- iPhone topik
- Samsung Galaxy A54 - türelemjáték
- Samsung Galaxy S23 Ultra - non plus ultra
- Huawei P30 Pro - teletalálat
- Samsung Galaxy S22 Ultra - na, kinél van toll?
- Fotók, videók mobillal
- Samsung Galaxy S23 és S23+ - ami belül van, az számít igazán
- Milyen okostelefont vegyek?
- Apple iPhone SE (3. generáció) - szélsebes múltidézés
- Mobil flották
Hirdetés
-
Konzolokra is megjelenik a The Glass Staircase
gp Alig néhány nap múlva PlayStationre, Xbox-ra és Nintendo Switch-re is elérhető lesz a program.
-
A tüntetések ellenére is bővítheti német gyárát a Tesla
it Hiába a nagy tüntetések, a helyi önkormányzat rábólintott a Tesla német gyárbővítésére.
-
Retro Kocka Kuckó 2024
lo Megint eltelt egy esztendő, ezért mögyünk retrokockulni Vásárhelyre! Gyere velünk gyereknapon!
-
Mobilarena
TP-Link WR1043ND - N450 router
Új hozzászólás Aktív témák
-
nimfas
addikt
Sziasztok!
Jelenleg így néz ki az "egyéni szabály", a kérdés az lenne, hogy a 2 brute force szabály nem üti egymást?
Goflex-en (192.168.2.166) fut az FTP szerver.# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
#########################################
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -s 94.23.201.82 -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
#########################################
BRUTEFORCE_PROTECTION_START=3
BRUTEFORCE_DROPPORT=55555
PROTO=tcp
ROUTERIP=$(uci get network.lan.ipaddr)
########################################
#SSH Brute Force protection on port 2222
PROTECTEDPORT=2222
SERVICEPORT=22
SERVICE=SSH
echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 86400 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -m limit --limit 1/min -j LOG --log-prefix "BruteForce-${SERVICE} "
#Betörések megakadályozása a 94.23.201.82 IP-ről
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -s 94.23.201.82 -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
########################################
########################################
#FTP Brute Force protection on port 2221
PROTECTEDPORT=2221
SERVICEPORT=21
SERVICE=FTP
echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination $ROUTERIP:$SERVICEPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 1800 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination $ROUTERIP:$BRUTEFORCE_DROPPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 1800 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
########################################
########################################
#SSH Brute Force protection on port 1977
PROTECTEDPORT=1977
SERVICEPORT=22
SERVICE=SSH_GOFLEX
echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination 192.168.2.166:$SERVICEPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination 192.168.2.1:$BRUTEFORCE_DROPPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
########################################
########################################
#FTP Brute Force protection on port 2221
PROTECTEDPORT=2221
SERVICEPORT=21
SERVICE=FTP_GOFLEX
echo Enabling Brute Force protection for $SERVICE on port $PROTECTEDPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --set --name $SERVICE -j DNAT --to-destination 192.168.2.166:$SERVICEPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --update --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j DNAT --to-destination 192.168.2.1:$BRUTEFORCE_DROPPORT
iptables --table nat -I zone_wan_prerouting -p $PROTO --dport $PROTECTEDPORT -m state --state NEW -m recent --rcheck --seconds 60 --hitcount $BRUTEFORCE_PROTECTION_START --name $SERVICE -j LOG --log-prefix "BruteForce-${SERVICE} "
########################################
########################################
#Block URL on certain time for specified IP
#
#URL_STRING=facebook.com
#LOCAL_IP=192.168.1.188
#TIME_START=10:00
#TIME_END=16:00
#
#echo Blocking $URL_STRING from $LOCAL_IP at time interval $TIME_START - $TIME_END
#iptables -I FORWARD -s $LOCAL_IP -m string --string $URL_STRING --algo bm -m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart $TIME_START --timestop $TIME_END -j DROP
########################################Firewall config:
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '9094'
option dest_port '21'
option name 'FTP-Forward'
option enabled '0'
option dest_ip '192.168.2.1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '9095'
option dest_port '22'
option name 'SSH-Forward'
option dest_ip '192.168.2.1'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.2.166'
option src_dport '1977'
option name 'Goflex SSH-Forward'
option dest_port '22'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '2221'
option dest_ip '192.168.2.166'
option dest_port '21'
option name 'Goflex FTP-Forward'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '22'
option dest_port '22'
option name 'Tp-link SSH'
option dest_ip '192.168.2.1'
config redirect
option _name 'GOFlexNet TransmissionWeb'
option src 'wan'
option proto 'tcpudp'
option src_dport '9091'
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.2.166'
config redirect
option _name 'GoFlex Net Transmission'
option src 'wan'
option proto 'tcpudp'
option src_dport '21234'
option dest_ip '192.168.2.166'
option target 'DNAT'
option dest 'lan'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.2.134'
option dest_port '80'
option name 'Emeleti-Beltéri-80port'
option src_ip '46.251.11.217'
option src_dport '80'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.2.134'
option dest_port '21'
option name 'Emeleti-Beltéri-21port'
option src_ip '46.251.11.217'
option src_port '21'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.2.134'
option dest_port '23'
option src_ip '46.251.11.217'
option src_port '23'
option name 'Emeleti-Beltéri-23port'
option enabled '0'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option name 'FSZ'
option dest_ip '192.168.2.134'
option enabled '0'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wwan wan1 wan2'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option src 'lan'
option name 'Block-Internet-Access'
option src_ip '192.168.1.110'
option target 'DROP'
option dest 'wan'
option extra '-m time --localtz --weekdays Mon,Tue,Wed,Thu,Fri --timestart 10:00 --timestop 22:00'
option enabled '0'
config rule
option target 'ACCEPT'
option name 'Transmission-web'
option family 'ipv4'
option dest_port '9091'
option proto 'tcp'
option src '*'
option enabled '0'
config rule
option target 'ACCEPT'
option name 'Transmission'
option family 'ipv4'
option dest_port '21234'
option src 'wan'
config rule
option target 'ACCEPT'
option proto 'tcp'
option dest_port '443'
option family 'ipv4'
option name 'Luci-HTTPS'
option src 'wan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '50000-50100'
option name 'FTP-WAN-Passive-Ports'
option family 'ipv4'
option enabled '0'
config rule
option name 'ssh_goflex_wan'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.2.166'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'ssh_goflex'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.2.166'
option dest_port '21'
option target 'ACCEPT'
config rule
option enabled '1'
option target 'ACCEPT'
option src 'lan'
option dest 'wan'
option name 'Huawei'
option dest_ip '192.168.1.1'Előre is köszönöm!
Új hozzászólás Aktív témák
- Luck Dragon: Asszociációs játék. :)
- Kerékpárosok, bringások ide!
- A fociról könnyedén, egy baráti társaságban
- DUNE médialejátszók topicja
- Kormányok / autós szimulátorok topicja
- bb0t: Gyilkos szénhidrátok, avagy hogyan fogytam önsanyargatás nélkül 16 kg-ot
- Azonnali informatikai kérdések órája
- S.T.A.L.K.E.R. Clear Sky
- sziku69: Fűzzük össze a szavakat :)
- Nintendo Switch
- További aktív témák...
- AKCIÓ! AMD GAMER PC: Ryzen 7 5700X / B450 / RX 6700XT 12GB / 2TB SSD / 16GB 3200MHz / 750W Moduláris
- Új állapotú Dell 14,1" Érintő kijelző,FullHd IPS,16GB RAM,i5 8350u(8x3,6Ghz)világító bill,SSD, jó ak
- Asus ZenBook(16mm!),13,3"4K(3200x1800)IPS,core i7 5500u,8GB Ram,512GB SSD,7 óra akku
- Asus játékra is,15,6 FullHd,Ryzen 3 3200u(3,5Ghz),RX Vega 3 2GB VGA,12GB DDR4 RAM,SSD, szép állapot
- HP EliteBook,FullHD IPS,core i7 6500,IntelHD VGA,16GB RAM,SSD, jó akku,Új töltő, szép állapot
Állásajánlatok
Cég: Ozeki Kft.
Város: Debrecen
Cég: Alpha Laptopszerviz Kft.
Város: Pécs