iptables -A INPUT -s 172.16.2.20 -j DROP
iptables -A OUTPUT -d 172.16.2.20 -j DROP
Créditos: http://paulovittor23.org/2011/10/31/bloqueando-acesso-ip-utilizando-iptables/
iptables -A INPUT -s 172.16.2.20 -j DROP
iptables -A OUTPUT -d 172.16.2.20 -j DROP
Créditos: http://paulovittor23.org/2011/10/31/bloqueando-acesso-ip-utilizando-iptables/
Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.
To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line:
#submission inet n – n – – smtpd
so that it looks like this:
submission inet n – n – – smtpd
and restart postfix:
/etc/init.d/postfix restart
Créditos: http://www.faqforge.com/linux/how-to-enable-port-587-submission-in-postfix/
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog echo 2 > /proc/sys/net/ipv4/tcp_syn_retries echo 1 > /proc/sys/net/ipv4/tcp_synack_retries echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Créditos : http://foxpa.ws/2010/04/16/clearos-installation-checklist/
Link dos .rules : http://rules.emergingthreats.net/blockrules/
Adicionar no snort.conf
include $RULE_PATH/emerging-tor.rules
include $RULE_PATH/emerging-tor-BLOCK.rules
include $RULE_PATH/emerging-rbn.rules
include $RULE_PATH/emerging-rbn-malvertisers.rules
include $RULE_PATH/emerging-rbn-malvertisers-BLOCK.rules
include $RULE_PATH/emerging-rbn-BLOCK.rules
include $RULE_PATH/emerging-dshield.rules
include $RULE_PATH/emerging-dshield-BLOCK.rules
include $RULE_PATH/emerging-drop.rules
include $RULE_PATH/emerging-drop-BLOCK.rules
include $RULE_PATH/emerging-botcc.rules
include $RULE_PATH/emerging-ciarmy.rules
include $RULE_PATH/emerging-compromised-BLOCK.rules
include $RULE_PATH/emerging-compromised.rules
Download : scriptrulesupdate.sh
————————————————————————————————————————————————————
#!/bin/bash
#——————————————————————————
#
# File: blockproxyanon.sh
# Descricao : Bloqueio Proxy Anonymous via IPS HOSTS
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
#
#——————————————————————————
IPTABLES_TARGET=”DROP”
IPTABLES_CHAINNAME=”TOR”
WORKING_DIR=”/etc/blockproxyanon/”
# get IP address of eth0 network interface
IP_ADDRESS=$(curl -s checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’)
if ! iptables -L “$IPTABLES_CHAINNAME” -n >/dev/null 2>&1 ; then #If chain doesn’t exist
iptables -N “$IPTABLES_CHAINNAME” >/dev/null 2>&1 #Create it
fi
cd $WORKING_DIR
# Fazer manualmente
#rm -rf listed_ip_7.zip
#rm -rf ipsblocklist
#wget –progress=bar – http://www.stopforumspam.com/downloads/listed_ip_7.zip
#unzip -o listed_ip_7.zip
wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=80” -U NoSuchBrowser/1.0 > ipsblocklisttor
wget -q -O – “https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$IP_ADDRESS&port=9998” -U NoSuchBrowser/1.0 >> ipsblocklisttor
sed -i ‘s|^#.*$||g’ ipsblocklisttor
sed ‘/^$/d’ ipsblocklisttor > /tmp/ipsblocklist
cat /tmp/ipsblocklist | grep -v “#” > ipsblocklist
iptables -F “$IPTABLES_CHAINNAME”
CMD=$(cat listed_ip_7.txt ipsblocklist | uniq | sort)
for IP in $CMD; do
let COUNT=COUNT+1
iptables -A “$IPTABLES_CHAINNAME” -s $IP -j $IPTABLES_TARGET
done
iptables -A “$IPTABLES_CHAINNAME” -j RETURN
————————————————————————————————————————————————————
Créditos : http://www.brianhare.com/wordpress/2011/03/02/block-tor-exit-nodes-using-bash-script/#codesyntax_1
Download : blockproxyanon.sh
—————————————————————————————————————————————————————-
#!/bin/bash
#——————————————————————————
#
# File: blocksocialim.sh
# Descricao : Bloqueio HTTPS
# Social Networks : http://bgp.he.net – Facebook, Twitter, Youtube, Meebo, MySpace, Badoo
# Modificado : Marlo Luiz Binsfeld
# Original : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
#
#——————————————————————————
SOCIALIM_ALLOW=””
SOCIALIM_IP_RANGE=”74.119.76.0/22 69.63.184.0/21 69.63.176.0/24 69.63.176.0/21 69.171.255.0/24 69.171.240.0/20 69.171.239.0/24 69.171.224.0/20 66.220.159.0/24 66.220.152.0/21 66.220.144.0/21 31.13.80.0/24 31.13.79.0/24 31.13.78.0/24 31.13.77.0/24 31.13.76.0/24 31.13.75.0/24 31.13.74.0/24 31.13.73.0/24 31.13.72.0/24 31.13.71.0/24 31.13.70.0/24 31.13.69.0/24 31.13.66.0/24 31.13.65.0/24 31.13.64.0/24 31.13.64.0/19 31.13.24.0/21 204.15.20.0/22 173.252.96.0/19 173.252.70.0/24 173.252.64.0/19 199.96.57.0/24 199.96.56.0/24 199.59.148.0/22 199.16.156.0/22 82.129.37.0/24 64.15.126.0/24 64.15.125.0/24 64.15.124.0/24 64.15.121.0/24 64.15.120.0/24 64.15.120.0/22 64.15.120.0/21 64.15.119.0/24 64.15.118.0/24 64.15.117.0/24 64.15.116.0/24 64.15.115.0/24 64.15.114.0/24 64.15.113.0/24 64.15.112.0/24 64.15.112.0/21 64.15.112.0/20 213.146.171.0/24 208.65.155.0/24 208.65.154.0/24 208.65.152.0/23 208.65.152.0/22 208.117.255.0/24 208.117.254.0/24 208.117.253.0/24 208.117.252.0/24 208.117.251.0/24 208.117.250.0/24 208.117.249.0/24 208.117.248.0/24 208.117.248.0/21 208.117.245.0/24 208.117.244.0/24 208.117.243.0/24 208.117.242.0/24 208.117.241.0/24 208.117.240.0/24 208.117.239.0/24 208.117.238.0/24 208.117.237.0/24 208.117.236.0/24 208.117.235.0/24 208.117.234.0/24 208.117.233.0/24 208.117.232.0/24 208.117.231.0/24 208.117.230.0/24 208.117.229.0/24 208.117.228.0/24 208.117.227.0/24 208.117.226.0/24 208.117.225.0/24 208.117.224.0/24 208.117.224.0/19 74.114.27.0/24 74.114.26.0/24 74.114.24.0/21 208.81.188.0/22 199.36.158.0/24 199.36.158.0/23 199.36.156.0/23 199.36.152.0/22 63.135.92.0/22 63.135.88.0/22 63.135.86.0/24 63.135.84.0/23 63.135.80.0/22 63.135.80.0/20 216.178.46.0/23 216.178.44.0/23 216.178.42.0/23 216.178.41.0/24 216.178.40.0/24 216.178.38.0/23 216.178.32.0/20 204.16.32.0/22 87.245.199.0/24 64.209.21.0/24 31.222.78.0/23 31.222.76.0/23 31.222.74.0/23 31.222.72.0/23 31.222.71.0/24 31.222.70.0/24 31.222.70.0/23 31.222.68.0/23 31.222.66.0/23 31.222.64.0/23 159.253.183.0/24 159.253.182.0/24 159.253.180.0/23 159.253.178.0/23 159.253.176.0/23 159.253.176.0/22 173.194.42.0 173.194.42.1 173.194.42.14 173.194.42.2 173.194.42.3 173.194.42.32 173.194.42.33 173.194.42.34 173.194.42.35 173.194.42.36 173.194.42.37 173.194.42.38 173.194.42.39 173.194.42.4 173.194.42.40 173.194.42.41 173.194.42.46 173.194.42.5 173.194.42.6 173.194.42.7 173.194.42.8 173.194.42.9 173.252.96.0/19 204.15.20.0/22″
iptables -N SOCIALIM
## SOCIALIM DENY
for socialim in $SOCIALIM_IP_RANGE; do
iptables -I FORWARD -m tcp -p tcp -d $socialim –dport 443 -j SOCIALIM
done
iptables -A SOCIALIM -j REJECT
## SOCIALIM ALLOW
for socialimallow in $SOCIALIM_ALLOW; do
iptables -I SOCIALIM -s $socialimallow -j ACCEPT
done
—————————————————————————————————————————————————————-
Créditos : http://www.vivaolinux.com.br/dica/Bloquear-Facebook-acessado-por-HTTPS-(iptables)
http://bgp.he.net/
Download : blocksocialim.sh
# Deny all SSH connections iptables -I INPUT -p tcp --dport 22 -j DROP # All connections from address xyz iptables -I INPUT -p tcp --source 1.2.3.4 --dport 22 -j ACCEPT iptables -I INPUT -p tcp --source 5.6.7.8 --dport 22 -j ACCEPT # Deny all webconfig connections iptables -I INPUT -p tcp --dport 81 -j DROP # All connections from address xyz iptables -I INPUT -p tcp --source 1.2.3.4 --dport 81 -j ACCEPT iptables -I INPUT -p tcp --source 5.6.7.8 --dport 81 -j ACCEPT
Using wget
wget -q -O – checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’
Using curl
curl -s checkip.dyndns.org|sed -e ‘s/.*Current IP Address: //’ -e ‘s/<.*$//’
curl -s http://whatismyip.org/
Using Lynx
lynx -dump checkip.dyndns.org
lynx -dump www.whatismyip.com | grep ‘Your IP’
Crédito : http://go2linux.garron.me/what-is-my-public-ip-address-with-linux
iptables -t nat -I PREROUTING -d 81.25.144.138 -j ACCEPT
CentOS 5.3 upgrades to CentOS 5.4 causing named or BIND DNS server to producing a lot of “network unreachable resolving … ” errors in system logs /var/log/messages causing the log file increasing in size tremendously on busy system.
Root Caused of the issue :
According to the change log of BIND for CentOS 5.4 updates (bind-chroot-9.3.6-4.P1.el5_4.1) , the latest BIND DNS server as default is now enable for IPV6 DNS resolving. Any DNS query will caused the program to also resolved IPV6 IP although the host server or client is not IPV6 enable or capable
Workaround / Solution :
Disable the IPV6 in BIND. For CentOS 5.4, edit the /etc/sysconfig/named file and add the following options into the BIND startup
OPTIONS=”-4″
This will cause the BIND server to only resolve or use IPV4 and disable IPV6 support. Save the file and restart BIND server.
That will stop those annoying error message.
Créditos : http://www.hafizonline.net/blog/?p=164