irwanmohi
/
ndiey


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							#!/bin/bash
clear
if [[ "$EUID" -ne 0 ]]; then
    echo -e "\033[1;31mScript need to be run as root!\033[0m"; exit 1
fi

echo '/bin/false
/usr/bin/false
/usr/sbin/nologin' >> /etc/shells

echo '# Configuration file for setting system variables
kernel.printk = 3 4 1 3
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=1
#net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
fs.file-max = 51200

net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
# net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla' > /etc/sysctl.conf
sysctl -p &>/dev/null

apt-get -y -qq install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# ddos-deflates
apt-get -y -qq install dnsutils net-tools tcpdump dsniff grepcidr
wget -q https://github.com/jgmdev/ddos-deflate/archive/master.zip -O /root/ddos.zip
unzip /root/ddos.zip && rm /root/ddos.zip
cd /root/ddos-deflate-master
./install.sh

systemctl enable ddos
systemctl start ddos

# iptables rules
iptables -F
iptables -X
iptables -Z

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "torrent" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "announce" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP
iptables -A INPUT -m string --string "find_node" --algo bm --to 65535 -j DROP

iptables-save > /etc/firewall.conf
iptables-restore < /etc/firewall.conf
cat > /etc/cron.d/firewall <<EOL
reboot   root    iptables-restore < /etc/firewall.conf
EOL

DEBIAN_FRONTEND=noninteractive apt-get -y -qq install iptables-persistent

echo
echo -e "\033[1;32mTahniah, Kami telah selesai dengan pemasangan fail2ban, ddos-deflate & Firewall.\033[0m"
echo
echo 'Use my referral link https://m.do.co/c/a28a40414d6a'
echo 'to gets $100 credit into your DigitalOcean account.'
echo
echo 'Hak Cipta 2021 Doctype, Dikuasakan oleh Cybertize.'
sleep 5