#===================Firewall Settings==================# #======================================================# set -e case "$1" in edit) vi /admin/network/firewall ;; stop) clear echo "" echo "" echo "Tum Kurallar Kaldiriliyor.Her port ACIK duruma getiriliyor.!!!" ipchains -F ipchains -P input ACCEPT ipchains -P output ACCEPT ipchains -P forward ACCEPT sleep 1 echo "OK" echo "" echo "" echo "" echo " Dr.VeRmIdoN" echo "" ;; start) #================================================# # Default # #================================================# ipchains -F ipchains -P input ACCEPT ipchains -P output ACCEPT ipchains -P forward REJECT #================================================# # Belirlenmisler # #================================================# ipadd="192.168.1.1" any="0/0" extint="eth0" li="eth1" localint="eth1" ln="192.168.1.0/24" lb="192.168.1.255" ispserver="superonline.com" smtpserver="mail.ticaretnet.com" popserver="mail.ticaretnet.com" loopint="lo" loopback="127.0.0.0/8" classa="10.0.0.0/8" classb="172.16.0.0/12" classc="192.168.0.0/16" multicast="224.0.0.0/4" #===============================================# echo "Ethernet 1 firewall icine aliniyor" # #===============================================# ipchains -A output -f -i $li -j DENY #================================================# echo "Class A tipi ip ler siniflandiriliyor" # #================================================# ipchains -A input -i $extint -s $classa -j DENY ipchains -A input -i $extint -d $classa -j DENY ipchains -A output -i $extint -s $classa -j REJECT ipchains -A output -i $extint -d $classa -j REJECT #===============================================# echo "Class B tipi ip ler siniflandiriliyor" # #===============================================# ipchains -A input -i $extint -s $classb -j DENY ipchains -A input -i $extint -d $classb -j DENY ipchains -A output -i $extint -s $classb -j REJECT ipchains -A output -i $extint -d $classb -j REJECT #===================================================================# #echo "tcp portundan cikisin var, sana girisler yasaklandi" # #===================================================================# #ipchains -A input -p tcp -s 0/0 21 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 23 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 25 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 53 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 80 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 110 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 111 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 139 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 143 -d 0/0 -y -j DENY #ipchains -A input -p tcp -s 0/0 -d 0/0 -j DENY #tum portlar #=========================================================================# echo "6667 - 6666 - 7000 - 80 - 8080 - 1080 - 21 - 23 - 25 - 110. portlardan" echo "Toplam kac defa paket yollanmis ve ne kadar veri akmis kayitlarini tutuluyor" #==========================================================================# ipchains -A output -p tcp -s 192.168.0.0/16 6667 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 6666 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 7000 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 80 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 8080 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 1080 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 21 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 23 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 25 -d 0/0 ipchains -A output -p tcp -s 192.168.0.0/16 110 -d 0/0 #=======================================================# echo "ICMP exploit saldirilari icin yapilandiriliyor" # #=======================================================# ipchains -A input -p icmp -s 0/0 -d 0/0 -f -j DENY #ipchains -A output -p icmp -s 0/0 -d 0/0 -f -j DENY #===============================================================# echo "IPPORT Forward News icin Etkin Hale Getiriliyor" # #===============================================================# #ipmasqadm portfw -f #ipmasqadm portfw -a -P tcp -L 192.168.1.1 119 -R 192.168.1.10 119 #===============================================================# echo "Disaridan Gelen Tum Spoof girisimleri Engelleniyor" # #===============================================================# #ipchains -A input -i eth+ -s 192.168.1.1 -l -j ACCEPT #ipchains -A input -i ppp0 -s 0/0 -l -j ACCEPT #==========================================================# echo "TCP SYN Cookie Korumasi Yapilandiriliyor..." # #==========================================================# sleep 1 echo "OK" echo 1 >/proc/sys/net/ipv4/tcp_syncookies #====================================================# # IP Port Forwarding olayi # #====================================================# #if [ -f /proc/sys/net/ipv4/ip_forward ]; then # if [ "$IPV4_FORWARD" = "1" ]; then # echo "IP Port Forwarding Kullanima Aciliyor...." # echo 1 > /proc/sys/net/ipv4/ip_forward #else # echo "IP Port Forward Baslatilamadi" # echo 0 > /proc/sys/net/ipv4/ip_forward # fi #fi #====================================================# echo " ICMP REdirect Iletisim Engelleniyor..." # #====================================================# for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done sleep 1 echo "OK" #===============================================# echo "Kaynak Rota Paketleri Engelleniyor" # #===============================================# for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done #=============================================================# echo "Problem Yaratan Baglantilar icin Koruma Saglaniyor" # #=============================================================# #if [ -f /admin/firewall.blocked ]; then # . /admin/firewall.blocked #fi #=====================================================================# echo "IP MASQUERADING 192.168.x.x portlari icin baslatiliyor.." # #=====================================================================# # echo "1" > /proc/sys/net/ipv4/ip_forward # echo "0" > /proc/sys/net/ipv4/ip_forward # ipchains -A forward -p tcp -d 0/0 119 -s 192.168.1.1/24 -j MASQ # ipchains -A forward -s 0/0 -d 0/0 -j MASQ # ipchains -M -S 7200 10 160 # ipchains -A forward -s 0/0 -j DENY # echo "" # echo "" #=================================================# echo "Rp Filter(IP Spoof) Kullanima Kapatiliyor." # #=================================================# if [ -r /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo "Rp Filter Iptal Edildi" echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter fi #=================================================================# echo "Transparent Proxy 80 ve 21 . portlar icin Baslatiliyor" # #=================================================================# #ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j REDIRECT 3128 #ipchains -A input -p tcp -s 0/0 -d 0/0 21 -j REDIRECT 3128 #ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j REDIRECT 3128 #ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j REDIRECT 3128 #===========================================================# echo "Acik Portlar Disariya Kapatiliyor. Nah gelirler:)" # #===========================================================# ipchains -A output -p tcp -s 0/0 80 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 80 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 25 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 25 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 111 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 111 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 139 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 139 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 23 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 23 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 3128 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 3128 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 21 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 21 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 53 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 53 -d 0/0 -j DENY ipchains -A output -p udp -s 0/0 53 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p udp -s 0/0 53 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 139 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 139 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 143 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 143 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 110 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 110 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 3000 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 3000 -d 0/0 -j DENY ipchains -A output -p tcp -s 0/0 1080 -d 192.168.1.1/24 -j ACCEPT ipchains -A output -p tcp -s 0/0 1080 -d 0/0 -j DENY #=======================================================================# echo "Input Girisleri Disarisiyla kesiliyor" #=======================================================================# ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 3128 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 3128 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 21 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 21 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 53 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 53 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 23 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 23 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 25 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 25 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 111 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 111 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 80 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 139 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 139 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 110 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 110 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 143 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 143 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 113 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 113 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 3000 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 3000 -j DENY ipchains -A input -p tcp -s 192.168.1.1/24 -d 0/0 1080 -j ACCEPT ipchains -A input -p tcp -s 0/0 -d 0/0 1080 -j DENY #=======================================================================# #=======================================================================# # BOLUM SONU # #=======================================================================# #=======================================================================# sleep 1 echo "Firewall Korumasi Basariyla Tamamlandi...!" echo "" echo "" echo " Written by Dr.VeRmIdoN 1999 (c) " ;; yasak) clear echo "" echo "Tum Girisler , Cikislar , Forward lar Kapatiliyor...!!!" echo " Tek Basinasin...! " ipchains -F ipchains -P input DENY ipchains -P output DENY ipchains -P forward DENY echo " OK " echo "" echo "" echo "" echo " Dr.VeRmIdoN" echo "" ;; output) echo "" echo "" echo "" echo "Belirtilmis Tum Portlarin Cikis Sayaclari" echo "" echo "" ipchains -L output -v | more echo "" echo "" echo "" echo "" echo "" ;; input) echo "" echo "" echo "" echo "" echo "Belirtilmis Tum Portlarin Giris Sayaclari" echo "" echo "" ipchains -L input -v | more echo "" echo "" echo "" echo "" echo "" ;; masq) clear echo "1" > /proc/sys/net/ipv4/ip_forward #echo "Sadece Masq Kullanima Sunuldu" #ipchains -F #ipchains -P input ACCEPT #ipchains -P output ACCEPT #ipchains -P forward ACCEPT ipchains -A forward -s 0/0 -j MASQ ;; forward) echo "" echo "" echo "" echo "Belirtilmis Tum Portlarin Forward Sayaclari" echo "" echo "" ipchains -L forward -v | more echo "" echo "" echo "" echo "" echo "" ;; *) echo "Kullanim: firewall {start|stop|yasak|input|output|forward|masq|edit}" exit 1 esac exit 0