+ Reply to Thread
Results 1 to 5 of 5
Thread: DD-WRT iptables?
LinkBack URL
About LinkBacks-
June 15th, 2011, 12:44 AM #1
DD-WRT iptables?
Are these IPtables right for using in the CMD shell of DD-WRT's firewall?
iptables -t mangle -I PREROUTING -i `nvram get wan_iface` -j TTL --ttl-set 10
iptables -t mangle -I POSTROUTING -o `nvram get wan_iface` -j TTL --ttl-inc 1
iptables -I OUTPUT -d 239.255.255.250 -j DROP
#Syn-flood protection
iptables -N syn_flood
iptables -A syn-flood -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j ACEPT
iptables -A syn_flood -j REJECT
# Furtive port scanner:
iptables -N port_scan
iptables -A port_scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A port_scan -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j REJECT
iptables -t nat -A PREROUTING-p tcp --tcp-flags ALL ALL -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j REJECT
#XMAS
iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j REJECT
# FIN packet scans
iptables -t nat -A PREROUTING -p tcp--tcp-flags ALL SYN,RST,ACK,FIN,URG -j REJECT
#SSH Protection
iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p udp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT
iptables -A rate_limit -p ! ICMP -j LOG --log-prefix " Connection dropped!! "
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A rate_limit -j REJECT
I changed my SSH port to 22. That's not the real port.
-
June 15th, 2011, 06:37 AM #2
Originally Posted by Taxmancometh
Ssh default port is 22, so im a little confused by your statement.
-
June 16th, 2011, 12:35 AM #3
No, I mean my actual SSH port is something other than 22. I just meant that I changed it here for showing so that no one would know what my real SSH port is. So are those IPtables correct for DD-WRT's firewall?
-
June 16th, 2011, 08:29 AM #4
Never really used ip tables but check out this page
Iptables command - DD-WRT Wiki
-
June 16th, 2011, 04:10 PM #5
After carefully reading those I found a few errors with my SSH protection and the PREROUTING.
Reply With Quote
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
What will be happening with TechIMO WRT vBulletin
By EXreaction in forum Suggestion BoxReplies: 0Last Post: October 30th, 2009, 10:46 PM -
DD-WRT Firmware help
By MervTeck in forum Networking and InternetReplies: 5Last Post: February 21st, 2008, 06:33 AM -
DD-WRT: the benefits?
By gunstar in forum Networking and InternetReplies: 7Last Post: April 26th, 2007, 09:35 PM -
ATTN DD-WRT users!
By GroundZero3 in forum Networking and InternetReplies: 4Last Post: September 21st, 2006, 03:57 PM
I have used EaseUS software to backup my data on computer(before Win xp and now Win8) for many years and it works well but now i need it to backup system state from a Win 2008 R2 server computer and...
Backup System State of Win 2008 R2...