-
-
Save hroland/3bc3a01c1ad3e9cc1a0f43eae1caa285 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # block torrent traffic by iptable/firewall for VPN/Proxy server | |
| # [email protected] | |
| # forked by roland | |
| # Delete all existing rules | |
| iptables -F | |
| iptables -X | |
| # Set default chain policies | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP | |
| iptables -P OUTPUT DROP | |
| # Allow ALL incoming SSH | |
| iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT | |
| # MultiPorts (Allow incoming SSH, HTTP, and HTTPS) | |
| iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT | |
| # Allow All custom proxy ports | |
| iptables -A INPUT -i eth0 -p tcp -m multiport --dports 800:820 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 800:820 -m state --state ESTABLISHED -j ACCEPT | |
| # Allow outgoing SSH | |
| iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT | |
| # Allow outgoing HTTPS | |
| iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT | |
| iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT | |
| # Ping from inside to outside | |
| iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| # Ping from outside to inside | |
| iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| # Allow loopback access | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A OUTPUT -o lo -j ACCEPT | |
| # Allow outbound DNS | |
| iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT | |
| iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT | |
| # Prevent DoS attack | |
| iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT | |
| # Log dropped packets | |
| iptables -N LOGGING | |
| iptables -A INPUT -j LOGGING | |
| iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "[torrentban] IPTables Packet Dropped: " --log-level 7 | |
| iptables -A LOGGING -j DROP | |
| iptables -A LOGGING -j REJECT | |
| # Block torrent - https://gist.github.com/iamtartan/872a0db39fa017dceee0?permalink_comment_id=3122192#gistcomment-3122192 | |
| iptables -I OUTPUT -t filter -p tcp -m string --string "BitTorrent" --algo bm -j REJECT --reject-with tcp-reset | |
| iptables -I OUTPUT -t filter -p udp -m string --string "BitTorrent" --algo bm -j REJECT --reject-with icmp-port-unreachable | |
| # Block torrent - https://www.unixmen.com/how-to-block-bittorrent-traffic-on-your-linux-firewall/ | |
| iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "announce" -j DROP | |
| iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP | |
| # Block torrent - https://www.digitalocean.com/community/questions/updating-iptables-to-block-torrent-traffic | |
| iptables -A INPUT -m string --string "BitTorrent" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "BitTorrent protocol" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "peer_id=" --algo bm -j DROP | |
| iptables -A INPUT -m string --string ".torrent" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "announce.php?passkey=" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "torrent" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "announce" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "info_hash" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "tracker" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "get_peers" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "announce_peer" --algo bm -j DROP | |
| iptables -A INPUT -m string --string "find_node" --algo bm -j DROP | |
| # Block Torrent - https://techexpert.tips/ubuntu/block-bittorrent-linux/ | |
| apt-get update | |
| apt-get install xtables-addons-common | |
| iptables -I FORWARD -p tcp -m ipp2p --bit -j REJECT --reject-with tcp-reset | |
| iptables -I FORWARD -p udp -m ipp2p --bit -j REJECT --reject-with icmp-port-unreachable | |
| # from eng vpn test | |
| iptables -P INPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A FORWARD -s 100.1.0.0/16 -d 100.1.0.0/16 -j REJECT --reject-with icmp-port-unreachable | |
| iptables -A FORWARD -s 100.1.0.0/16 -j ACCEPT | |
| iptables -A FORWARD -d 100.1.0.0/16 -j ACCEPT | |
| iptables -A FORWARD -s 10.99.0.0/16 -d 10.99.0.0/16 -j REJECT --reject-with icmp-port-unreachable | |
| iptables -A FORWARD -s 10.99.0.0/16 -j ACCEPT | |
| iptables -A FORWARD -d 10.99.0.0/16 -j ACCEPT | |
| # wireguard ports? | |
| iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT | |
| iptables -A INPUT -p udp -m udp --dport 51214 -j ACCEPT | |
| iptables -A INPUT -p udp -m udp --dport 51294 -j ACCEPT | |
| iptables -A FORWARD -i wg0 -j ACCEPT | |
| iptables -A FORWARD -o wg0 -j ACCEPT |
Author
hroland
commented
Mar 8, 2022
HI
I used your code
The server does not come up.SERVER DOWN
What is wrong???
HI I used your code The server does not come up.SERVER DOWN What is wrong???
me too lol
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment