X-Git-Url: http://git.rfc2324.org/?p=alff.git;a=blobdiff_plain;f=share%2Fplugins%2Fplugin.d%2Fcreate_chain_tcp_scan_handling;h=503f684b9c6bd26012007ee2883e65104a288c61;hp=cb8f82c0c84abf229b0273d87d191c79f5f47d05;hb=2bb5e3f15c346e0b046fda08ddc50701fc2562a0;hpb=0b99fcf618605e9a919e69a2deb7e1499f37a4a5

diff --git a/share/plugins/plugin.d/create_chain_tcp_scan_handling b/share/plugins/plugin.d/create_chain_tcp_scan_handling
index cb8f82c..503f684 100755
--- a/share/plugins/plugin.d/create_chain_tcp_scan_handling
+++ b/share/plugins/plugin.d/create_chain_tcp_scan_handling
@@ -53,6 +53,36 @@ cat <<- EOF >&3
 	iptables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE \
 	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth Null scan: "
 
+	# ipv6
+	# (NMAP) FIN/URG/PSH
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN,URG,PSH \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS scan: "
+	
+	# SYN/RST/ACK/FIN/URG
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS-PSH scan: "
+	
+	# ALL/ALL
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL ALL \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth XMAS-ALL scan: "
+	
+	# NMAP FIN Stealth
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth FIN scan: "
+	
+	# SYN/RST
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,RST SYN,RST \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth SYN/RST scan: "
+	
+	# SYN/FIN (probably)
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,FIN SYN,FIN \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth SYN/FIN scan(?): "
+	
+	# Null scan
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE \
+	  -m limit --limit 3/m --limit-burst 5 -j LOG --log-level ${loglevel} --log-prefix "Stealth Null scan: "
+
+
 EOF
 
 else
@@ -93,6 +123,36 @@ cat <<- EOF >&3
 	################
 	iptables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE -j DROP
 
+	# IPv6
+	# NMAP FIN/URG/PSH
+	##################
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
+
+	# SYN/RST/ACK/FIN/URG
+	#####################
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
+
+	# ALL/ALL Scan
+	##############
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL ALL -j DROP
+
+	# NMAP FIN Stealth
+	##################
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL FIN -j DROP
+
+	# SYN/RST
+	#########
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+
+	# SYN/FIN -- Scan(probably)
+	###########################
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+
+	# NMAP Null Scan
+	################
+	ip6tables -A tcp_scan_handling -p tcp --tcp-flags ALL NONE -j DROP
+
+
 EOF
 
 else