23 декабря, 2020 
kevich ЗАЩИТА ОТ СКАНИРОВАНИЯ
-A INPUT -m recent —rcheck —seconds 86400 —name portscan —mask 255.255.255.255 —rsource -j portscan
-A INPUT -m recent —rcheck —seconds 86400 —name UDP_FLOOD —mask 255.255.255.255 —rsource -j portscan
-A INPUT -m recent —remove —name portscan —mask 255.255.255.255 —rsource
-A INPUT -m recent —remove —name UDP_FLOOD —mask 255.255.255.255 —rsource
-A INPUT -p tcp -m tcp -m recent —set —name portscan —mask 255.255.255.255 —rsource -m state —state NEW -j portscan
-A INPUT -p udp -m state —state NEW -m recent —set —name Domainscans —mask 255.255.255.255 —rsource
-A INPUT -p udp -m state —state NEW -m recent —rcheck —seconds 5 —hitcount 5 —name Domainscans —mask 255.255.255.255 —rsource -j UDP
-A INPUT -p udp -m string —hex-string «|0000ff0001|» —algo bm —to 65535 -j domainscan
-A INPUT -p udp -m udp —dport 53 -m state —state NEW -m recent —set —name Domainscans —mask 255.255.255.255 —rsource -j ACCEPT
-A INPUT -p udp -m state —state NEW -m recent —update —seconds 1 —hitcount 10 —name Domainscans —mask 255.255.255.255 —rsource -j domainscan
-A UDP -j LOG —log-prefix «UDP_FLOOD »
-A UDP -p udp -m state —state NEW -m recent —set —name UDP_FLOOD —mask 255.255.255.255 —rsource
-A UDP -j DROP
-A domainscan -j LOG —log-prefix «Blocked_domain_scans »
-A domainscan -p tcp -m state —state NEW -m recent —set —name Webscanners —mask 255.255.255.255 —rsource
-A domainscan -j DROP
-A portscan -j LOG —log-prefix «Blocked_scans »
-A portscan -j DROP
Опубликовано в рубрике 