p.kallus.cz
Binární skladiště
x

Debian: Firewall: zachycení řetězce v provozu 

 /etc/iptables.up.rules*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A FORWARD -m string --algo bm --string "BitTorrent" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "peer_id=" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string ".torrent" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "torrent" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "announce" -j LOG --log-prefix "[torrent_marked] "
-A FORWARD -m string --algo bm --string "info_hash" -j LOG --log-prefix "[torent_kallus] "

-A INPUT -p tcp -m tcp -m multiport -j DROP --dports 25
-A INPUT -p tcp -m tcp --dport 25 -j DROP

-A FORWARD -m state -i eth0 -o eth1 --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT

COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

# iptables-restore < /etc/iptables.up.rules

/etc/rsyslog.d/iptables.conf
:msg, contains, "[torrent_marked] " -/var/log/iptables.log
& ~

# /etc/init.d/rsyslog restart

/etc/logrotate.d/iptables
/var/log/iptables.log
{
    rotate 7
    daily
    missingok
    notifempty
    delaycompress
#    compress
    postrotate
        invoke-rc.d rsyslog reload < /dev/null
    endscript
}

# touch /etc/cron.d/p2p_detect
# chmod +x /etc/cron.d/p2p_detect
# nano /etc/cron.d/p2p_detect

/etc/cron.d/p2p_detect
#!/bin/bash
#

Date=`date -d'now-1 hours ' +"%b %d %H:"`

if grep "$Date" /var/log/iptables.log ; then
  grep "$Date" /var/log/iptables.log | mailx -s "Nalezen záznam TORRENT" "ja@domena.cz"
else
echo "Nic";
fi

# echo "0 * * * * /etc/cron.d/p2p_detect > /dev/null 2>&1 >> /var/spool/cron/crontabs/root
# service cron restart

Štítky

spravce 12 January 2023 Linux,
x

 

 

Zde mi můžete zanechat zprávu: 
https://p.kallus.cz/contact/feedback