Projects / seven's IPtables script

seven's IPtables script

seven's IPtables script features extensive logging of all connection attempts, user-definable log-levels, protection against various DoS attacks, detection of multiple portscan types, user-defined trusted hosts, and user-defined "open"-ports.


Recent releases

  •  27 Jul 2001 16:08

    Release Notes: The variable names are now in all capital letters, for better visibility. The iptables -X doublecheck was removed. Two variables, $CLOSEDUDP and $CLOSEDTCP, were added. The ports specified in those variables are closed for any host, even for hosts that are listed in $TRUSTHOSTS. Two variables, $LCLOSEDUDP and $LCLOSEDTCP, were added for logging of connection attempts to explicitly closed ports. The new $INT variable allows you to choose which interface you want to protect. All packets from the interface speficied in the new $TRUSTIF variable will be trusted. Some minor bugs were fixed.

    •  25 Jul 2001 16:31

      Release Notes: Some issues with the order of the rules were fixed. Specifically, hosts explicitly blocked could still go through the firewall if the connection was established or related. The 10 items problem concerning the variables was fixed. A nasty typo which screwed up a lot of code from blockhosts, trusthosts, and openports was fixed. A variable that allows you to choose between UDP/TCP "open"-ports was added. The order of some code was changed: previously, the root check was performed after the modprobe.

      •  24 Jul 2001 15:16

        Release Notes: Some /proc-based options were added. Code cleanups were made.

        •  24 Jul 2001 09:54

          Release Notes: FIXED a little typo (used twice $openport5 and not $openport3).

          •  24 Jul 2001 01:22

            Release Notes: A new variable to set syn-flood protection through /proc/.../tcp_syncookies, new variables to choose which hosts are blocked (even when they connect trough ports in $openports), extensive logging options, removal of some obsolete DROP targets, and fixes for some typos.

            Recent comments

            27 Jul 2001 22:34 tuxy

            Eagerly awaiting masquerade funtionality in your script.



            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.