban
|
||||||
|
iptables -N f2b-sshd
|
||||||
|
iptables -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
|
||||||
|
iptables -A INPUT -p tcp -m multiport --dports 55555 -j f2b-sshd
|
||||||
|
|
||||||
|
# LoopBack
|
||||||
|
iptables -A INPUT -i lo -j ACCEPT
|
||||||
|
|
||||||
|
# Keep Opened connection
|
||||||
|
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
|
||||||
|
# Anti DDOS
|
||||||
|
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -m limit --limit 1/sec --limit-burst 1 -j ACCEPT
|
||||||
|
|
||||||
|
# SSH
|
||||||
|
iptables -A INPUT -p tcp -m tcp --dport 55555 -j ACCEPT
|
||||||
|
|
||||||
|
# Main proxy
|
||||||
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # HTTP
|
||||||
|
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # HTTPS
|
||||||
|
iptables -A INPUT -p udp --dport 443 -j ACCEPT # QUIC
|
||||||
|
|
||||||
|
# Fail2Ban -Return-
|
||||||
|
iptables -A f2b-sshd -j RETURN
|
Loading…
Reference in a new issue