-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathipserver
More file actions
85 lines (82 loc) · 3.8 KB
/
ipserver
File metadata and controls
85 lines (82 loc) · 3.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/bash
interface=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
cat >/etc/iptables/rules.v4 <<-END
# Generated by xtables-save v1.8.2 on Tue Jul 4 23:37:53 2023
*filter
:INPUT ACCEPT [1423:15108189]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1407:131528]
-A INPUT -p tcp -m tcp --dport 10015 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10012 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10011 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10008 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10007 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10006 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10005 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10004 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 109 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 169 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 88 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 68 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 2200 -j ACCEPT
-A INPUT -p udp -m udp --dport 2100 -j ACCEPT
-A INPUT -p udp -m udp --dport 5300 -j ACCEPT
-A INPUT -p udp -m udp --dport 7100 -j ACCEPT
-A INPUT -p udp -m udp --dport 7200 -j ACCEPT
-A INPUT -p udp -m udp --dport 7300 -j ACCEPT
-A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "peer_id=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "torrent" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "announce" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "info_hash" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "/default.ida?" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".exe?/c+dir" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string ".exe?/c_tftp" --algo bm --to 65535 -j DROP
-A FORWARD -m string --string "peer_id" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "BitTorrent protocol" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "bittorrent-announce" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce.php?passkey=" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "find_node" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "info_hash" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "get_peers" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce" --algo kmp --to 65535 -j DROP
-A FORWARD -m string --string "announce_peers" --algo kmp --to 65535 -j DROP
COMMIT
# Completed on Tue Jul 4 23:37:53 2023
# Generated by xtables-save v1.8.2 on Tue Jul 4 23:37:53 2023
*nat
:PREROUTING ACCEPT [18:1004]
:INPUT ACCEPT [18:1004]
:POSTROUTING ACCEPT [79:4815]
:OUTPUT ACCEPT [79:4815]
-A PREROUTING -i $interface -p udp -m udp --dport 53 -j REDIRECT --to-ports 5300
-A POSTROUTING -s 10.8.0.0/24 -o $interface -j MASQUERADE
-A POSTROUTING -s 20.8.0.0/24 -o $interface -j MASQUERADE
COMMIT
# Completed on Tue Jul 4 23:37:53 2023
END
cat >/etc/iptables/rules.v6 <<-END
# Generated by xtables-save v1.8.2 on Tue Jul 4 23:37:53 2023
*filter
:INPUT ACCEPT [1:48]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:96]
COMMIT
# Completed on Tue Jul 4 23:37:53 2023
END
netfilter-persistent reload
systemctl restart netfilter-persistent