|
|
@ -8,10 +8,22 @@ trusted6=/etc/network/firewall/trustedips6.conf |
|
|
#--------------------------------------------------------------------------- |
|
|
#--------------------------------------------------------------------------- |
|
|
input="INPUT-CUSTOM" |
|
|
input="INPUT-CUSTOM" |
|
|
|
|
|
|
|
|
|
|
|
# Clear chains |
|
|
iptables -F $input |
|
|
iptables -F $input |
|
|
iptables -F DOCKER-USER |
|
|
iptables -F DOCKER-USER |
|
|
ip6tables -F $input |
|
|
ip6tables -F $input |
|
|
|
|
|
|
|
|
|
|
|
# Clear custom chains |
|
|
|
|
|
#--------------------- |
|
|
|
|
|
iptables -F PING-DEATH |
|
|
|
|
|
#ip6tables -F DEATH-PING6 |
|
|
|
|
|
iptables -F syn-flood |
|
|
|
|
|
#ip6tables -F syn-flood6 |
|
|
|
|
|
iptables -F SSH-BRUT-FORCE |
|
|
|
|
|
ip6tables -F SSH-BRUT-FORCE6 |
|
|
|
|
|
#--------------------- |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Open ipv4 trusted IPs |
|
|
# Open ipv4 trusted IPs |
|
|
for i in $(egrep -v "^#|^$" $trusted ); do |
|
|
for i in $(egrep -v "^#|^$" $trusted ); do |
|
|
iptables -A $input -s $i -j ACCEPT -m comment --comment "Trusted ipv4 ($i)" |
|
|
iptables -A $input -s $i -j ACCEPT -m comment --comment "Trusted ipv4 ($i)" |
|
|
@ -68,7 +80,7 @@ if [ "X$WAN" != "X" ]; then |
|
|
# ip6tables -A $input -i $WAN -p tcp --syn -j syn-flood6 |
|
|
# ip6tables -A $input -i $WAN -p tcp --syn -j syn-flood6 |
|
|
# ip6tables -A syn-flood6 -m limit --limit 1/s --limit-burst 4 -j RETURN |
|
|
# ip6tables -A syn-flood6 -m limit --limit 1/s --limit-burst 4 -j RETURN |
|
|
# ip6tables -A syn-flood6 -j DROP |
|
|
# ip6tables -A syn-flood6 -j DROP |
|
|
if |
|
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
#Block ssh brute force (the $WAN variable is required) |
|
|
#Block ssh brute force (the $WAN variable is required) |
|
|
if [ "X$WAN" != "X" ]; then |
|
|
if [ "X$WAN" != "X" ]; then |
|
|
|
