|
|
@@ -22,7 +22,7 @@ _broken(){
|
|
|
${iptables} -A FWSUSPICIOUS -p tcp --dport 0:19 -j BROKENLOGDROP
|
|
|
|
|
|
${iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
- ${Iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
${iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
${iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate NEW -j RETURN
|
|
|
${iptables} -A FWSUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate RELATED -j BROKENLOGDROP
|
|
|
@@ -196,7 +196,7 @@ scanips() {
|
|
|
fi
|
|
|
${iptables} -A FWSCAN -i ${wan} -p udp -m set --match-set $scanset src -m conntrack --ctstate NEW --ctproto UDP -j ENDRESET
|
|
|
${iptables} -A FWSCAN -i ${wan} -p tcp -m set --match-set $scanset src -m conntrack --ctstate NEW --ctproto TCP -j ENDRESET
|
|
|
- ${iptables} -I BROKENLOGDROP -j FWSCAN
|
|
|
+ ${iptables} -A BROKENLOGDROP -j FWSCAN
|
|
|
${iptables} -D BROKENLOGDROP -j ENDRESET
|
|
|
${iptables} -A BROKENLOGDROP -j ENDRESET
|
|
|
${iptables} -A INPUT -j FWSCAN
|
