commit e3a6d410e6c3cba6a79802be4277cc0c775efc3b
Author: caskd <caskd@420blaze.it>
Date:   Sun Dec 8 13:21:55 2019 +0100

    Add old ufw configuration and current IPTABLES configuration

diff --git a/iptables-setup.sh b/iptables-setup.sh
new file mode 100755
index 0000000..83b2bf8
--- /dev/null
+++ b/iptables-setup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# INPUT Chain (incoming ports)
+
+# All packet verification
+iptables -I INPUT -m conntrack --ctstate INVALID -j DROP			# Drop invalid packets
+iptables -I INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT	# No constant icmp packets
+iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP				# Block null packets
+iptables -I INPUT -p tcp ! --syn -m state --state NEW -j DROP			# Block syn floods
+
+# SSH Bruteforce Mitigations
+iptables -N IN_SSH
+iptables -A INPUT -i eth0 -p tcp --dport 22 -m conntrack --ctstate NEW -j IN_SSH
+iptables -A IN_SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP
+iptables -A IN_SSH -m recent --name sshbf --rttl --rcheck --hitcount 4 --seconds 1800 -j DROP 
+iptables -A IN_SSH -m recent --name sshbf --set -j ACCEPT
+
+# Cross-server free networking
+iptables -A INPUT -s 68.183.220.24,68.183.219.248,157.230.31.163,45.77.55.222,104.248.141.204 -j ACCEPT
+iptables -A INPUT -i eth1 -j ACCEPT
+
+# Services
+iptables -A INPUT -p tcp -m multiport --dports 22,80,443,2200,2422,2442,25565,51413,51820 -j ACCEPT
+iptables -A INPUT -p udp -m multiport --dports 443,2200,25565,51820 -j ACCEPT
+
+# Docker Rules (not required with rules above)
+#iptables -A INPUT -p tcp --dport 7946 -j ACCEPT
+#iptables -A INPUT -p udp --dport 7946 -j ACCEPT
+#iptables -A INPUT -p tcp --dport 2377 -j ACCEPT
+#iptables -A INPUT -p udp --dport 4789 -j ACCEPT
+#iptables -A INPUT -p ESP -j ACCEPT						# IPSEC for Docker
+
+# Special Rules
+iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT		# Keep existing connections open
+iptables -I INPUT 1 -i lo -j ACCEPT						# Loopback connections
+
+# DEFAULT RULES # Apply at end, first set whitelisted connections
+iptables -P INPUT DROP 
+# iptables -P FORWARD DROP							# Unsure about this, needs testing
+iptables -P OUTPUT ACCEPT							# Allow all outbound connections
diff --git a/ufw.sh b/ufw.sh
new file mode 100644
index 0000000..5704eb6
--- /dev/null
+++ b/ufw.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Incoming services
+ufw allow proto tcp from any to any port 22,80,443,2200,2422,2442,25565,51413
+
+IPS=(
+	"68.183.220.24"
+	"68.183.219.248"
+	"157.230.31.163"
+	"45.77.55.222"
+	"104.248.141.204"
+)
+
+for ((i = 0; i<${#IPS[@]}; i++));do
+	ufw allow from ${IPS[${i}]} 
+done
+
+ufw default deny incoming
+ufw default reject routed
+ufw default allow outgoing