4.1 KiB
outline
| outline |
|---|
| deep |
Blocking abuse through iptables
Basic Usage of iptables
1. Start iptables
In most Linux distributions, the iptables service can be started using the following command:
sudo systemctl start iptables
2. Set Rules
After starting iptables, you can set rules to block abusive traffic. For example, the following command will block traffic from a specific IPv4 address:
sudo iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
3. Query Rules
After setting the rules, you can use the following command to view the current iptables rules:
sudo iptables -L
This will list all input, output, and forwarding rules.
4. Stop iptables
If you need to stop the iptables service, you can use the following command:
sudo systemctl stop iptables
5. Save Rules
To ensure that the rules persist after a reboot, you can save the current rules:
sudo iptables-save | sudo tee /etc/iptables/rules.v4
6. Restore Rules
When you need to restore the rules, you can use the following command:
sudo iptables-restore < /etc/iptables/rules.v4
7. Other Common Commands
-
List Rules (Detailed Information):
sudo iptables -L -v -
Delete Specific Rule:
sudo iptables -D INPUT -s 192.168.1.100 -j DROP -
Flush All Rules:
sudo iptables -F
Block abusive traffic on the host
- prevention in advance
Blocking Mining Behavior
strings=(
"ethermine.com"
"ethermine.org"
"antpool.one"
"antpool.com"
"pool.bar"
"c3pool"
"xmrig.com"
"blackcat.host"
"minexmr.com"
"supportxmr.com"
"monerohash.com"
"hashvault.pro"
"xmrpool.eu"
"minergate.com"
"webminepool.com"
"nanopool.org"
"2miners.com"
"f2pool.com"
"sparkpool.com"
"nicehash.com"
"prohashing.com"
"coinhive.com"
"coinimp.com"
"cryptoloot.pro"
"xmrig"
"xmr-stak"
"cpuminer"
"cgminer"
"ethminer"
"stratum+tcp"
"stratum+ssl"
"stratum+http"
"stratum"
"raw.githubusercontent.com/xmrig"
"github.com/xmrig"
)
iptables -N MINING_BLOCK 2>/dev/null
iptables -C OUTPUT -j MINING_BLOCK 2>/dev/null || iptables -A OUTPUT -j MINING_BLOCK
for str in "${strings[@]}"; do
iptables -A MINING_BLOCK -m string --string "$str" --algo bm -j DROP
done
Blocking BT behavior
strings=(
"BitTorrent"
"BitTorrent protocol"
"BitTorrent protocol\x13"
"magnet:"
".torrent"
"d1:ad2:id20"
"d1:rd2:id20"
"ut_metadata"
"ut_pex"
"lt_metadata"
"lt_donthave"
"qBittorrent"
"Transmission"
"Deluge"
"aria2"
"libtorrent"
"uTorrent"
"BiglyBT"
"Vuze"
"xunlei"
"Thunder"
"XLLiveUD"
)
iptables -N BT_BLOCK 2>/dev/null
iptables -C OUTPUT -j BT_BLOCK 2>/dev/null || iptables -A OUTPUT -j BT_BLOCK
for str in "${strings[@]}"; do
iptables -A BT_BLOCK -m string --string "$str" --algo bm -j DROP
done
Blocking Speed Test Behavior
strings=(
"speedtest"
"fast.com"
"speedtest.net"
"speedtest.com"
"speedtest.cn"
"ookla.com"
"speedtestcustom.com"
"ovo.speedtestcustom.com"
"speed.cloudflare.com"
"test.ustc.edu.cn"
"10000.gd.cn"
"db.laomoe.com"
"jiyou.cloud"
"mirrors.ustc.edu.cn"
"mirrors.tuna.tsinghua.edu.cn"
"mirrors.aliyun.com"
".speed"
".speed."
"/speedtest"
"/speed-test"
)
iptables -N SPEED_BLOCK 2>/dev/null
iptables -C OUTPUT -j SPEED_BLOCK 2>/dev/null || iptables -A OUTPUT -j SPEED_BLOCK
for str in "${strings[@]}"; do
iptables -A SPEED_BLOCK -m string --string "$str" --algo bm -j DROP
done
Unblocking actions
Remove mining restrictions
iptables -D OUTPUT -j MINING_BLOCK
iptables -F MINING_BLOCK
iptables -X MINING_BLOCK
Remove BT restrictions
iptables -D OUTPUT -j BT_BLOCK
iptables -F BT_BLOCK
iptables -X BT_BLOCK
Remove speed restrictions
iptables -D OUTPUT -j SPEED_BLOCK
iptables -F SPEED_BLOCK
iptables -X SPEED_BLOCK