我正在考虑改进,但我可以应用哪些改进呢?
这是我的防火墙:
#!/bin/bash
# \e[32m = Verde
# \e[31m = Vermelho
# \e[0m = Reset
clear
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -t mangle -A PREROUTING -p icmp -j DROP
iptables -t mangle -A PREROUTING -f -j DROP
iptables -A INPUT -s 51.161.19.224/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.161.99.0/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.161.99.32/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.161.99.64/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.161.38.224/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.178.221.0/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 217.182.27.224/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.77.31.32/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.89.81.0/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.89.81.32/27 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 139.99.240.0/29 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -s 51.79.153.72/29 -p tcp --dport 50000 -m comment --comment "TCPShield V4" -j ACCEPT
iptables -A INPUT -p tcp --dport 50000 -j DROP
iptables -A INPUT -p tcp --dport 58491 -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp --dport 58491 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
iptables -A INPUT -s 94.62.141.90 -p tcp --dport 58491 -j ACCEPT
iptables -A INPUT -p tcp --dport 58491 -j DROP
iptables -A INPUT -s 94.62.141.90 -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
iptables -A OUTPUT -p tcp --dport 58491 -j ACCEPT
iptables -N scan-portas
iptables -A scan-portas -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
iptables -A scan-portas -j DROP
echo -e '\e[32mProteção ativada\e[0m'
我的防火墙没问题吗?
或者需要一些改进?