Adjusted some more plugins for ipv6

[alff.git] / share / plugins / plugin.d / create_chain_tcp_scan_handling

diff --git a/share/plugins/plugin.d/create_chain_tcp_scan_handling b/share/plugins/plugin.d/create_chain_tcp_scan_handling
index cb8f82c..503f684 100755 (executable)
--- a/share/plugins/plugin.d/create_chain_tcp_scan_handling
+++ b/share/plugins/plugin.d/create_chain_tcp_scan_handling
@@ -53,6 +53,36 @@ cat <<- EOF >&3
        iptables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE \
          -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth Null scan: "
 
+       # ipv6
+       # (NMAP) FIN/URG/PSH
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN,URG,PSH \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS scan: "
+       
+       # SYN/RST/ACK/FIN/URG
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS-PSH scan: "
+       
+       # ALL/ALL
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL ALL \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS-ALL scan: "
+       
+       # NMAP FIN Stealth
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth FIN scan: "
+       
+       # SYN/RST
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,RST SYN,RST \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth SYN/RST scan: "
+       
+       # SYN/FIN (probably)
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,FIN SYN,FIN \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth SYN/FIN scan(?): "
+       
+       # Null scan
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE \
+         -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth Null scan: "
+
+
 EOF
 
 else
@@ -93,6 +123,36 @@ cat <<- EOF >&3
        ################
        iptables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE -j DROP
 
+       # IPv6
+       # NMAP FIN/URG/PSH
+       ##################
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
+
+       # SYN/RST/ACK/FIN/URG
+       #####################
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+
+       # ALL/ALL Scan
+       ##############
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL ALL -j DROP
+
+       # NMAP FIN Stealth
+       ##################
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN -j DROP
+
+       # SYN/RST
+       #########
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+
+       # SYN/FIN -- Scan(probably)
+       ###########################
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+
+       # NMAP Null Scan
+       ################
+       ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE -j DROP
+
+
 EOF
 
 else