Fred87's Script - Revision history https://www.slackwiki.com/index.php?title=Fred87%27s_Script&action=history Revision history for this page on the wiki en MediaWiki 1.40.0 Wed, 08 Apr 2026 16:07:16 GMT Erik: Copy from old https://www.slackwiki.com/index.php?title=Fred87%27s_Script&diff=115&oldid=prev https://www.slackwiki.com/index.php?title=Fred87%27s_Script&diff=115&oldid=prev <p>Copy from old</p> <p><b>New page</b></p><div>* Allows incoming SSH<br /> * Detects and blocks syn floods<br /> * Detects spoofed local packets<br /> * Makes sure &quot;NEW&quot; tcp packets have the syn flag set<br /> * Drops packets with both syn and fin set<br /> * Generated with [http://www.fredemmott.co.uk/index.php?page=kitg KIptablesGenerator]<br /> <br /> #!/bin/sh<br /> # Generated by KIptablesGenerator<br /> # Copyright (c) 2004 Fred Emmott &lt;mail@fredemmott.co.uk&gt;<br /> # See KIptablesGenerator for license information.<br /> # You probably want to make this a startup script, eg on<br /> # slackware you probably want to save this as /etc/rc.d/rc.firewall<br /> IPTABLES=/usr/sbin/iptables<br /> $IPTABLES -P INPUT DROP<br /> $IPTABLES -A INPUT -i lo -j ACCEPT<br /> $IPTABLES -A INPUT ! -i lo -d 127.0.0.0/8 -j DROP<br /> $IPTABLES -N Flood-Scan<br /> $IPTABLES -A INPUT -p tcp -m tcp --syn -j Flood-Scan<br /> $IPTABLES -A Flood-Scan -m limit --limit 1/s --limit-burst 20 -j RETURN<br /> $IPTABLES -A Flood-Scan -j LOG --log-prefix &quot;OVER-LIMIT: &quot;<br /> $IPTABLES -A Flood-Scan -j DROP<br /> $IPTABLES -A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate NEW -j DROP<br /> $IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br /> $IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT<br /> $IPTABLES -A INPUT -p tcp -m conntrack --ctstate RELATED -j ACCEPT<br /> $IPTABLES -A INPUT -p udp -m conntrack --ctstate ESTABLISHED -j ACCEPT<br /> $IPTABLES -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT<br /> $IPTABLES -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT<br /> $IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT<br /> $IPTABLES -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT<br /> $IPTABLES -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT<br /> <br /> [[Category:Security]]</div> Wed, 03 Jun 2009 02:17:36 GMT Erik https://www.slackwiki.com/Talk:Fred87%27s_Script