هذا سكربت bash لازم تكون روت لتنفيذه :
كود PHP:
#!/bin/bash
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
rm /root/.dyn*
echo 'Setting kernel tcp parameters to reduct DoS effects'
#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
#ANTISPOOFING
for a in /proc/sys/net/ipv4/conf/*/rp_filter;
do
echo 1 > $a
done
##
#NO SOURCE ROUTE
for z in /proc/sys/net/ipv4/conf/*/accept_source_route;
do
echo 0 > $z
done
#SYN COOKIES
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate
echo '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo '1' > /proc/sys/net/ipv4/conf/all/accept_redirects
echo '1' > /proc/sys/net/ipv4/conf/all/log_martians
# NUMBER OF CONNECTIONS TO TRACK
echo '65535' > /proc/sys/net/ipv4/ip_conntrack_max
# Set default policies
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
### chains to DROP too many SYN-s ######
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix 'SYN flood: '
/sbin/iptables -A syn-flood -j DROP
سمية syn.bash بعد ذالك قم بتنفيذه
لاتنسى تغير الامتداد /sbin/iptables
لامتداد برنامج iptables الصحيح
تحياتي
18-May-2007, 01:15 PM
ايقاف SYN Attacks بإستخدام الفايرول IPTables
العرض العادي
