Added iptables-def
This commit is contained in:
59
iptables-def/firewall_bogon.sh
Normal file
59
iptables-def/firewall_bogon.sh
Normal file
@ -0,0 +1,59 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# For debug
|
||||
#set -e # Abort script when command exits with error
|
||||
#set -x # Print each command before it is executed (only for debugging)
|
||||
|
||||
outside_interface="ppp0"
|
||||
|
||||
echo "[FIREWALL] = > Adding rules for BOGON networks = DROP"
|
||||
# deny INPUT from BOGON networks -->> ME
|
||||
iptables -A INPUT -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
iptables -A INPUT -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
|
||||
|
||||
# deny FORWARD from BOGON networks -->> inside (+ route blackhole)
|
||||
iptables -A FORWARD -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
iptables -A FORWARD -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
|
||||
|
||||
# deny OUTPUT from BOGON networks -->> outside (+ route blackhole)
|
||||
iptables -A OUTPUT -o $outside_interface -d 0.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 127.0.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 10.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 172.16.0.0/12 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 192.168.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 169.254.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 192.0.2.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 198.51.100.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 203.0.113.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 198.18.0.0/15 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 192.88.99.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 100.64.0.0/10 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 240.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 224.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
iptables -A OUTPUT -o $outside_interface -d 255.255.255.255 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
|
||||
Reference in New Issue
Block a user