##Place the bricks to be called when "/etc/init.d/modwall start" is run #ModwallStart () { # export PATH="/usr/lib/modwall/:$PATH" # # lockdown # # kernel start # # banfor30 # scrutinizedst # scrutinizesrc # #histogram # autoreject # # macchk # inputsrcaddrtype # outputdstaddrtype # fwdsrcaddrtype # fwddstaddrtype # address # bogons # icmpchk # icmpfwdchk scrutinizesrc banfor30 DROP # ipopts scrutinizesrc banfor30 DROP # plength # tcpchk scrutinizesrc banfor30 DROP # udpchk scrutinizesrc banfor30 DROP # catchmapper scrutinizesrc DROP # catchmapreply scrutinizedst DROP # # syncapture # mapssh # pasvmap # scrutinize # # established # # checkbans # shunsrc # shundst # punishmapper # # blockfwdports # identreject # # local-forward-accept # local-input-accept # local-output-accept # # canarydst # logremainder # # policy # # lockdown stop #} ##Place the bricks to be called when "/etc/init.d/modwall stop" is run #ModwallStop () { # export PATH="/usr/lib/modwall/:$PATH" # # lockdown #} #DefaultPolicy='DROP' #NeverLog=( #"-s 127.0.0.1" #"-p tcp --dport 53" #"-d 224.0.0.1" #"-m addrtype --dst-type LOCAL -p tcp --sport 1024:65535 --dport 135" #"-m addrtype --dst-type BROADCAST -p udp --sport 137 --dport 137" #"-m addrtype --dst-type BROADCAST -p udp --sport 138 --dport 138" #"-m addrtype --dst-type BROADCAST -p udp --sport 68 --dport 67" #" -p udp --sport 514 --dport 514" #"-m addrtype --dst-type LOCAL -p icmp --icmp-type 8" #) #BlockFwdTcpPorts='' #This holds a space seperated list of tcp destination ports that should #_never_ traverse this firewall. For example if you never want to allow #SMTP or Telnet connections, set like so: #BlockFwdTcpPorts='25 23' # #Likewise, a space seperated list of destination udp ports to block. #BlockFwdUdpPorts='' #LegalMacs=( #"1.1.1.1 AA:BB:CC:DD:EE:FF eth0" #"1.1.1.2 C0:FF:EE:C0:FF:EE eth0" #"0/0 GW:MA:CA:DD:RE:SS eth0" #) #NeverCheckMac=( #"-i sl0" #"-s my.ethernet.ip.address" #) #CanaryDestinations=( #"-d unused.ip.address" #"-p tcp --dport closedport" #"-p tcp --dport andanother" #"-p tcp --dport 135" #"-p udp --dport 137" #"-p tcp --dport 445" #"-p tcp --dport 139" #"-p udp --dport 1434" #ms-sql #"-p tcp --dport 6129" #Dameware #"-p tcp --dport 1433" #ms-sql #"-p tcp --dport 27374" #subseven/ramen #"-p tcp --dport 1080" #socks proxy #"-p tcp --dport 3128" #squid proxy #)