Home
DevCentral
Search
Configure Global Search
Log In
Transactions
P21
Change Details
Change Details
Old
New
Diff
#!/bin/sh INTERFACE=ens192 WEB_PORTS=80,443 OPEN_PORTS=22,25,${WEB_PORTS} IFCONFIG=/sbin/ifconfig IPTABLES=/sbin/iptables IP_EXEC=/sbin/ip # Routing ${IP_EXEC} route change 62.210.76.1 dev $INTERFACE ${IP_EXEC} route change default via 62.210.76.1 # Resets and define default policies $IPTABLES -F $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT # Allows SSH, HTTP, HTTPS, SMTP $IPTABLES -A INPUT -p tcp -m multiport --dports ${OPEN_PORTS} -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -p tcp -m multiport --dports ${OPEN_PORTS} -m state --state NEW,ESTABLISHED -j ACCEPT # To very crudely mitigate DDoS, if we have 100 request by minute, we limit at 25 connections. $IPTABLES -A INPUT -p tcp -m multiport --dports ${WEB_PORTS} -m limit --limit 25/minute --limit-burst 100 -j ACCEPT # Allows ping $IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT # Allows loopback $IPTABLES -A INPUT -i lo -j ACCEPT #$IPTABLES -A OUTPUT -o lo -j ACCEPT # Allows DNS #$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT # Hurricane Electric tunnel $IPTABLES -A INPUT -p 41 -j ACCEPT ${IP_EXEC} tunnel add he-ipv6 mode sit remote 216.66.84.42 local 212.129.32.223 ttl 255 ${IP_EXEC} link set he-ipv6 up ${IP_EXEC} addr add 2001:470:1f12:ce7::2/64 dev he-ipv6 ${IP_EXEC} addr add 2001:470:1f13:ce7:ca5:cade:fab:1e/64 dev he-ipv6 ${IP_EXEC} route change ::/0 dev he-ipv6 # Drake peering with Ysul ${IP_EXEC} tunnel add tun0 mode gre remote 212.83.187.132 local 212.129.32.223 $IFCONFIG tun0 172.27.26.49 $IFCONFIG tun0 up $IFCONFIG tun0 pointopoint 172.27.26.33 $IFCONFIG tun0 multicast
#!/bin/sh INTERFACE=ens192 WEB_PORTS=80,443 OPEN_PORTS=22,25,${WEB_PORTS} IFCONFIG=/sbin/ifconfig IPTABLES=/sbin/iptables IP_EXEC=/sbin/ip # Routing ${IP_EXEC} route change 62.210.76.1 dev $INTERFACE ${IP_EXEC} route change default via 62.210.76.1 # Resets and define default policies $IPTABLES -F $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT # Allows SSH, HTTP, HTTPS, SMTP $IPTABLES -A INPUT -p tcp -m multiport --dports ${OPEN_PORTS} -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -p tcp -m multiport --dports ${OPEN_PORTS} -m state --state NEW,ESTABLISHED -j ACCEPT # To very crudely mitigate DDoS, if we have 100 request by minute, we limit at 25 connections. $IPTABLES -A INPUT -p tcp -m multiport --dports ${WEB_PORTS} -m limit --limit 25/minute --limit-burst 100 -j ACCEPT # Allows ping $IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT # Allows loopback $IPTABLES -A INPUT -i lo -j ACCEPT #$IPTABLES -A OUTPUT -o lo -j ACCEPT # Allows DNS #$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p udp --sport 53 -j ACCEPT # Hurricane Electric tunnel $IPTABLES -A INPUT -p 41 -j ACCEPT ${IP_EXEC} tunnel add he-ipv6 mode sit remote 216.66.84.42 local 212.129.32.223 ttl 255 ${IP_EXEC} link set he-ipv6 up ${IP_EXEC} addr add 2001:470:1f12:ce7::2/64 dev he-ipv6 ${IP_EXEC} addr add 2001:470:1f13:ce7:ca5:cade:fab:1e/64 dev he-ipv6 ${IP_EXEC} route change ::/0 dev he-ipv6 # Drake peering with Ysul ${IP_EXEC} tunnel add tun0 mode gre remote 212.83.187.132 local 212.129.32.223 $IFCONFIG tun0 172.27.26.49 $IFCONFIG tun0 up $IFCONFIG tun0 pointopoint 172.27.26.33 $IFCONFIG tun0 multicast
Continue