#! /bin/bash
iptables -I FORWARD -i eth0 -p tcp --syn --dport 1: -m connlimit --connlimit-above 25 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --syn --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 1: -m connlimit --connlimit-above 25 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
# filter out bad/corrupted p2p traffic
iptables -I PREROUTING -t mangle -m conntrack --ctstate INVALID -j DROP
# block Blobster and Piolet from downloading the initial peer list
iptables -I FORWARD -i eth0 -p tcp --dport 80 -d 128.121.0.0/16 -j REJECT
# and then to block the specific apps :
# block eDonkey
iptables -I FORWARD -i eth0 -p tcp --dport 4662 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 4662 -j REJECT
# block Limewire, Morpheus, Bearshare
iptables -I FORWARD -i eth0 -p tcp --dport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6346:6347 -j REJECT
# block eMule
iptables -I FORWARD -i eth0 -p udp --dport 4672 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 4672 -j REJECT
# block BitTorrent
iptables -I FORWARD -i eth0 -p tcp --dport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6881:6889 -j REJECT
# block WinMx
iptables -I FORWARD -i eth0 -p tcp --dport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --syn --dport 1: -m connlimit --connlimit-above 25 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --syn --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 1: -m connlimit --connlimit-above 25 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
# filter out bad/corrupted p2p traffic
iptables -I PREROUTING -t mangle -m conntrack --ctstate INVALID -j DROP
# block Blobster and Piolet from downloading the initial peer list
iptables -I FORWARD -i eth0 -p tcp --dport 80 -d 128.121.0.0/16 -j REJECT
# and then to block the specific apps :
# block eDonkey
iptables -I FORWARD -i eth0 -p tcp --dport 4662 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 4662 -j REJECT
# block Limewire, Morpheus, Bearshare
iptables -I FORWARD -i eth0 -p tcp --dport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6346:6347 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6346:6347 -j REJECT
# block eMule
iptables -I FORWARD -i eth0 -p udp --dport 4672 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 4672 -j REJECT
# block BitTorrent
iptables -I FORWARD -i eth0 -p tcp --dport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6881:6889 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6881:6889 -j REJECT
# block WinMx
iptables -I FORWARD -i eth0 -p tcp --dport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p tcp --sport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p udp --dport 6699 -j REJECT
iptables -I FORWARD -i eth0 -p udp --sport 6699 -j REJECT
No comments:
Post a Comment