Skip to content

Instantly share code, notes, and snippets.

@jrelo

jrelo/mrecent_string_block.sh

Created September 5, 2019 16:58
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jrelo/8b588c2408b1622a691057d1240dfd67 to your computer and use it in GitHub Desktop.
Save jrelo/8b588c2408b1622a691057d1240dfd67 to your computer and use it in GitHub Desktop.
Download ZIP
simple iptables -m recent string block
Raw
mrecent_string_block.sh
iptables -t mangle -N badz
iptables -t mangle -N blockz
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j blockz
iptables -t mangle -A badz -m recent --set --name terrible --rsource
iptables -t mangle -A blockz -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m recent --update --seconds 3600 --name terrible --rsource -j DROP
iptables -t mangle -A blockz -p tcp -m tcp --dport 80 -m string --string "malicious_string" --algo bm --to 65535 -m recent --set --name bad --rsource
iptables -t mangle -A blockz -p tcp -m tcp --dport 80 -m string --string "malicious_string" --algo bm --to 65535 -m recent --update --seconds 10 --hitcount 3 --name bad --rsource -j badz
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment