From 66dfe7cb1b33428f788b9b4e7dfd30f39a2d2714 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Sat, 20 Feb 2021 10:28:25 -0500 Subject: [PATCH] MISTBORN_INT_LOG_DROP --- scripts/subinstallers/ip6tables.sh | 8 +++++++- scripts/subinstallers/iptables.sh | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/scripts/subinstallers/ip6tables.sh b/scripts/subinstallers/ip6tables.sh index 6d102fe..5ab886d 100755 --- a/scripts/subinstallers/ip6tables.sh +++ b/scripts/subinstallers/ip6tables.sh @@ -5,12 +5,18 @@ sudo ip6tables -F sudo ip6tables -t nat -F sudo ip6tables -X MISTBORN_LOG_DROP 2>/dev/null || true +sudo ip6tables -X MISTBORN_INT_LOG_DROP 2>/dev/null || true -# ip6tables: log and drop chain +# ip6tables: log and drop chain (external threats) sudo ip6tables -N MISTBORN_LOG_DROP sudo ip6tables -A MISTBORN_LOG_DROP -m limit --limit 6/min -j LOG --log-prefix "[Mistborn-IPTables-Dropped]: " --log-level 4 sudo ip6tables -A MISTBORN_LOG_DROP -j DROP +# ip6tables: log and drop chain (internal threats) +sudo ip6tables -N MISTBORN_INT_LOG_DROP +sudo ip6tables -A MISTBORN_INT_LOG_DROP -m limit --limit 6/min -j LOG --log-prefix "[Mistborn-IPTables-Internal-Dropped]: " --log-level 4 +sudo ip6tables -A MISTBORN_INT_LOG_DROP -j DROP + # ip6tables echo "Setting ip6tables rules" sudo ip6tables -P INPUT ACCEPT diff --git a/scripts/subinstallers/iptables.sh b/scripts/subinstallers/iptables.sh index f429c45..efdbe49 100755 --- a/scripts/subinstallers/iptables.sh +++ b/scripts/subinstallers/iptables.sh @@ -17,17 +17,23 @@ fi sudo iptables -F sudo iptables -t nat -F sudo iptables -X MISTBORN_LOG_DROP 2>/dev/null || true +sudo iptables -X MISTBORN_INT_LOG_DROP 2>/dev/null || true sudo iptables -X MISTBORN_WIREGUARD_INPUT 2>/dev/null || true sudo iptables -X MISTBORN_WIREGUARD_FORWARD 2>/dev/null || true sudo iptables -X MISTBORN_WIREGUARD_OUTPUT 2>/dev/null || true sudo iptables -X MISTBORN_DOCKER_OUTPUT 2>/dev/null || true sudo iptables -X MISTBORN_DOCKER_INPUT 2>/dev/null || true -# iptables: log and drop chain +# iptables: log and drop chain (external threats) sudo iptables -N MISTBORN_LOG_DROP sudo iptables -A MISTBORN_LOG_DROP -m limit --limit 6/min -j LOG --log-prefix "[Mistborn-IPTables-Dropped]: " --log-level 4 sudo iptables -A MISTBORN_LOG_DROP -j DROP +# iptables: log and drop chain (internal threats) +sudo iptables -N MISTBORN_INT_LOG_DROP +sudo iptables -A MISTBORN_INT_LOG_DROP -m limit --limit 6/min -j LOG --log-prefix "[Mistborn-IPTables-Internal-Dropped]: " --log-level 4 +sudo iptables -A MISTBORN_INT_LOG_DROP -j DROP + # wireguard rules chains sudo iptables -N MISTBORN_WIREGUARD_INPUT sudo iptables -N MISTBORN_WIREGUARD_FORWARD