mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-01 12:32:12 +00:00
handle iptables differently
This commit is contained in:
Marco Ochse
parent
345df08941
commit
2bbafbc791
1 changed files with 15 additions and 11 deletions
|
|
@ -29,23 +29,27 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
|
|||
# Modify access rights on docker.sock for netdata
|
||||
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
|
||||
|
||||
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||
|
||||
# Forward all other connections to honeytrap / NFQUEUE
|
||||
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||
|
||||
# Compose T-Pot up
|
||||
ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up
|
||||
|
||||
# Prepare iptables rules for honeytrap
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
|
||||
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
|
||||
# Compose T-Pot down, remove containers and volumes
|
||||
ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
|
||||
|
||||
# Remove iptables rules for honeytrap
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
|
||||
# Remove only previously set iptables rules
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
|
||||
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
Loading…
Reference in a new issue