\ iptables - /g/pasta 2.4
From Sinc, 5 Years ago, written in Plain Text.
This paste will in 1 Second.
Embed
  1. # Generated by iptables-save v1.4.19.1 on Sun Sep  1 16:40:28 2013
  2. *filter
  3. :INPUT DROP [0:0]
  4. :FORWARD DROP [0:0]
  5. :OUTPUT ACCEPT [27:4247]
  6. :TCP - [0:0]
  7. :UDP - [0:0]
  8. -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  9. -A INPUT -i lo -j ACCEPT
  10. -A INPUT -m conntrack --ctstate INVALID -j DROP
  11. -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
  12. -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
  13. -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 30/min --limit-burst 8 -j ACCEPT
  14. -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
  15. -A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
  16. -A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
  17. -A INPUT -j REJECT --reject-with icmp-proto-unreachable
  18. -A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
  19. -A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
  20. COMMIT
  21. # Completed on Sun Sep  1 16:40:28 2013
  22.