|
|
@@ -21,11 +21,11 @@ _broken(){
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --sport 0:19 -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --dport 0:19 -j BROKENLOGDROP
|
|
|
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --cstate NEW -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --cstate RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate NEW -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL PSH,ACK -m conntrack --ctstate RELATED -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL NONE -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ALL -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags SYN,FIN SYN,FIN -j BROKENLOGDROP
|
|
|
@@ -37,23 +37,23 @@ _broken(){
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ACK,FIN FIN -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ACK,PSH PSH -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ACK,URG URG -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags SYN,ACK NONE -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --cstate NEW -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --cstate RELATED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --cstate ESTABLISHED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN,ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN,ACK -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,ACK -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --cstate NEW -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --cstate RELATED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK,PSH,RST -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK,PSH,RST -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,PSH,ACK -m conntrack --cstate ESTABLISHED -j RETURN
|
|
|
- ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,PSH,ACK -m conntrack --cstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --ctstate NEW -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --ctstate RELATED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN -m conntrack --ctstate ESTABLISHED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL SYN,ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --ctstate NEW -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK -m conntrack --ctstate RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK,PSH,RST -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL ACK,PSH,RST -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,PSH,ACK -m conntrack --ctstate ESTABLISHED -j RETURN
|
|
|
+ ${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL FIN,PSH,ACK -m conntrack --ctstate NEW,RELATED -j BROKENLOGDROP
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK,PSH -j STRANGELOG
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK,URG -j STRANGELOG
|
|
|
${iptables} -A DROP_TCP_SUSPICIOUS -p tcp --tcp-flags ALL RST,ACK,PSH,URG -j STRANGELOG
|
