Iptables Bad Boys

In this sample iptables_bad_boys_programs.cfg, we defend against hostile hosts--hosts trying to hack us, launch denial-of-services attacks, mirror our website (unauthorized), hog our bandwidth, or otherwise cause us fits. 

///////////////////////////////////////////////////////////////////////////////
//
// iptables_bad_boys_programs.cfg
//
///////////////////////////////////////////////////////////////////////////////

        // BAD_IP -- log and drop bad ips

        =iptables -N BAD_IP
        =iptables -A BAD_IP -j LOG --log-prefix "IPT BAD_IP: " =logopt
        =iptables -A BAD_IP -j DROP

        // BAD_BOYS -- check for bad boys, hostile and/or misbehaving hosts

        =iptables -N BAD_BOYS
        for ip in =badboys; do
            =iptables -A BAD_BOYS -s $ip -j BAD_IP
            =iptables -A BAD_BOYS -d $ip -j BAD_IP
        done

///////////////////////////////////////////////////////////////////////////////

The =badboys macro is a list of host and/or network IP addresses specified (in the firewall_macros.cfg file) for example as: 

badboys         172.16.3.0/8 10.0.0.5 169.254.99.3 [...]

This iptables_bad_boys_programs.cfg file is #included by the higher-level iptables_programs.cfg file.  In that file, we might have code invoking the BAD_BOYS chain as follows: 

        =iptables -A FORWARD            -j BAD_BOYS

Open Hand For more examples, see Samples.

 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2008-09-06.   This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.   Copyright © 1998-2008 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
reset iptables
script config file