TP-Link WR1043ND router - Mobilarena Hozzászólások

Legfrissebb anyagok

Mobilarena témák

PROHARDVER! témák

IT café témák

GAMEPOD.hu témák

LOGOUT.hu témák

Hirdetés

Konzolokra is megjelenik a The Glass Staircase

gp Alig néhány nap múlva PlayStationre, Xbox-ra és Nintendo Switch-re is elérhető lesz a program.
A tüntetések ellenére is bővítheti német gyárát a Tesla

it Hiába a nagy tüntetések, a helyi önkormányzat rábólintott a Tesla német gyárbővítésére.
Retro Kocka Kuckó 2024

lo Megint eltelt egy esztendő, ezért mögyünk retrokockulni Vásárhelyre! Gyere velünk gyereknapon!

Téma összefoglaló

Utoljára frissítve: 2023-12-13 05:20

Mobilarena

TP-Link WR1043ND - N450 router

Új hozzászólás Aktív témák

#66151 nimfas addikt

Új Válasz 2017-04-30 16:54:29 #66151
Új hozzászólás
Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
Privát üzenet küldése

nimfas

addikt

Sziasztok!
Jelenleg így néz ki az "egyéni szabály", a kérdés az lenne, hogy a 2 brute force szabály nem üti egymást?
Goflex-en (192.168.2.166) fut az FTP szerver.
# This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. ######################################### iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -s 94.23.201.82 -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT ######################################### BRUTEFORCE_PROTECTION_START=3 BRUTEFORCE_DROPPORT=55555 PROTO=tcp ROUTERIP=$(uci get network.lan.ipaddr) ######################################## #SSH Brute Force protection on port 2222 PROTECTEDPORT=2222 SERVICEPORT=22 SERVICE=SSH echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -m limit --limit 1/min -j LOG --log-prefix "BruteForce-${SERVICE} " #Betörések megakadályozása a 94.23.201.82 IP-ről iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -s 94.23.201.82 -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT ######################################## ######################################## #FTP Brute Force protection on port 2221 PROTECTEDPORT=2221 SERVICEPORT=21 SERVICE=FTP echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 1800 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 1800 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} " ######################################## ######################################## #SSH Brute Force protection on port 1977 PROTECTEDPORT=1977 SERVICEPORT=22 SERVICE=SSH_GOFLEX echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination 192.168.2.166:$SERVICEPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination 192.168.2.1:$BRUTEFORCE_DROPPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} " ######################################## ######################################## #FTP Brute Force protection on port 2221 PROTECTEDPORT=2221 SERVICEPORT=21 SERVICE=FTP_GOFLEX echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination 192.168.2.166:$SERVICEPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination 192.168.2.1:$BRUTEFORCE_DROPPORT iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} " ######################################## ######################################## #Block URL on certain time for specified IP # #URL_STRING=facebook.com #LOCAL_IP=192.168.1.188 #TIME_START=10:00 #TIME_END=16:00 # #echo Blocking $URL_STRING from $LOCAL_IP at time interval $TIME_START - $TIME_END #iptables -I FORWARD -s $LOCAL_IP -m string --string $URL_STRING --algo bm -m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $TIME_START --timestop $TIME_END -j DROP ########################################
Firewall config:
config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp' option src_dport '9094' option dest_port '21' option name 'FTP-Forward' option enabled '0' option dest_ip '192.168.2.1' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp' option src_dport '9095' option dest_port '22' option name 'SSH-Forward' option dest_ip '192.168.2.1' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp' option dest_ip '192.168.2.166' option src_dport '1977' option name 'Goflex SSH-Forward' option dest_port '22' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option src_dport '2221' option dest_ip '192.168.2.166' option dest_port '21' option name 'Goflex FTP-Forward' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp' option src_dport '22' option dest_port '22' option name 'Tp-link SSH' option dest_ip '192.168.2.1' config redirect option _name 'GOFlexNet TransmissionWeb' option src 'wan' option proto 'tcpudp' option src_dport '9091' option target 'DNAT' option dest 'lan' option dest_ip '192.168.2.166' config redirect option _name 'GoFlex Net Transmission' option src 'wan' option proto 'tcpudp' option src_dport '21234' option dest_ip '192.168.2.166' option target 'DNAT' option dest 'lan' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option dest_ip '192.168.2.134' option dest_port '80' option name 'Emeleti-Beltéri-80port' option src_ip '46.251.11.217' option src_dport '80' option enabled '0' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option dest_ip '192.168.2.134' option dest_port '21' option name 'Emeleti-Beltéri-21port' option src_ip '46.251.11.217' option src_port '21' option enabled '0' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option dest_ip '192.168.2.134' option dest_port '23' option src_ip '46.251.11.217' option src_port '23' option name 'Emeleti-Beltéri-23port' option enabled '0' config redirect option target 'DNAT' option src 'wan' option dest 'lan' option proto 'tcp udp' option name 'FSZ' option dest_ip '192.168.2.134' option enabled '0' config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan' config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' option network 'wan wwan wan1 wan2' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config include option path '/etc/firewall.user' config rule option src 'lan' option name 'Block-Internet-Access' option src_ip '192.168.1.110' option target 'DROP' option dest 'wan' option extra '-m time --localtz --weekdays Mon,Tue,Wed,Thu,Fri --timestart 10:00 --timestop 22:00' option enabled '0' config rule option target 'ACCEPT' option name 'Transmission-web' option family 'ipv4' option dest_port '9091' option proto 'tcp' option src '*' option enabled '0' config rule option target 'ACCEPT' option name 'Transmission' option family 'ipv4' option dest_port '21234' option src 'wan' config rule option target 'ACCEPT' option proto 'tcp' option dest_port '443' option family 'ipv4' option name 'Luci-HTTPS' option src 'wan' config rule option target 'ACCEPT' option src 'wan' option proto 'tcp' option dest_port '50000-50100' option name 'FTP-WAN-Passive-Ports' option family 'ipv4' option enabled '0' config rule option name 'ssh_goflex_wan' option src 'wan' option dest 'lan' option proto 'tcp' option dest_ip '192.168.2.166' option dest_port '22' option target 'ACCEPT' config rule option name 'ssh_goflex' option src 'wan' option dest 'lan' option proto 'tcp' option dest_ip '192.168.2.166' option dest_port '21' option target 'ACCEPT' config rule option enabled '1' option target 'ACCEPT' option src 'lan' option dest 'wan' option name 'Huawei' option dest_ip '192.168.1.1'
Előre is köszönöm!