From 85d23150b86be0159ac157661799d672666c36c6 Mon Sep 17 00:00:00 2001 From: UncleRaymondo Date: Tue, 13 Mar 2018 13:36:09 +1100 Subject: [PATCH] Numerous Changes - Multiple Conpot Honeypots Successful - See Full Desc. Numerous changes completed to successfully have multiple Conpot Honeypots in operation - Fix Dockerfile Build Failures by adding py-gevent and py-snmp to APK where required - Build new dedicated images for Conpot via Default, Kamstrup and Guardian Templates - Reconfigure IP Tables Rules - Update all YML files with new configuration to download new Conpot images instead of T-Pot Default Conpot Image - Configure Environment Variables in Docker Files for Image Builds - Fix missing IPTable rule/configuration for 5060/udp for Dionaea - Successfully test via NMAP that ports 102, 161/udp, 502, 623/udp, 10001, 47808/udp, and 50100 are open and functioning correctly KNOWN ISSUE: Conpot data is not available on dashboard/visualisations due to changes required for Logstash configuration. --- bin/clean.sh | 36 ++++--------------- docker/conpot_default/Dockerfile | 13 ++++--- .../dist/{conpot_default.cfg => conpot.cfg} | 2 +- docker/conpot_default/dist/requirements.txt | 4 +-- docker/conpot_default/docker-compose.yml | 11 +++--- docker/conpot_guardianast/Dockerfile | 15 +++++--- .../{conpot_guardian_ast.cfg => conpot.cfg} | 2 +- .../conpot_guardianast/dist/requirements.txt | 4 +-- docker/conpot_guardianast/docker-compose.yml | 7 ++-- docker/conpot_kamstrup/Dockerfile | 15 +++++--- .../dist/{conpot_kamstrup.cfg => conpot.cfg} | 2 +- docker/conpot_kamstrup/dist/requirements.txt | 4 +-- docker/conpot_kamstrup/docker-compose.yml | 7 ++-- etc/compose/all.yml | 19 +++++----- etc/compose/industrial.yml | 19 +++++----- etc/logrotate/logrotate.conf | 8 ++--- host/etc/systemd/tpot.service | 18 +++++----- 17 files changed, 91 insertions(+), 95 deletions(-) rename docker/conpot_default/dist/{conpot_default.cfg => conpot.cfg} (94%) rename docker/conpot_guardianast/dist/{conpot_guardian_ast.cfg => conpot.cfg} (94%) rename docker/conpot_kamstrup/dist/{conpot_kamstrup.cfg => conpot.cfg} (94%) diff --git a/bin/clean.sh b/bin/clean.sh index e3e2f5b6..44c805f9 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -65,32 +65,11 @@ logrotate -s $mySTATUS $myCONF } # Let's create a function to clean up and prepare conpot data -fuCONPOT_DEFAULT () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot_default/*; fi - mkdir -p /data/conpot_default/log - chmod 760 /data/conpot_default -R - chown tpot:tpot /data/conpot_default -R -} - -fuCONPOT_KAMSTRUP () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot_kamstrup/*; fi - mkdir -p /data/conpot_kamstrup/log - chmod 760 /data/conpot_kamstrup -R - chown tpot:tpot /data/conpot_kamstrup -R -} - -fuCONPOT_GUARDIANAST () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot_guardianast/*; fi - mkdir -p /data/conpot_guardianast/log - chmod 760 /data/conpot_guardianast -R - chown tpot:tpot /data/conpot_guardianast -R -} - -fuCONPOT_IEC104 () { - if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot_IEC104/*; fi - mkdir -p /data/conpot_IEC104/log - chmod 760 /data/conpot_IEC104 -R - chown tpot:tpot /data/conpot_IEC104 -R +fuCONPOT () { + if [ "$myPERSISTENCE" != "on" ]; then rm -rf /data/conpot/*; fi + mkdir -p /data/conpot/log + chmod 760 /data/conpot -R + chown tpot:tpot /data/conpot -R } # Let's create a function to clean up and prepare cowrie data @@ -222,10 +201,7 @@ if [ "$myPERSISTENCE" = "on" ]; fuLOGROTATE else echo "Cleaning up and preparing data folders." - fuCONPOT_DEFAULT - fuCONPOT_KAMSTRUP - fuCONPOT_GUARDIANAST - fuCONPOT_IEC104 + fuCONPOT fuCOWRIE fuDIONAEA fuELASTICPOT diff --git a/docker/conpot_default/Dockerfile b/docker/conpot_default/Dockerfile index 2bf10405..366f0507 100644 --- a/docker/conpot_default/Dockerfile +++ b/docker/conpot_default/Dockerfile @@ -4,6 +4,9 @@ MAINTAINER MO # Include dist ADD dist/ /root/dist/ +# Define Environment Variables +ENV CONPOT_TEMPLATE="default" CONPOT_LOG="/var/log/conpot/conpot_default.log" CONPOT_CONFIG="/etc/conpot/conpot_default.cfg" + # Setup apt RUN apk -U add bash \ build-base \ @@ -18,6 +21,8 @@ RUN apk -U add bash \ pkgconfig \ python \ python-dev \ + py-gevent \ + py-snmp \ py-cffi && \ # Setup ConPot @@ -32,9 +37,9 @@ RUN apk -U add bash \ # Setup user, groups and configs addgroup -g 2000 conpot_default && \ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_default && \ - mkdir -p /etc/conpot_default /var/log/conpot_default && \ - mv /root/dist/conpot_default.cfg /etc/conpot_default/conpot_default.cfg && \ - mv /root/dist/default/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_default/templates/default/ && \ + mkdir -p /etc/conpot /var/log/conpot && \ + mv /root/dist/conpot.cfg /etc/conpot/conpot_default.cfg && \ + mv /root/dist/default/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/default/ && \ # Clean up apk del build-base \ @@ -51,4 +56,4 @@ RUN apk -U add bash \ rm -rf /var/cache/apk/* # Run supervisor upon container start -CMD ["/usr/bin/conpot", "--template", "default", "--logfile", "/var/log/conpot_default/conpot_default.log", "--config", "/etc/conpot_default/conpot_default.cfg"] +CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG diff --git a/docker/conpot_default/dist/conpot_default.cfg b/docker/conpot_default/dist/conpot.cfg similarity index 94% rename from docker/conpot_default/dist/conpot_default.cfg rename to docker/conpot_default/dist/conpot.cfg index 43eaafc7..c1c4fa01 100644 --- a/docker/conpot_default/dist/conpot_default.cfg +++ b/docker/conpot_default/dist/conpot.cfg @@ -10,7 +10,7 @@ group = conpot_default [json] enabled = True -filename = /var/log/conpot_default/conpot_default.json +filename = /var/log/conpot/conpot_default.json [sqlite] enabled = False diff --git a/docker/conpot_default/dist/requirements.txt b/docker/conpot_default/dist/requirements.txt index ca8e6871..47b11a01 100644 --- a/docker/conpot_default/dist/requirements.txt +++ b/docker/conpot_default/dist/requirements.txt @@ -1,6 +1,6 @@ gevent>=1.0 -pysnmp==4.3.5 -pysmi==0.1.3 +pysnmp==4.4.4 +pysmi==0.2.2 lxml bottle jinja2 diff --git a/docker/conpot_default/docker-compose.yml b/docker/conpot_default/docker-compose.yml index a89a0097..dda5bec7 100644 --- a/docker/conpot_default/docker-compose.yml +++ b/docker/conpot_default/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2.0' networks: conpot_default_local: @@ -14,9 +14,10 @@ services: ports: - "102:102" - "502:502" - - "2404:2404" - - "47808:47808" + - "623:623/udp" + - "47808:47808/udp" - "161:161/udp" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_default:1710" volumes: - - /data/conpot_default/log:/var/log/conpot_default + - /data/conpot/log:/var/log/conpot \ No newline at end of file diff --git a/docker/conpot_guardianast/Dockerfile b/docker/conpot_guardianast/Dockerfile index c85bdb20..4d00c562 100644 --- a/docker/conpot_guardianast/Dockerfile +++ b/docker/conpot_guardianast/Dockerfile @@ -4,6 +4,9 @@ MAINTAINER MO # Include dist ADD dist/ /root/dist/ +# Define Environment Variables +ENV CONPOT_TEMPLATE="guardian_ast" CONPOT_LOG="/var/log/conpot/conpot_guardian_ast.log" CONPOT_CONFIG="/etc/conpot/conpot_guardian_ast.cfg" + # Setup apt RUN apk -U add bash \ build-base \ @@ -18,6 +21,8 @@ RUN apk -U add bash \ pkgconfig \ python \ python-dev \ + py-gevent \ + py-snmp \ py-cffi && \ # Setup ConPot @@ -32,9 +37,9 @@ RUN apk -U add bash \ # Setup user, groups and configs addgroup -g 2000 conpot_guardian_ast && \ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_guardian_ast && \ - mkdir -p /etc/conpot_guardian_ast /var/log/conpot_guardian_ast && \ - mv /root/dist/conpot_guardian_ast.cfg /etc/conpot_guardian_ast/conpot_guardian_ast.cfg && \ - mv /root/dist/guardian_ast/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_guardian_ast/templates/guardian_ast/ && \ + mkdir -p /etc/conpot /var/log/conpot && \ + mv /root/dist/conpot.cfg /etc/conpot/conpot_guardian_ast.cfg && \ + mv /root/dist/guardian_ast/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/guardian_ast/ && \ # Clean up apk del build-base \ @@ -45,10 +50,10 @@ RUN apk -U add bash \ libxslt-dev \ mariadb-dev \ pkgconfig \ - python-dev \ + python-dev \ py-cffi && \ rm -rf /root/* && \ rm -rf /var/cache/apk/* # Run supervisor upon container start -CMD ["/usr/bin/conpot", "--template", "guardian_ast", "--logfile", "/var/log/conpot_guardian_ast/conpot_guardian_ast.log", "--config", "/etc/conpot_guardian_ast/conpot_guardian_ast.cfg"] +CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG \ No newline at end of file diff --git a/docker/conpot_guardianast/dist/conpot_guardian_ast.cfg b/docker/conpot_guardianast/dist/conpot.cfg similarity index 94% rename from docker/conpot_guardianast/dist/conpot_guardian_ast.cfg rename to docker/conpot_guardianast/dist/conpot.cfg index 37da37db..2dcc0a9e 100644 --- a/docker/conpot_guardianast/dist/conpot_guardian_ast.cfg +++ b/docker/conpot_guardianast/dist/conpot.cfg @@ -10,7 +10,7 @@ group = conpot_guardian_ast [json] enabled = True -filename = /var/log/conpot_guardian_ast/conpot_guardian_ast.json +filename = /var/log/conpot/conpot_guardian_ast.json [sqlite] enabled = False diff --git a/docker/conpot_guardianast/dist/requirements.txt b/docker/conpot_guardianast/dist/requirements.txt index ca8e6871..47b11a01 100644 --- a/docker/conpot_guardianast/dist/requirements.txt +++ b/docker/conpot_guardianast/dist/requirements.txt @@ -1,6 +1,6 @@ gevent>=1.0 -pysnmp==4.3.5 -pysmi==0.1.3 +pysnmp==4.4.4 +pysmi==0.2.2 lxml bottle jinja2 diff --git a/docker/conpot_guardianast/docker-compose.yml b/docker/conpot_guardianast/docker-compose.yml index ad132432..168a2c30 100644 --- a/docker/conpot_guardianast/docker-compose.yml +++ b/docker/conpot_guardianast/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2.0' networks: conpot_guardianast_local: @@ -13,6 +13,7 @@ services: - conpot_guardianast_local ports: - "10001:10001" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymodo/conpot_guardianast:1710" volumes: - - /data/conpot_guardianast/log:/var/log/conpot_guardianast + - /data/conpot/log:/var/log/conpot \ No newline at end of file diff --git a/docker/conpot_kamstrup/Dockerfile b/docker/conpot_kamstrup/Dockerfile index 89913abe..595bf8d7 100644 --- a/docker/conpot_kamstrup/Dockerfile +++ b/docker/conpot_kamstrup/Dockerfile @@ -4,6 +4,9 @@ MAINTAINER MO # Include dist ADD dist/ /root/dist/ +# Define Environment Variables +ENV CONPOT_TEMPLATE="kamstrup_382" CONPOT_LOG="/var/log/conpot/conpot_kamstrup.log" CONPOT_CONFIG="/etc/conpot/conpot_kamstrup.cfg" + # Setup apt RUN apk -U add bash \ build-base \ @@ -18,6 +21,8 @@ RUN apk -U add bash \ pkgconfig \ python \ python-dev \ + py-gevent \ + py-snmp \ py-cffi && \ # Setup ConPot @@ -32,9 +37,9 @@ RUN apk -U add bash \ # Setup user, groups and configs addgroup -g 2000 conpot_kamstrup && \ adduser -S -s /bin/bash -u 2000 -D -g 2000 conpot_kamstrup && \ - mkdir -p /etc/conpot_kamstrup /var/log/conpot_kamstrup && \ - mv /root/dist/conpot_kamstrup.cfg /etc/conpot_kamstrup/conpot_kamstrup.cfg && \ - mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot_kamstrup/templates/kamstrup_382/ && \ + mkdir -p /etc/conpot /var/log/conpot && \ + mv /root/dist/conpot.cfg /etc/conpot/conpot_kamstrup.cfg && \ + mv /root/dist/kamstrup_382/template.xml /usr/lib/python2.7/site-packages/Conpot-0.5.1-py2.7.egg/conpot/templates/kamstrup_382/ && \ # Clean up apk del build-base \ @@ -45,10 +50,10 @@ RUN apk -U add bash \ libxslt-dev \ mariadb-dev \ pkgconfig \ - python-dev \ + python-dev \ py-cffi && \ rm -rf /root/* && \ rm -rf /var/cache/apk/* # Run supervisor upon container start -CMD ["/usr/bin/conpot", "--template", "kamstrup_382", "--logfile", "/var/log/conpot_kamstrup/conpot_kamstrup.log", "--config", "/etc/conpot_kamstrup/conpot_kamstrup.cfg"] +CMD /usr/bin/conpot --template $CONPOT_TEMPLATE --logfile $CONPOT_LOG --config $CONPOT_CONFIG \ No newline at end of file diff --git a/docker/conpot_kamstrup/dist/conpot_kamstrup.cfg b/docker/conpot_kamstrup/dist/conpot.cfg similarity index 94% rename from docker/conpot_kamstrup/dist/conpot_kamstrup.cfg rename to docker/conpot_kamstrup/dist/conpot.cfg index cf01ab95..9c257648 100644 --- a/docker/conpot_kamstrup/dist/conpot_kamstrup.cfg +++ b/docker/conpot_kamstrup/dist/conpot.cfg @@ -10,7 +10,7 @@ group = conpot_kamstrup [json] enabled = True -filename = /var/log/conpot_kamstrup/conpot_kamstrup.json +filename = /var/log/conpot/conpot_kamstrup.json [sqlite] enabled = False diff --git a/docker/conpot_kamstrup/dist/requirements.txt b/docker/conpot_kamstrup/dist/requirements.txt index ca8e6871..47b11a01 100644 --- a/docker/conpot_kamstrup/dist/requirements.txt +++ b/docker/conpot_kamstrup/dist/requirements.txt @@ -1,6 +1,6 @@ gevent>=1.0 -pysnmp==4.3.5 -pysmi==0.1.3 +pysnmp==4.4.4 +pysmi==0.2.2 lxml bottle jinja2 diff --git a/docker/conpot_kamstrup/docker-compose.yml b/docker/conpot_kamstrup/docker-compose.yml index 298c9a49..9319b896 100644 --- a/docker/conpot_kamstrup/docker-compose.yml +++ b/docker/conpot_kamstrup/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2.0' networks: conpot_kamstrup_local: @@ -14,6 +14,7 @@ services: ports: - "1025:1025" - "50100:50100" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_kamstrup:1710" volumes: - - /data/conpot_kamstrup/log:/var/log/conpot_kamstrup + - /data/conpot/log:/var/log/conpot \ No newline at end of file diff --git a/etc/compose/all.yml b/etc/compose/all.yml index df0b6e00..1b95c967 100644 --- a/etc/compose/all.yml +++ b/etc/compose/all.yml @@ -29,9 +29,10 @@ services: ports: - "1025:1025" - "50100:50100" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_kamstrup:1710" volumes: - - /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local + - /data/conpot/log:/var/log/conpot # Conpot service - Default Template conpot_default: @@ -42,12 +43,13 @@ services: ports: - "102:102" - "502:502" - - "2404:2404" - - "47808:47808" + - "623:623/udp" + - "47808:47808/udp" - "161:161/udp" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_default:1710" volumes: - - /data/conpot_default_local/log:/var/log/conpot_default_local + - /data/conpot/log:/var/log/conpot # Conpot service - Guardian AST Template conpot_guardian_ast: @@ -57,9 +59,10 @@ services: - conpot_guardian_ast_local ports: - "10001:10001" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_guardianast:1710" volumes: - - /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local + - /data/conpot/log:/var/log/conpot # Cowrie service cowrie: diff --git a/etc/compose/industrial.yml b/etc/compose/industrial.yml index 96a9d50d..12d08b45 100644 --- a/etc/compose/industrial.yml +++ b/etc/compose/industrial.yml @@ -22,9 +22,10 @@ services: ports: - "1025:1025" - "50100:50100" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_kamstrup:1710" volumes: - - /data/conpot_kamstrup_local/log:/var/log/conpot_kamstrup_local + - /data/conpot/log:/var/log/conpot # Conpot service - Default Template conpot_default: @@ -35,12 +36,13 @@ services: ports: - "102:102" - "502:502" - - "2404:2404" - - "47808:47808" + - "623:623/udp" + - "47808:47808/udp" - "161:161/udp" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_default:1710" volumes: - - /data/conpot_default_local/log:/var/log/conpot_default_local + - /data/conpot/log:/var/log/conpot # Conpot service - Guardian AST Template conpot_guardian_ast: @@ -50,9 +52,10 @@ services: - conpot_guardian_ast_local ports: - "10001:10001" - image: "dtagdevsec/conpot:1710" +# image: "dtagdevsec/conpot:1710" + image: "uncleraymondo/conpot_guardianast:1710" volumes: - - /data/conpot_guardian_ast_local/log:/var/log/conpot_guardian_ast_local + - /data/conpot/log:/var/log/conpot # ELK services ## Elasticsearch service diff --git a/etc/logrotate/logrotate.conf b/etc/logrotate/logrotate.conf index b7d04552..1bf89135 100644 --- a/etc/logrotate/logrotate.conf +++ b/etc/logrotate/logrotate.conf @@ -1,9 +1,5 @@ -/data/conpot_default/log/conpot.json -/data/conpot_default/log/conpot.log -/data/conpot_kamstrup/log/conpot.json -/data/conpot_kamstrup/log/conpot.log -/data/conpot_guardianast/log/conpot.json -/data/conpot_guardianast/log/conpot.log +/data/conpot/log/conpot_*.json +/data/conpot/log/conpot_*.log /data/cowrie/log/cowrie.json /data/cowrie/log/cowrie-textlog.log /data/cowrie/log/lastlog.txt diff --git a/host/etc/systemd/tpot.service b/host/etc/systemd/tpot.service index 8325adba..638f1b61 100644 --- a/host/etc/systemd/tpot.service +++ b/host/etc/systemd/tpot.service @@ -37,8 +37,8 @@ ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303 ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 102,502,2404,10001,47808 -j ACCEPT -ExecStartPre=/sbin/iptables -w -A INPUT -p udp -m multiport --dports 69,161,5060 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 102,502,10001 -j ACCEPT +ExecStartPre=/sbin/iptables -w -A INPUT -p udp -m multiport --dports 69,161,623,5060,47808 -j ACCEPT ExecStartPre=/sbin/iptables -w -A INPUT -p tcp --syn -m state --state NEW -j NFQUEUE # Compose T-Pot up @@ -48,14 +48,14 @@ ExecStart=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml up --no-color ExecStop=/usr/local/bin/docker-compose -f /opt/tpot/etc/tpot.yml down -v # Remove only previously set iptables rules -ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT -ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p udp -m multiport --dports 69,161,623,5060,47808 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 102,502,10001 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 1025,50100,8080,8081,9200 -j ACCEPT -ExecStartPre=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 102,502,2404,10001,47808 -j ACCEPT -ExecStartPre=/sbin/iptables -w -D INPUT -p udp -m multiport --dports 69,161,5060 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 3306,3389,5060,5061,5601,5900,27017 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 20:23,25,42,69,80,135,443,445,1433,1723,1883,1900 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -d 127.0.0.1 -j ACCEPT +ExecStopPost=/sbin/iptables -w -D INPUT -s 127.0.0.1 -j ACCEPT ExecStopPost=/sbin/iptables -w -D INPUT -p tcp --syn -m state --state NEW -j NFQUEUE [Install]