zabezpeceni l2pt

imhotepcz

zdravim rad bych neja zabezpecil l2pt ale pokud pouziji ekvivalent co pouzivam na pptp tak se to vzdy pri odpojeni blokne. pri odpojovani l2pt to vytvori mnoho spojeni. Jak to mam ucine ochranitproti hackingu?

funkcni zpusob na pptp

;;; drop pptp brute forcers

chain=input action=drop protocol=tcp src-address-list=pptp_blacklist dst-port=1723 log=no log-prefix=""

chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=pptp_stage3 address-list=pptp_blacklist address-list-timeout=1w3d dst-port=1723 log=no log-prefix=""

chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=pptp_stage2 address-list=pptp_stage3 address-list-timeout=1m dst-port=1723 log=no log-prefix=""

chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=pptp_stage1 address-list=pptp_stage2 address-list-timeout=1m dst-port=1723 log=no log-prefix=""

chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=pptp_stage1 address-list-timeout=1m dst-port=1723 log=no log-prefix=""

nefunkcni zpusob a to i pres to ze sem zvednul pocet novych zpojeni

add action=drop chain=input connection-state="" dst-port=1701,500,4500 log=yes log-prefix="--==DROP L2TP brute forcer==--" protocol=udp src-address-list=l2tp_blacklist tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_blacklist address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage10 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage10 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage9 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage9 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage8 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage8 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage7 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage7 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage6 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage6 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage5 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage5 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage4 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage4 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage3 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp _stage2 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp src-address-list=l2tp_stage1 tcp-flags=""

add action=add-src-to-address-list address-list=l2tp_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=1701,500,4500 protocol=udp tcp-flags=""

imhotepcz

to nikdo nezabezpecoval l2pt, tomu se mi ani nechce verit.