Remove firewall ratelimiting and per-ip limiting, use provided interface

2020-01-23 17:30:02 +01:00 · 2020-01-23 17:30:02 +01:00 · 7712236aae
parent e3a6d410e6
commit 7712236aae
1 changed files with 6 additions and 11 deletions
--- a/iptables-setup.sh
+++ b/iptables-setup.sh
@ -7,16 +7,11 @@ iptables -I INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT	# N
 iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP				# Block null packets
 iptables -I INPUT -p tcp ! --syn -m state --state NEW -j DROP			# Block syn floods
 # SSH Bruteforce Mitigations
 iptables -N IN_SSH
 iptables -A INPUT -i eth0 -p tcp --dport 22 -m conntrack --ctstate NEW -j IN_SSH
 iptables -A IN_SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
 iptables -A IN_SSH -m recent --name sshbf --rttl --rcheck --hitcount 4 --seconds 1800 -j DROP 
 iptables -A IN_SSH -m recent --name sshbf --set -j ACCEPT
 # Cross-server free networking
-iptables -A INPUT -s 68.183.220.24,68.183.219.248,157.230.31.163,45.77.55.222,104.248.141.204 -j ACCEPT
+iptables -A INPUT -i ens10 -j ACCEPT
-iptables -A INPUT -i eth1 -j ACCEPT
+
 # Allow forwarding of existing connections
 iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 # Services
 iptables -A INPUT -p tcp -m multiport --dports 22,80,443,2200,2422,2442,25565,51413,51820 -j ACCEPT
@ -35,5 +30,5 @@ iptables -I INPUT 1 -i lo -j ACCEPT						# Loopback connections
 # DEFAULT RULES # Apply at end, first set whitelisted connections
 iptables -P INPUT DROP
-# iptables -P FORWARD DROP							# Unsure about this, needs testing
+iptables -P FORWARD ACCEPT							# TODO: Should be drop but it needs configuration
 iptables -P OUTPUT ACCEPT							# Allow all outbound connections