Update sysctl.conf settings and IPTables rules
This commit is contained in:
parent
a15e502056
commit
4ab84f14aa
@ -264,8 +264,12 @@ net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.default.accept_redirects = 0
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
net.ipv4.conf.default.send_redirects = 0
|
||||
net.ipv4.conf.lo.send_redirects = 0
|
||||
net.ipv4.conf.eth0.send_redirects = 0
|
||||
net.ipv4.conf.all.rp_filter = 0
|
||||
net.ipv4.conf.default.rp_filter = 0
|
||||
net.ipv4.conf.lo.rp_filter = 0
|
||||
net.ipv4.conf.eth0.rp_filter = 0
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||
|
||||
@ -293,6 +297,7 @@ cat > /etc/iptables.rules <<EOF
|
||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -d 127.0.0.0/8 -j REJECT
|
||||
-A INPUT -p icmp --icmp-type 255 -j ICMPALL
|
||||
-A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
|
||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
@ -344,6 +349,8 @@ echo "# Modified by hwdsl2 VPN script" >> /etc/iptables.rules
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! grep -qs "hwdsl2 VPN script" /etc/ip6tables.rules; then
|
||||
|
||||
/bin/cp -f /etc/ip6tables.rules "/etc/ip6tables.rules.old-$(date +%Y-%m-%d-%H:%M:%S)" 2>/dev/null
|
||||
cat > /etc/ip6tables.rules <<EOF
|
||||
# Added by hwdsl2 VPN script
|
||||
@ -360,6 +367,8 @@ cat > /etc/ip6tables.rules <<EOF
|
||||
COMMIT
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
cat > /etc/network/if-pre-up.d/iptablesload <<EOF
|
||||
#!/bin/sh
|
||||
/sbin/iptables-restore < /etc/iptables.rules
|
||||
|
@ -303,8 +303,12 @@ net.ipv4.conf.all.accept_redirects = 0
|
||||
net.ipv4.conf.default.accept_redirects = 0
|
||||
net.ipv4.conf.all.send_redirects = 0
|
||||
net.ipv4.conf.default.send_redirects = 0
|
||||
net.ipv4.conf.lo.send_redirects = 0
|
||||
net.ipv4.conf.eth0.send_redirects = 0
|
||||
net.ipv4.conf.all.rp_filter = 0
|
||||
net.ipv4.conf.default.rp_filter = 0
|
||||
net.ipv4.conf.lo.rp_filter = 0
|
||||
net.ipv4.conf.eth0.rp_filter = 0
|
||||
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
||||
net.ipv4.icmp_ignore_bogus_error_responses = 1
|
||||
|
||||
@ -332,6 +336,7 @@ cat > /etc/sysconfig/iptables <<EOF
|
||||
-A INPUT -m conntrack --ctstate INVALID -j DROP
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -d 127.0.0.0/8 -j REJECT
|
||||
-A INPUT -p icmp --icmp-type 255 -j ICMPALL
|
||||
-A INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT
|
||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
@ -382,6 +387,8 @@ echo "# Modified by hwdsl2 VPN script" >> /etc/sysconfig/iptables
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! grep -qs "hwdsl2 VPN script" /etc/sysconfig/ip6tables; then
|
||||
|
||||
/bin/cp -f /etc/sysconfig/ip6tables "/etc/sysconfig/ip6tables.old-$(date +%Y-%m-%d-%H:%M:%S)" 2>/dev/null
|
||||
cat > /etc/sysconfig/ip6tables <<EOF
|
||||
# Added by hwdsl2 VPN script
|
||||
@ -398,6 +405,8 @@ cat > /etc/sysconfig/ip6tables <<EOF
|
||||
COMMIT
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/fail2ban/jail.local ] ; then
|
||||
|
||||
cat > /etc/fail2ban/jail.local <<EOF
|
||||
|
Loading…
x
Reference in New Issue
Block a user