From f3bcd31a612b898281ad5ff90dfcdec622c22f0f Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 11 Oct 2017 06:29:31 +0200 Subject: [PATCH] daily autocommit --- .etckeeper | 1 + default/iptables | 89 ++++++++++++++++++++++++++++++++++++++++++++++++ motd | 7 ++-- 3 files changed, 94 insertions(+), 3 deletions(-) create mode 100644 default/iptables diff --git a/.etckeeper b/.etckeeper index 22d0579..372fe7f 100755 --- a/.etckeeper +++ b/.etckeeper @@ -269,6 +269,7 @@ maybe chmod 0644 'default/grub' maybe chmod 0644 'default/halt' maybe chmod 0644 'default/haveged' maybe chmod 0644 'default/hwclock' +maybe chmod 0600 'default/iptables' maybe chmod 0644 'default/iptables.bak' maybe chmod 0644 'default/keyboard' maybe chmod 0644 'default/locale' diff --git a/default/iptables b/default/iptables new file mode 100644 index 0000000..76fab36 --- /dev/null +++ b/default/iptables @@ -0,0 +1,89 @@ +# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [1165:267654] +:f2b-dovecot - [0:0] +:f2b-postfix - [0:0] +:f2b-roundcube - [0:0] +:f2b-ssh - [0:0] +:f2b-sshd - [0:0] +:f2b-sshd-ddos - [0:0] +:mysql - [0:0] +:rejects - [0:0] +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos +-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd +-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -p udp -m udp --dport 68 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 3306 -j mysql +-A INPUT -j rejects +-A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 +-A INPUT -j REJECT --reject-with icmp-port-unreachable +-A f2b-dovecot -j RETURN +-A f2b-postfix -j RETURN +-A f2b-postfix -j RETURN +-A f2b-roundcube -j RETURN +-A f2b-ssh -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -j RETURN +-A f2b-sshd -s 113.176.163.41/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.242.83.7/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 82.99.241.130/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 185.160.106.135/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.218.198.168/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -j RETURN +-A f2b-sshd-ddos -j RETURN +-A mysql -s 127.0.0.1/32 -j ACCEPT +-A mysql -s 185.48.118.130/32 -j ACCEPT +-A mysql -s 10.12.20.5/32 -j ACCEPT +-A mysql -s 10.12.20.2/32 -j ACCEPT +-A mysql -j NFLOG --nflog-prefix "MySQL Reject " --nflog-threshold 1 +-A mysql -j REJECT --reject-with icmp-port-unreachable +-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable +COMMIT +# Completed on Tue Oct 10 22:18:16 2017 +# Generated by iptables-save v1.6.0 on Tue Oct 10 22:18:16 2017 +*nat +:PREROUTING ACCEPT [601546:44803933] +:INPUT ACCEPT [196228:19381261] +:OUTPUT ACCEPT [996083:74607655] +:POSTROUTING ACCEPT [996083:74607655] +COMMIT +# Completed on Tue Oct 10 22:18:16 2017 diff --git a/motd b/motd index 95fb940..fb31225 100644 --- a/motd +++ b/motd @@ -6,8 +6,9 @@ Debian GNU/Linux 9.2 (stretch) |____/ \__,_|_| \__,_|_| |_| -Begeisterung ist Glaube, der Feuer gefangen hat. - -- Walter Heiby +Bei wissenschaftlichen Streitigkeiten nehme man sich in Acht, +die Probleme nicht zu vermehren. + -- Goethe, Maximen und Reflektionen, Nr. 1051 -Today is Pungenday, the 64th day of Bureaucracy in the YOLD 3183 +Today is Prickle-Prickle, the 65th day of Bureaucracy in the YOLD 3183 -- 2.39.5