Hi Andy, On Tue, 11 Feb 2020 09:10:03 +0000 Andy Pieters <arch-general@andypieters.me.uk> wrote:
A more detailed description of what you're trying to do would be helpful.
I have different servers, most with Arch but also with Debian. So I try to generate a firewall script for both systems that is customized depending on what the server is run. So the script try to find the ethernet adapter, the IP, the all open ports which are listen on 0.0.0.0 and the SERVER IP and set this in the multiport rules for tcp or udp. If on the server is used wireguard, then also rules should be activated and when running monitoring tools should be also open the ports but only from my home server. This is my goal and the script should be checked from peoples which know iptables more as me. Is this so okay, will it work or give trouble. When understand the wiki right must be the rules be in the right position. So special spoofing and bruteforce rules will be correct? There are improvements to query the Ethernet adapters, the server IP, the open ports. # port scanning $IPT -I TCP -p tcp -m recent --update --rsource --seconds 60 --name TCP-PORTSCAN -j REJECT --reject-with tcp-reset $IPT -D INPUT -p tcp -j REJECT --reject-with tcp-reset $IPT -A INPUT -p tcp -m recent --set --rsource --name TCP-PORTSCAN -j REJECT --reject-with tcp-reset $IPT -I UDP -p udp -m recent --update --rsource --seconds 60 --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreachable $IPT -D INPUT -p udp -j REJECT --reject-with icmp-port-unreachable $IPT -A INPUT -p udp -m recent --set --rsource --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreachable $IPT -D INPUT -j REJECT --reject-with icmp-proto-unreachable $IPT -A INPUT -j REJECT --reject-with icmp-proto-unreachable This for example my english not perfect and hope understand the wiki right. But is there a reason why is insert, delete and append active? Is it enough only use $IPT -A and rest not used? Thank you & Nice day Silvio