Beiträge von auxi14

#!/bin/sh


if [ "$1" = "stop" ]
then


echo "Czyszczenie firewalla query rozpoczete"
iptables -F
iptables -t mangle -F
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -X syn-flood
/bin/echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
/bin/echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects
/bin/echo "0" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter
/bin/echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
echo "Czyszczenie zakonczone"
echo "Firewall query  wylaczony"
exit
fi


echo "Konfiguracja firewalla query rozpoczeta"


iptables -F -t nat
iptables -X -t nat
iptables -F -t filter
iptables -X -t filter


echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians


iptables -N DENY
iptables -A DENY -p tcp -m tcp -m limit --limit 30/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with tcp-reset
iptables -A DENY -m limit --limit 30/sec --limit-burst 100 -m comment --comment "Anti-DoS" -j REJECT --reject-with icmp-proto-unreachable
iptables -A DENY -m comment --comment "Alles andere ignorieren" -j DROP
iptables -N SERVICES
iptables -A SERVICES -p tcp -m tcp --dport 53 -m comment --comment "Erlaube: DNS" -j ACCEPT
iptables -A SERVICES -p udp -m udp --dport 53 -m comment --comment "Erlaube: DNS" -j ACCEPT
iptables -A SERVICES -p tcp -m tcp --dport 22 -m comment --comment "Erlaube: SSH-Zugriff" -j ACCEPT
iptables -A SERVICES -j RETURN
iptables -N TEAMSPEAK
iptables -I INPUT -s 149.56.15.51 -p tcp -j RECEJT
iptables -I INPUT -s 149.56.15.51 -p udp -j RECEJT
iptables -A INPUT -p tcp --dport 30033 -m limit --limit 2/sec --limit-burst 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -m limit --limit 2/sec --limit-burst 20 -j LOG --log-prefix "TCP-FLOOD:"
iptables -A INPUT -p tcp --dport 30033 -j DROP
iptables -A TEAMSPEAK -p tcp -m tcp --dport 2008 -m comment --comment "Erlaube: TeamSpeak Accounting" -j ACCEPT
iptables -A TEAMSPEAK -p udp -m udp --dport 9987 -m comment --comment "Erlaube: TeamSpeak Voiceport" -j ACCEPT
iptables -A TEAMSPEAK -p udp -m udp --dport 9988 -m comment --comment "Erlaube: TeamSpeak Voiceport" -j ACCEPT
iptables -A TEAMSPEAK -s 37.59.31.160 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 37.59.46.170 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 127.0.0.1 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 208.167.241.190 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 208.167.241.185 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 208.167.241.186 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 208.167.241.183 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 208.167.241.189 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 108.61.78.147 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 108.61.78.148 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 108.61.78.149 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 108.61.78.150 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 46.186.87.68 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 94.23.88.202 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 155.133.41.48 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 176.221.123.20 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 155.133.42.241 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A TEAMSPEAK -s 94.23.91.122 -p tcp -m tcp --dport 10087 -m comment --comment "Dostep: TeamSpeak ServerQuery" -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 30033 -j ACCEPT
iptables -A TEAMSPEAK -p tcp -m tcp --dport 41144 -m comment --comment "Erlaube: TeamSpeak TSDNS" -j ACCEPT
iptables -A TEAMSPEAK -j RETURN
iptables -A INPUT -i lo -m comment --comment "Erlaube: Loopback" -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "Erlaube: Related und Established Verbindungen" -j ACCEPT
iptables -A INPUT -m comment --comment "Erlaube Standard Dienste" -j SERVICES
iptables -A INPUT -m comment --comment "Erlaube TeamSpeak Dienste" -j TEAMSPEAK
iptables -A INPUT -p icmp -m comment --comment "Erlaube: ICMP" -j ACCEPT
iptables -A INPUT -m comment --comment "Ignoriere alles andere" -j DENY
iptables -P INPUT DROP


echo "Konfiguracja firewalla query zakonczona"
echo "Firewall query wlaczony"

2016-02-10 10:51:15.062877|ERROR   |              |   | TS3ANetwork::ResolveHostName failed error: -3 (Temporary failure in name resolution) 11
2016-02-10 11:01:16.102102|ERROR   |              |   | TS3ANetwork::ResolveHostName failed error: -3 (Temporary failure in name resolution) 11
2016-02-10 11:04:59.969576|INFO    |Query         |   | query from 3649 37.59.46.170:49633 issued: login with account "serveradmin"(serveradmin)
2016-02-10 14:19:54.909335|INFO    |              |   | Increased protection level to: 1
2016-02-10 14:20:59.871315|INFO    |              |   | Decreased protection level to: 0
2016-02-10 14:37:10.805198|INFO    |Query         |   | query from 3751 37.59.46.170:38165 issued: login with account "serveradmin"(serveradmin)
2016-02-10 19:29:16.733131|INFO    |Query         |   | query from 3890 37.59.46.170:56851 issued: login with account "serveradmin"(serveradmin)
2016-02-10 21:50:25.369028|INFO    |              |   | Increased protection level to: 1
2016-02-10 21:51:20.914129|INFO    |Query         |   | query from 3964 37.59.46.170:35706 issued: login with account "serveradmin"(serveradmin)
2016-02-10 21:51:30.298858|INFO    |              |   | Decreased protection level to: 0
2016-02-10 22:07:43.316324|INFO    |              |   | Increased protection level to: 1

2015-10-31 14:46:31.727531|INFO    |VirtualServerBase|  1| client connected 'lazrog'(id:7111) from 194.31.49.28:49978
2015-10-31 14:46:41.530847|INFO    |VirtualServerBase|  1| client connected 'BornOfHate'(id:6052) from 89.66.172.31:49325
2015-10-31 14:46:50.726578|INFO    |VirtualServerBase|  1| client disconnected 'Rychu#'(id:4127) reason 'reasonmsg=leaving'
2015-10-31 14:46:51.889494|INFO    |VirtualServerBase|  1| client disconnected 'barneyKIQ'(id:4091) reason 'reasonmsg=leaving'
[u][i][b]2015-10-31 14:46:58.998800|INFO    |VirtualServer |  1| client (id:7111) was added to servergroup 'Fantasy'(id:174) by client 'Unknown from 194.31.49.28:50592'(id:877)
2015-10-31 14:47:10.208923|INFO    |VirtualServer |  1| client (id:7111) was added to servergroup 'Zarejestrowany/a'(id:7) by client 'Unknown from 194.31.49.28:50592'(id:877)
2015-10-31 14:47:13.016623|INFO    |VirtualServer |  1| client (id:7111) was added to servergroup 'Właściciel'(id:24) by client 'Unknown from 194.31.49.28:50592'(id:877)[/b][/i][/u]
2015-10-31 14:47:28.178381|INFO    |VirtualServer |  1| ban added reason='Nowe IP:   Dumbgo.net      ' ip='[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' bantime=0 by client 'lazrog'(id:7111)
2015-10-31 14:47:28.178543|INFO    |VirtualServerBase|  1| client disconnected 'S K I L L E R'(id:6874) reason 'invokerid=27 invokername=lazrog invokeruid=yodt8rNGR+rIntbvUI/8loPm5b0= reasonmsg=Nowe IP:   Dumbgo.net       bantime=0'
2015-10-31 14:47:28.180226|INFO    |VirtualServerBase|  1| client disconnected 'szczepon'(id:4104) reason 'invokerid=27 invokername=lazrog invokeruid=yodt8rNGR+rIntbvUI/8loPm5b0= reasonmsg=Nowe IP:   Dumbgo.net       bantime=0'
2015-10-31 14:47:28.181516|INFO    |VirtualServerBase|  1| client disconnected 'BananowyFranek'(id:5823) reason 'invokerid=27 invokername=lazrog invokeruid=yodt8rNGR+rIntbvUI/8loPm5b0= reasonmsg=Nowe IP:   Dumbgo.net       bantime=0'
2015-10-31 14:47:28.182538|INFO    |VirtualServerBase|  1| client disconnected 'Piecuch12'(id:6883) reason 'invokerid=27 invokername=lazrog invokeruid=yodt8rNGR+rIntbvUI/8loPm5b0= reasonmsg=Nowe IP:   Dumbgo.net       bantime=0'