block virus

#!/bin/sh #--- check ip wan ---# ppp0=`ifconfig | grep -A1 ppp0 | tail -1 | cut -d : -f 2 | cut -f 1 -d " "` ppp1=`ifconfig | grep -A1 ppp1 | tail -1 | cut -d : -f 2 | cut -f 1 -d " "` ppp2=`ifconfig | grep -A1 ppp2 | tail -1 | cut -d : -f 2 | cut -f 1 -d " "` #--- check gw wan ---# ppp0_gw=`ip route | grep ppp0 | head -1 | cut -f 1 -d " "` ppp1_gw=`ip route | grep ppp1 | head -1 | cut -f 1 -d " "` ppp2_gw=`ip route | grep ppp2 | head -1 | cut -f 1 -d " "` #--- add new SNAT ---# iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $ppp0 iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source $ppp1 iptables -t nat -A POSTROUTING -o ppp2 -j SNAT --to-source $ppp2 #iptables -I INPUT -j ACCEPT iptables -I FORWARD -j ACCEPT iptables -I OUTPUT -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp -d 10.0.1.1/20 --dport 3128 -j DROP iptables -t nat -A PREROUTING -i tun0 -p tcp -m tcp -d 10.0.1.1/20 --dport 3128 -j DROP #--- gmember ---# iptables -t nat -I PREROUTING -i eth1 -p tcp -d youtube.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d hi5.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d facebook.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d gmember.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 203.151.207.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d song.gmember.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 174.36.4.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 174.36.56.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 208.43.218.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d rcw.ms --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d forums.overclockzone.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d overclockzone.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 202.170.126.119/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 216.239.61.100/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 203.144.244.116/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 164.115.2.135/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 174.36.56.184/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 203.146.140.137/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 208.43.218.80/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 38.117.107.188/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 174.36.242.26/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 69.65.59.240/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 209.17.69.4/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i eth1 -p tcp -d 61.19.12.17/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d youtube.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d hi5.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d facebook.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d gmember.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d 203.151.207.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d song.gmember.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d 174.36.4.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d 174.36.56.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d 208.43.218.0/24 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d rcw.ms --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d forums.overclockzone.com --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d overclockzone.com --dport 80 -j ACCEPT #--- HTTP Proxy service ---# if [ -f /var/run/squid.pid ]; then iptables -t nat -D PREROUTING -s 0/0 -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -D PREROUTING -s 0/0 -i tun0 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -D PREROUTING -i eth1 -p tcp -d 10.0.1.1 --dport 80 -j ACCEPT iptables -t nat -D PREROUTING -i tun0 -p tcp -d 10.0.1.1 --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A PREROUTING -s 0/0 -i tun0 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -I PREROUTING -i eth1 -p tcp -d 10.0.1.1 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun0 -p tcp -d 10.0.1.1 --dport 80 -j ACCEPT fi iptables -t mangle -A PREROUTING -i tun0 -m state --state NEW -j MULTIWAN_MARK iptables -t mangle -A PREROUTING -i tun0 -m state --state RELATED,ESTABLISHED -j MULTIWAN_RESTORE iptables -t mangle -A PREROUTING -m state --state NEW -j MULTIWAN_MARK iptables -t mangle -A PREROUTING -m state --state RELATED,ESTABLISHED -j MULTIWAN_RESTORE iptables -t mangle -I PREROUTING -j ACCEPT # Algo string iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP iptables -A FORWARD -m string --algo bm --string "torrent"" -j DROP iptables -A FORWARD -m string --algo bm --string "announce"" -j DROP iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP #codered virus iptables -A FORWARD -m string --algo bm --string "/default.ida?" -j DROP #nimda virus iptables -A FORWARD -m string --algo bm --string ".exe?/c+dir" -j DROP iptables -A FORWARD -m string --algo bm --string ".exe?/c_tftp" -j DROP # Block Bit 100% iptables -t filter -I FORWARD -i eth+ -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j DROP iptables -t filter -I FORWARD -i tun0 -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j DROP iptables -t filter -I FORWARD -i ppp+ -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j DROP iptables -t filter -I FORWARD -m ipp2p --kazaa --gnu --edk --dc --bit --apple --soul --winmx --ares -j DROP # bittorrent key iptables -A FORWARD -m string --string "peer_id" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "BitTorrent" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "BitTorrent protocol" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "bittorrent-announce" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "announce.php?passkey=" --algo kmp --to 65535 -j DROP # ----- Block Bit iptables -A FORWARD -m ipp2p --ipp2p -j DROP iptables -I INPUT -s 0.0.0.0/0 -m string --string "info_hash" --algo bm -j DROP iptables -I INPUT -s 0.0.0.0/0 -m string --string "torrent" --algo bm -j DROP iptables -I INPUT -s 0.0.0.0/0 -m string --string "announce" --algo bm -j DROP # DHT keyword iptables -A FORWARD -m string --string "info_hash" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "get_peers" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "announce" --algo kmp --to 65535 -j DROP iptables -A FORWARD -m string --string "announce_peers" --algo kmp --to 65535 -j DROP #--- Block Bit layer7 ---# iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -I OUTPUT -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -I FORWARD -m ipp2p --bit -j DROP iptables -I INPUT -m ipp2p --bit -j DROP iptables -I OUTPUT -m ipp2p --bit -j DROP # Drop package wrom Virus Input iptables -I INPUT -p tcp --dport 135 -j DROP iptables -I INPUT -p udp --dport 135 -j DROP iptables -I INPUT -p tcp --dport 4444 -j DROP iptables -I INPUT -p udp --dport 4444 -j DROP iptables -I INPUT -p tcp --dport 5554 -j DROP iptables -I INPUT -p udp --dport 5554 -j DROP iptables -I INPUT -p tcp --dport 9996 -j DROP iptables -I INPUT -p udp --dport 9996 -j DROP iptables -I INPUT -p tcp --dport 137 -j DROP iptables -I INPUT -p udp --dport 137 -j DROP iptables -I INPUT -p tcp --dport 138 -j DROP iptables -I INPUT -p udp --dport 138 -j DROP iptables -I INPUT -p tcp --dport 139 -j DROP iptables -I INPUT -p udp --dport 139 -j DROP # Drop package wrom Virus Output iptables -I OUTPUT -p tcp --dport 135 -j DROP iptables -I OUTPUT -p udp --dport 135 -j DROP iptables -I OUTPUT -p tcp --dport 4444 -j DROP iptables -I OUTPUT -p udp --dport 4444 -j DROP iptables -I OUTPUT -p tcp --dport 5554 -j DROP iptables -I OUTPUT -p udp --dport 5554 -j DROP iptables -I OUTPUT -p tcp --dport 9996 -j DROP iptables -I OUTPUT -p udp --dport 9996 -j DROP iptables -I OUTPUT -p tcp --dport 137 -j DROP iptables -I OUTPUT -p udp --dport 137 -j DROP iptables -I OUTPUT -p tcp --dport 138 -j DROP iptables -I OUTPUT -p udp --dport 138 -j DROP iptables -I OUTPUT -p tcp --dport 139 -j DROP