saitam
(usa Slackware)
Enviado em 26/05/2011 - 14:55h
Veja algumas regras iptables
#Regras Iptables para Bloquear ataques Brute Force no SSH
iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p tcp --syn --dport 22 -m recent --name sshattack --set
iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with tcp-reset
#Contra DoS:
iptables -A FORWARD -p tcp -syn -m limit -limit 1/s -j accept
#Contra Port Scanners:
iptables -A FORWARD -o tcp -tcp-flags SYN,ACK,FIN,RST RST -m zlimit -limit 1/s -j accept
#Contra Pings:
iptables -A FORWARD -p icmp -icmp-type echo-request -m limit -limit 1/s -j accept
#Bloquear Back Orifice:
iptables -A INPUT -p tcp --dport 31337 -j DROP
iptables -A INPUT -p udp --dport 31337 -j DROP
#Bloquear NetBus:
iptables -A INPUT -p tcp --dport 12345:12346 -j DROP
iptables -A INPUT -p udp --dport 12345:12346 -j DROP
Maiores informações:
http://www.sputnix.com.br/tutoriais/seguranca/implemente-e-configure-o-seu-linux-com-iptables/