#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== state
#==== Brick specific help ====
#	The bogons module checks for bogon source addresses; addresses
#which have not yet been assigned by IANA.  No legitimate hosts should be
#using them.
#	This module should be safe to use, but please check no less than
#once a month for an updated bogon list.  The file can be found at
#http://www.cymru.com/Documents/bogon-bn-agg.txt and should be placed in
#/var/lib/modwall//bogon-bn-agg.txt .

/usr/bin/sudo /sbin/iptables -N bogons
/usr/bin/sudo /sbin/iptables -A bogons -s 0.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 0.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 2.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 2.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 5.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 5.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 7.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 7.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 23.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 23.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 27.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 27.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 31.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 31.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 36.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 36.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 39.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 39.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 41.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 41.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 42.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 42.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 49.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 49.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 50.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 50.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 58.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 58.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 71.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 71.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 72.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 72.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 85.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 85.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 86.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 86.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 88.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 88.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 96.0.0.0/3 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 96.0.0.0/3 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 169.254.0.0/16 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 169.254.0.0/16 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 173.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 173.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 174.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 174.0.0.0/7 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 176.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 176.0.0.0/5 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 184.0.0.0/6 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 184.0.0.0/6 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 189.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 189.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 190.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 190.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 192.0.2.0/24 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 192.0.2.0/24 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 197.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 197.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 198.18.0.0/15 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 198.18.0.0/15 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -s 223.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A bogons -d 223.0.0.0/8 -j DROP
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -m state --state NEW,RELATED -j bogons
/usr/bin/sudo /sbin/iptables -A FORWARD -m state --state NEW,RELATED -j bogons
/usr/bin/sudo /sbin/iptables -A OUTPUT -o ! lo -m state --state NEW,RELATED -j bogons