Firewall | Marlo Luiz Binsfeld : )

Archive for Firewall

DROP Iptables

7 de abril de 2015 Firewall No comments

iptables -A INPUT -s 172.16.2.20 -j DROP

iptables -A OUTPUT -d 172.16.2.20 -j DROP

Créditos: http://paulovittor23.org/2011/10/31/bloqueando-acesso-ip-utilizando-iptables/

Habilitar Porta 587

21 de fevereiro de 2013 Firewall No comments

Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.

To enable port 587, edit the file /etc/postfix/master.cf

vi /etc/postfix/master.cf

and remove the # in front of the line:

#submission inet n – n – – smtpd

so that it looks like this:

submission inet n – n – – smtpd

and restart postfix:

/etc/init.d/postfix restart

Créditos: http://www.faqforge.com/linux/how-to-enable-port-587-submission-in-postfix/

Previnir SynFlood

11 de novembro de 2012 Firewall No comments

echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 2 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_synack_retries
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Créditos : http://foxpa.ws/2010/04/16/clearos-installation-checklist/

Rules Snort – TOR, RBN, DSHIELD e BOOTNET

14 de outubro de 2012 Firewall No comments

Link dos .rules : http://rules.emergingthreats.net/blockrules/

Adicionar no snort.conf

include $RULE_PATH/emerging-tor.rules
include $RULE_PATH/emerging-tor-BLOCK.rules
include $RULE_PATH/emerging-rbn.rules
include $RULE_PATH/emerging-rbn-malvertisers.rules
include $RULE_PATH/emerging-rbn-malvertisers-BLOCK.rules
include $RULE_PATH/emerging-rbn-BLOCK.rules
include $RULE_PATH/emerging-dshield.rules
include $RULE_PATH/emerging-dshield-BLOCK.rules
include $RULE_PATH/emerging-drop.rules
include $RULE_PATH/emerging-drop-BLOCK.rules
include $RULE_PATH/emerging-botcc.rules
include $RULE_PATH/emerging-ciarmy.rules
include $RULE_PATH/emerging-compromised-BLOCK.rules
include $RULE_PATH/emerging-compromised.rules

Download : scriptrulesupdate.sh

Script Bloqueio TOR via Iptables

14 de outubro de 2012 Firewall No comments

————————————————————————————————————————————————————

#!/bin/bash
#——————————————————————————
#
# File: blockproxyanon.sh
# Descricao : Bloqueio Proxy Anonymous via IPS HOSTS
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
#
#——————————————————————————

IPTABLES_TARGET=”DROP”
IPTABLES_CHAINNAME=”TOR”

WORKING_DIR=”/etc/blockproxyanon/”

# get IP address of eth0 network interface
IP_ADDRESS=$(curl -s checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’)

if ! iptables -L “$IPTABLES_CHAINNAME” -n >/dev/null 2>&1 ; then #If chain doesn’t exist
iptables -N “$IPTABLES_CHAINNAME” >/dev/null 2>&1 #Create it
fi

cd $WORKING_DIR

# Fazer manualmente
#rm -rf listed_ip_7.zip
#rm -rf ipsblocklist
#wget –progress=bar – http://www.stopforumspam.com/downloads/listed_ip_7.zip
#unzip -o listed_ip_7.zip

wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=80” -U NoSuchBrowser/1.0 > ipsblocklisttor
wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=9998” -U NoSuchBrowser/1.0 >> ipsblocklisttor
sed -i ‘s|^#.*$||g’ ipsblocklisttor
sed ‘/^$/d’ ipsblocklisttor > /tmp/ipsblocklist
cat /tmp/ipsblocklist | grep -v “#” > ipsblocklist

iptables -F “$IPTABLES_CHAINNAME”

CMD=$(cat listed_ip_7.txt ipsblocklist | uniq | sort)

for IP in $CMD; do
let COUNT=COUNT+1
iptables -A “$IPTABLES_CHAINNAME” -s $IP -j $IPTABLES_TARGET
done

iptables -A “$IPTABLES_CHAINNAME” -j RETURN
————————————————————————————————————————————————————
Créditos : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
Download : blockproxyanon.sh

Script Bloqueio de Social IM via Iptables

14 de outubro de 2012 Firewall No comments

—————————————————————————————————————————————————————-

#!/bin/bash
#——————————————————————————
#
# File: blocksocialim.sh
# Descricao : Bloqueio HTTPS
# Social Networks : http://bgp.he.net – Facebook, Twitter, Youtube, Meebo, MySpace, Badoo
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
#
#——————————————————————————
SOCIALIM_ALLOW=””
SOCIALIM_IP_RANGE=”74.119.76.0/22 69.63.184.0/21 69.63.176.0/24 69.63.176.0/21 69.171.255.0/24 69.171.240.0/20 69.171.239.0/24 69.171.224.0/20 66.220.159.0/24 66.220.152.0/21 66.220.144.0/21 31.13.80.0/24 31.13.79.0/24 31.13.78.0/24 31.13.77.0/24 31.13.76.0/24 31.13.75.0/24 31.13.74.0/24 31.13.73.0/24 31.13.72.0/24 31.13.71.0/24 31.13.70.0/24 31.13.69.0/24 31.13.66.0/24 31.13.65.0/24 31.13.64.0/24 31.13.64.0/19 31.13.24.0/21 204.15.20.0/22 173.252.96.0/19 173.252.70.0/24 173.252.64.0/19 199.96.57.0/24 199.96.56.0/24 199.59.148.0/22 199.16.156.0/22 82.129.37.0/24 64.15.126.0/24 64.15.125.0/24 64.15.124.0/24 64.15.121.0/24 64.15.120.0/24 64.15.120.0/22 64.15.120.0/21 64.15.119.0/24 64.15.118.0/24 64.15.117.0/24 64.15.116.0/24 64.15.115.0/24 64.15.114.0/24 64.15.113.0/24 64.15.112.0/24 64.15.112.0/21 64.15.112.0/20 213.146.171.0/24 208.65.155.0/24 208.65.154.0/24 208.65.152.0/23 208.65.152.0/22 208.117.255.0/24 208.117.254.0/24 208.117.253.0/24 208.117.252.0/24 208.117.251.0/24 208.117.250.0/24 208.117.249.0/24 208.117.248.0/24 208.117.248.0/21 208.117.245.0/24 208.117.244.0/24 208.117.243.0/24 208.117.242.0/24 208.117.241.0/24 208.117.240.0/24 208.117.239.0/24 208.117.238.0/24 208.117.237.0/24 208.117.236.0/24 208.117.235.0/24 208.117.234.0/24 208.117.233.0/24 208.117.232.0/24 208.117.231.0/24 208.117.230.0/24 208.117.229.0/24 208.117.228.0/24 208.117.227.0/24 208.117.226.0/24 208.117.225.0/24 208.117.224.0/24 208.117.224.0/19 74.114.27.0/24 74.114.26.0/24 74.114.24.0/21 208.81.188.0/22 199.36.158.0/24 199.36.158.0/23 199.36.156.0/23 199.36.152.0/22 63.135.92.0/22 63.135.88.0/22 63.135.86.0/24 63.135.84.0/23 63.135.80.0/22 63.135.80.0/20 216.178.46.0/23 216.178.44.0/23 216.178.42.0/23 216.178.41.0/24 216.178.40.0/24 216.178.38.0/23 216.178.32.0/20 204.16.32.0/22 87.245.199.0/24 64.209.21.0/24 31.222.78.0/23 31.222.76.0/23 31.222.74.0/23 31.222.72.0/23 31.222.71.0/24 31.222.70.0/24 31.222.70.0/23 31.222.68.0/23 31.222.66.0/23 31.222.64.0/23 159.253.183.0/24 159.253.182.0/24 159.253.180.0/23 159.253.178.0/23 159.253.176.0/23 159.253.176.0/22 173.194.42.0 173.194.42.1 173.194.42.14 173.194.42.2 173.194.42.3 173.194.42.32 173.194.42.33 173.194.42.34 173.194.42.35 173.194.42.36 173.194.42.37 173.194.42.38 173.194.42.39 173.194.42.4 173.194.42.40 173.194.42.41 173.194.42.46 173.194.42.5 173.194.42.6 173.194.42.7 173.194.42.8 173.194.42.9 173.252.96.0/19 204.15.20.0/22″

iptables -N SOCIALIM

## SOCIALIM DENY
for socialim in $SOCIALIM_IP_RANGE; do
iptables -I FORWARD -m tcp -p tcp -d $socialim –dport 443 -j SOCIALIM
done
iptables -A SOCIALIM -j REJECT

## SOCIALIM ALLOW
for socialimallow in $SOCIALIM_ALLOW; do
iptables -I SOCIALIM -s $socialimallow -j ACCEPT
done

—————————————————————————————————————————————————————-

Créditos : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
http://bgp.he.net/
Download : blocksocialim.sh

Regra Iptables Acesso Especifico para um IP

26 de setembro de 2012 Firewall No comments

# Deny all SSH connections
iptables -I INPUT -p tcp --dport 22 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 22 -j ACCEPT

# Deny all webconfig connections
iptables -I INPUT -p tcp --dport 81 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 81 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 81 -j ACCEPT

Pegar Ip Publico via Comando

21 de setembro de 2012 Firewall No comments

Using wget

wget -q -O – checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’

Using curl

curl -s checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’

curl -s http://whatismyip.org/

Using Lynx

lynx -dump checkip.dyndns.org

lynx -dump www.whatismyip.com | grep ‘Your IP’

Crédito : http://go2linux.garron.me/what-is-my-public-ip-address-with-linux

Nat Iptables Fora Proxy

14 de setembro de 2012 Firewall No comments

iptables -t nat -I PREROUTING -d 81.25.144.138 -j ACCEPT

Named Logs – named network unreachable resolving

6 de setembro de 2012 Firewall No comments

CentOS 5.3 upgrades to CentOS 5.4 causing named or BIND DNS server to producing a lot of “network unreachable resolving … ” errors in system logs /var/log/messages causing the log file increasing in size tremendously on busy system.

Root Caused of the issue :

According to the change log of BIND for CentOS 5.4 updates (bind-chroot-9.3.6-4.P1.el5_4.1) , the latest BIND DNS server as default is now enable for IPV6 DNS resolving. Any DNS query will caused the program to also resolved IPV6 IP although the host server or client is not IPV6 enable or capable

Workaround / Solution :

Disable the IPV6 in BIND. For CentOS 5.4, edit the /etc/sysconfig/named file and add the following options into the BIND startup

OPTIONS=”-4″

This will cause the BIND server to only resolve or use IPV4 and disable IPV6 support. Save the file and restart BIND server.

That will stop those annoying error message.

Créditos : http://www.hafizonline.net/blog/?p=164

« Older Entries

Archive for Firewall

DROP Iptables

Habilitar Porta 587

Previnir SynFlood

Rules Snort – TOR, RBN, DSHIELD e BOOTNET

Script Bloqueio TOR via Iptables

Script Bloqueio de Social IM via Iptables

Regra Iptables Acesso Especifico para um IP

Pegar Ip Publico via Comando

Nat Iptables Fora Proxy

Named Logs – named network unreachable resolving

Marlo Luiz Binsfeld : )

Blog de dicas sobre tarefas realizadas no dia-a-dia do mundo corporativo!

Redes Sociais

Pesquisar

Posts Recentes

Twitter