Skip to content

Instantly share code, notes, and snippets.

@dennyhalim

dennyhalim/setup-iptables.sh

Created July 13, 2009 15:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dennyhalim/146214 to your computer and use it in GitHub Desktop.
Save dennyhalim/146214 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup-iptables.sh
#http://wiki.dennyhalim.com/linux-firmware
#firewall
iptables -I FORWARD -p tcp --syn --dport 80 -m connlimit --connlimit-above 1000 -j REJECT
iptables -I FORWARD -p tcp --syn -m connlimit --connlimit-above 100 -j REJECT
iptables -I FORWARD -p udp --dport 53 -m limit --limit 100/sec -j ACCEPT
iptables -I FORWARD -p udp -m limit --limit 10/sec -j ACCEPT
#wan up
export IPTABLES=/usr/sbin/iptables
wget http://www.emergingthreats.net/fwrules/emerging-IPTABLES-ALL.rules
chmod +x emerging-IPTABLES-ALL.rules
sh /tmp/emerging-IPTABLES-ALL.rules
#http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ
###wget -q http://www.spamhaus.org/drop/drop.lasso -O - \
#wget -q http://www.emergingthreats.net/fwrules/emerging-Block-IPs.txt -O - \
# | sed -e 's/;.*//' \
# | grep -v '^ *$' \
# | while read OneNetBlock ; do
# /usr/sbin/iptables -I INPUT -s "$OneNetBlock" -j DROP
# /usr/sbin/iptables -I OUTPUT -d "$OneNetBlock" -j DROP
# /usr/sbin/iptables -I FORWARD -s "$OneNetBlock" -j DROP
# /usr/sbin/iptables -I FORWARD -d "$OneNetBlock" -j DROP
#done
#http://www.linksysinfo.org/forums/showthread.php?t=60304
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment