iptables Archives -

How to block Torrent traffic with Iptables firewall

Valic — April 3, 2013 — Leave a comment

The following Iptables rules will block all Torrent traffic on your server:

Log all torrent blocked traffic:

iptables -N LOG > /dev/null 2> /dev/null
iptables -F LOG
iptables -A LOG -j LOG --log-prefix "LOG"
iptables -A LOG -j DROP

Torrent block rules:

iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOG
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOG
iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOG
iptables -A FORWARD -m string --algo bm --string "torrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "announce" -j LOG
iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOG

In Security block, iptables, torrent

How to Install and Configure Fail2ban on Debian Squeeze

Valic — December 18, 2012 — Leave a comment

Fail2ban scans log files and bans IPs that show malicious signs, something like too many password failures and looking for the most common exploits.

Step1. Install Fail2ban on Debian

apt-get install fail2ban

Step2. Configure Fail2ban.

You can configure Fail2Ban using the configuration files located in /etc/fail2ban/

The main config file and the most important is jail.local

In the following steps I will show you some configuration examples. You can study the Fail2ban man files later.

Step2.1 Add or modify the following line to set email destination for Fail2ban notifications:

destemail = contact@your-domain.tld Continue Reading...

In Security apache protection, debian, Fail2ban, iptables, nginx protection, ssh protection

Easy way to delete rule from iptables

Valic — January 28, 2012 — 1 Comment

You can view iptables entries by line with command:

iptables -L INPUT -n --line-numbers

Example:

root@tests:~# iptables -L INPUT -n –line-numbers
Chain INPUT (policy ACCEPT)
num target     prot opt source               destination
1    ACCEPT     tcp — 0.0.0.0/0            192.168.1.100       tcp dpt:22
2 ACCEPT     tcp — 0.0.0.0/0            192.168.1.100       tcp dpt:80
3    ACCEPT     tcp — 0.0.0.0/0            192.168.1.100       tcp dpt:443
4    ACCEPT     tcp — 0.0.0.0/0            192.168.1.100       tcp dpt:21
5   ACCEPT     all — 127.0.0.1            0.0.0.0/0
6   ACCEPT     all — 192.168.1.100        0.0.0.0/0
7   ACCEPT     icmp — 0.0.0.0/0            0.0.0.0/0
8   ACCEPT     all — 192.168.4.0/24       0.0.0.0/0
9   DROP       all — 0.0.0.0/0            0.0.0.0/0           state NE

You’ll get the list of all INPUT entries. Look at the number on the left then use the following command to delete :

iptables -D INPUT <<number here>>

Enjoy.

In Security, Snippets delete rule, INPUT, iptables

Iptables Shell Script To Drop Spamhaus Listed IP

Valic — June 27, 2011 — Leave a comment

The Spamhaus Project is one of the largest anti-spam DNS blacklist services known. Founded in 1998, Spamhaus has operations in Geneva, Switzerland, and London in addition to the 28 investigators and forensic specialists located in 8 countries. Spamhaus is a true 24 hour a day anti-spam operation. With over 60 public DNS Servers distributed across 18 countries, Spamhaus is able to serve billion of DNS requests to the world over, all free of charge. It has been estimated that 1.4 billion users mailboxes are in some way protected by The Spamhaus Project every day.

Here, I will show you a script that automatically blocks IPs blocked by Spamhaus:

#!/bin/bash

IPT=”/sbin/iptables”
FILE=”/tmp/drop.lasso”
URL=”http://www.spamhaus.org/drop/drop.lasso”

echo “”
echo -n “Deleting DROP list from existing firewall…”

Continue Reading…

In Bash, Mail, Security firewall, iptables, script, shell, spamhaus

Iptables: Open and Close Port in Linux

Valic — January 27, 2011 — 1 Comment

For more secure server, we have to close some ports to users.

If need access to this ports, we can give permission to our IP address. Please dont forget, “iptables” can be block all IP address but when you restart the server it will be clean all of this commands.

Examples:

1. Closing FTP port except xxx.xxx.xxx.xxx

iptables -t filter -I INPUT 1 -p tcp -s ! xxx.xxx.xxx.xxx –dport 21 -j REJECT –reject-with icmp-host-prohibited

2. Closing SSH port except xxx.xxx.xxx.xxx

In Networking, Security close port, iptables, open port