free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Drop bogons

This commit is contained in:
Bob Mottram 2014-10-02 10:02:11 +01:00
parent f942eda9e0
commit b029bd493f
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
install-freedombone.sh
View File

@ -882,6 +882,21 @@ function configure_firewall {
ip6tables -P INPUT DROP ip6tables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
echo 'configure_firewall' >> $COMPLETION_FILE echo 'configure_firewall' >> $COMPLETION_FILE
} }