SergANT/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
network/iptables-def/firewall_bogon.sh
Sergei Bobkov 4f74be9369 Added iptables-def
2024-09-19 14:11:05 +03:00

60 lines
6.2 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#
# For debug
#set -e # Abort script when command exits with error
#set -x # Print each command before it is executed (only for debugging)
outside_interface="ppp0"
echo "[FIREWALL] = > Adding rules for BOGON networks = DROP"
# deny INPUT from BOGON networks -->> ME
iptables -A INPUT -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
iptables -A INPUT -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny INPUT from BOGON networks -->> ME"
# deny FORWARD from BOGON networks -->> inside (+ route blackhole)
iptables -A FORWARD -i $outside_interface -s 0.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 127.0.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 10.0.0.0/8 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 172.16.0.0/12 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.168.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 169.254.0.0/16 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.0.2.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 198.51.100.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 203.0.113.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 198.18.0.0/15 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 192.88.99.0/24 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 100.64.0.0/10 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 240.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 224.0.0.0/4 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
iptables -A FORWARD -i $outside_interface -s 255.255.255.255 -j DROP -m comment --comment "deny FORWARD from BOGON networks -->> inside"
# deny OUTPUT from BOGON networks -->> outside (+ route blackhole)
iptables -A OUTPUT -o $outside_interface -d 0.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 127.0.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 10.0.0.0/8 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 172.16.0.0/12 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.168.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 169.254.0.0/16 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.0.2.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 198.51.100.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 203.0.113.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 198.18.0.0/15 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 192.88.99.0/24 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 100.64.0.0/10 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 240.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 224.0.0.0/4 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
iptables -A OUTPUT -o $outside_interface -d 255.255.255.255 -j DROP -m comment --comment "deny OUTPUT from BOGON networks -->> outside"
Reference in New Issue View Git Blame Copy Permalink