#!/bin/sh
#create a firewall for this machine
IPTABLES=/usr/sbin/iptables
EXTIP=123.123.123.123

$IPTABLES -F
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp

# Disable response to broadcasts.
# You don’t want yourself becoming a Smurf amplifier.
/bin/echo “1″ > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Don’t accept source routed packets. Attackers can use source routing to generate
# traffic pretending to be from inside your network, but which is routed back along
# the path from which it came, namely outside, so attackers can compromise your
# network. Source routing is rarely used for legitimate purposes.
/bin/echo “0″ > /proc/sys/net/ipv4/conf/all/accept_source_route

# Disable ICMP redirect acceptance. ICMP redirects can be used to alter your routing
# tables, possibly to a bad end.
/bin/echo “0″ > /proc/sys/net/ipv4/conf/all/accept_redirects

# Enable bad error message protection.
/bin/echo “1″ > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Turn on reverse path filtering. This helps make sure that packets use
# legitimate source addresses, by automatically rejecting incoming packets
# if the routing table entry for their source address doesn’t match the network
# interface they’re arriving on. This has security advantages because it prevents
# so-called IP spoofing, however it can pose problems if you use asymmetric routing
# (packets from you to a host take a different path than packets from that host to you)
# or if you operate a non-routing host which has several IP addresses on different
# interfaces. (Note – If you turn on IP forwarding, you will also get this).
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo “1″ > ${interface}
done

# Log spoofed packets, source routed packets, redirect packets.
/bin/echo “1″ > /proc/sys/net/ipv4/conf/all/log_martians

# Make sure that IP forwarding is turned off. We only want this for a multi-homed host.
/bin/echo “0″ > /proc/sys/net/ipv4/ip_forward

#defualts
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP

#internal range is not blocked
$IPTABLES -A INPUT -i eth0 -j ACCEPT

#ping
$IPTABLES -A INPUT -p icmp -j ACCEPT
#dns
$IPTABLES -A INPUT -i eth1 -d $EXTIP -s 217.33.150.220 -p tcp –sport 53 -j ACCEPT
$IPTABLES -A INPUT -i eth1 -d $EXTIP -s 217.33.150.220 -p udp –sport 53 -j ACCEPT
$IPTABLES -A INPUT -i eth1 -d $EXTIP -s 217.33.150.221 -p tcp –sport 53 -j ACCEPT
$IPTABLES -A INPUT -i eth1 -d $EXTIP -s 217.33.150.221 -p udp –sport 53 -j ACCEPT

#allow ftp from anywhere
$IPTABLES -A INPUT -i eth1 -d $EXTIP -p tcp –dport 21 -j ACCEPT
$IPTABLES -A INPUT -i eth1 -d $EXTIP -p tcp –dport 20 -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i eth1 -d $EXTIP -p tcp –sport 1024: –dport 1024: -m state –state ESTABLISHED,RELATED -j ACCEPT

#drop everything else on this interface
$IPTABLES -A INPUT -i eth1 -d $EXTIP -j LOG

$IPTABLES -L -n -v

Download Here

Source from: http://www.thedumbterminal.co.uk/config/

No tags

Sniff – Overview

Makes output from the tcpdump program easier to read and parse.

This software is now redundant as ASCII support as since been added to tcpdump in version 3.8.
Features

* Coloured console output
* Directly accepts tcpdump options (including parsing from packet files)
* Fully customisable output

Requirements

* Linux operating system
* Perl installed
* tcpdump program installed
* Privileges in order to run tcpdump
Sniff – Help

Run the following command for help.

./sniff -h

Sniff options should be placed before the double dash (–) and tcpdump options should be placed after. Here are some examples of how to use sniff.

Capture all incoming FTP packets on eth1 without using colour
As you can see any options after the double-dash “–” are standard tcpdump options.

./sniff -c — -i eth1 tcp port 21

Real time logging to a CSV file
The example below uses the following options:
Enclose data with ” character (-e\”)
Separator lines with the , character (-n,)
Print the separator once only (-t0)
Dont use colour (-c)

./sniff -e\” -n, -s -t0 -c > /tmp/dump.csv

Converting a tcpdump dumb file into CSV format
First use tcpdump to make the dump file, you must use the “-lx -s 1024″ options at least. For example:

tcpdump -lx -s 1024 -w /tmp/dump.txt

Then run sniff with the required options, note the tcpdump options stating to read from the previously created file.

./sniff -e\” -n, -s -t0 -c — -r /tmp/dump.txt > /tmp/dump.csv

Sniff Tool – Downloads

Source from: http://www.thedumbterminal.co.uk/software/sniff.shtml

No tags