From 7f49b329e4a19bd90c82ea5d089cb6296ef27449 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 21 Jul 2017 06:57:26 +0200 Subject: [PATCH] daily autocommit --- iptables/rules.v4 | 22 +++++++++++++++++----- iptables/rules.v6 | 6 +++--- logwatch/conf/services/iptables.conf | 4 ++-- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 7500749..2fd8eb0 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,9 +1,10 @@ -# Generated by iptables-save v1.6.0 on Wed Jul 19 08:54:03 2017 +# Generated by iptables-save v1.6.0 on Thu Jul 20 10:19:41 2017 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [68:14205] +:OUTPUT ACCEPT [71:11710] :f2b-apache - [0:0] +:rejects - [0:0] -A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable @@ -16,9 +17,20 @@ -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT --A INPUT -p tcp -m multiport --dports 23 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j rejects -A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable --A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable +-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Wed Jul 19 08:54:03 2017 +# Completed on Thu Jul 20 10:19:41 2017 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 8093672..be66a4b 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,8 @@ -# Generated by ip6tables-save v1.6.0 on Wed Jul 19 08:54:03 2017 +# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:19:41 2017 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [21768:7981252] +:OUTPUT ACCEPT [49648:18025916] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT @@ -25,4 +25,4 @@ -A FORWARD -j NFLOG --nflog-prefix "IPv6 FORWARD Reject " --nflog-threshold 1 -A FORWARD -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Wed Jul 19 08:54:03 2017 +# Completed on Thu Jul 20 10:19:41 2017 diff --git a/logwatch/conf/services/iptables.conf b/logwatch/conf/services/iptables.conf index 854e310..36d66da 100644 --- a/logwatch/conf/services/iptables.conf +++ b/logwatch/conf/services/iptables.conf @@ -24,12 +24,12 @@ $iptables_ip_lookup = Yes # Set this to enable a filter on iptables/ipchains displays # This will block out hosts who have less than the specified # number of hits between all ports. Defaults to 0. -$iptables_host_min_count = 0 +$iptables_host_min_count = 5 # If both of the following settings are enabled, two output lists # will be produced. If none is set, the old style output is prduced. # Set this to generate old style output (sorted by source hosts) -#$iptables_list_by_host = 0 +$iptables_list_by_host = 1 # Set this to generate new style output (sorted by targeted service) $iptables_list_by_service = 1 -- 2.39.5