iptables
This will not work if you copy and paste it,
Use the Link To Download It.
#!/bin/bash
# This is just a modded stateful firewall script used from Gentoo’s documentation.
# This script includes syn flood, and portscan protection.
# email:m6@kcidx.org
UPLINK=”eth0″
INTERFACES=”lo eth0″
TORRENT=”"
TCPSERVICES=”"
UDPSERVICES=”"
if [ "$1" = "start" ]
then
echo “Starting firewall…”
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -A FORWARD -p tcp –tcp-flags SYN,RST SYN –jump TCPMSS –clamp-mss-to-pmtu
iptables -A INPUT -p tcp –dport ${TORRENT} –tcp-flags RST RST -j DROP
iptables -A INPUT -p tcp –dport ${TORRENT} -j ACCEPT
iptables -A INPUT -p udp –dport ${TORRENT} -j ACCEPT
iptables -A FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu
iptables -A INPUT ! -i ${UPLINK} -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m recent –name portscan –rcheck –seconds 300 -j DROP
iptables -A INPUT -m recent –name portscan –remove
iptables -A INPUT -p icmp -m icmp –icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp –icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp -m icmp -m limit –limit 1/second -j ACCEPT
iptables -A INPUT -m state –state INVALID -j DROP
#enable public access to certain services
for x in ${TCPSERVICES}
do
iptables -A INPUT -p tcp –dport ${x} -m state –state NEW -j ACCEPT
done
for x in ${UDPSERVICES}
do
iptables -A INPUT -p udp –dport ${x} -m state –state NEW -j ACCEPT
done
iptables -A INPUT -j LOG –log-level info –log-prefix “DROP: ”
iptables -A INPUT -p tcp -i ${UPLINK} –dport 1:63665 -m recent –name portscan –set -j DROP
iptables -A INPUT -p udp -i ${UPLINK} –dport 1:63665 -m recent –name portscan –set -j DROP
iptables -A INPUT -m state –state NEW -p tcp -m tcp –syn -m recent –name synflood –set
iptables -A INPUT -i ${UPLINK} -j DROP
#disable spoofing on all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
# Sysctl settings
fi
if [ "$1" = "stop" ]
then
echo “Stopping firewall…”
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
fi