mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-28 15:55:47 +02:00
Configure iptables for other services.
This commit is contained in:
parent
fc336a5f1b
commit
6fd0a57fdf
|
@ -9,12 +9,13 @@ default[:metasploitable][:docker_users] = ['boba_fett',
|
||||||
|
|
||||||
default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
|
default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
|
||||||
|
|
||||||
default[:metasploitable][:ports][:cups] = 631
|
default[:metasploitable][:ports] = { :cups => 631,
|
||||||
default[:metasploitable][:ports][:apache] = 80
|
:apache => 80,
|
||||||
default[:metasploitable][:ports][:unrealircd] = 6697
|
:unrealircd => 6697,
|
||||||
default[:metasploitable][:ports][:proftpd] = 21
|
:proftpd => 21,
|
||||||
default[:metasploitable][:ports][:mysql] = 3306
|
:mysql => 3306,
|
||||||
default[:metasploitable][:ports][:chatbot][:ui] = default[:metasploitable][:ports][:apache]
|
:chatbot_ui => 80,
|
||||||
default[:metasploitable][:ports][:chatbot][:nodejs] = 3000
|
:chatbot_nodejs => 3000,
|
||||||
default[:metasploitable][:ports][:chatbot][:ruby] = 8181
|
:ruby => 8181,
|
||||||
default[:metasploitable][:ports][:samba] = 445
|
:samba => 445
|
||||||
|
}
|
||||||
|
|
|
@ -9,12 +9,14 @@ execute "apt-get update" do
|
||||||
end
|
end
|
||||||
|
|
||||||
bash 'setup for knockd, used for flag' do
|
bash 'setup for knockd, used for flag' do
|
||||||
code 'iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP'
|
code_to_execute = ""
|
||||||
code 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
|
code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
|
||||||
|
code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
|
||||||
node[:metasploitable][:ports].keys.each do |service|
|
node[:metasploitable][:ports].keys.each do |service|
|
||||||
code "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service]} -j ACCEPT"
|
code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
|
||||||
end
|
end
|
||||||
code 'iptables -A INPUT -j DROP'
|
code_to_execute << "iptables -A INPUT -j DROP\n"
|
||||||
|
code code_to_execute
|
||||||
end
|
end
|
||||||
|
|
||||||
package 'iptables-persistent' do
|
package 'iptables-persistent' do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user