Drop more bogons

2017-04-25 13:01:23 +01:00 · 2017-04-25 13:01:23 +01:00 · 1c110b6f94
parent 794962ac85
commit 1c110b6f94
1 changed files with 14 additions and 0 deletions
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@ -146,6 +146,20 @@ function configure_firewall {
    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
+    iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

    # Incoming malformed NULL packets:
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP