Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

handle iptables differently

Browse source
This commit is contained in:
Marco Ochse 2017-05-23 23:32:07 +00:00
parent 345df08941
commit 2bbafbc791
1 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
installer/etc/tpot/systemd/tpot.service
View file

@ -29,23 +29,27 @@ ExecStartPre=/bin/bash -c '/sbin/ip link set $(/sbin/ip address | grep "^2: " |
# Modify access rights on docker.sock for netdata # Modify access rights on docker.sock for netdata
ExecStartPre=-/bin/chmod 666 /var/run/docker.sock ExecStartPre=-/bin/chmod 666 /var/run/docker.sock
# Set iptables accept rules to avoid forwarding to honeytrap / NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
# Forward all other connections to honeytrap / NFQUEUE
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
# Compose T-Pot up # Compose T-Pot up
ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up ExecStart=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml up
# Prepare iptables rules for honeytrap
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE
ExecStartPost=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE
# Compose T-Pot down, remove containers and volumes # Compose T-Pot down, remove containers and volumes
ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v ExecStop=/usr/local/bin/docker-compose -f /etc/tpot/tpot.yml down -v
# Remove iptables rules for honeytrap # Remove only previously set iptables rules
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 1025,50100,8080,8081,9200 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 64295:64303,7634 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 64295:64303 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 3306,5060,5061,5601,11211 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 3306,5060,5061,5601,11211 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -m multiport ! --dports 21,22,23,42,69,80,135,443,445,1433,1723,1883,1900 -j NFQUEUE ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW,ESTABLISHED -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT
ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target