mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-06-28 15:55:47 +02:00
Configure iptables for other services.
This commit is contained in:
parent
fc336a5f1b
commit
6fd0a57fdf
|
@ -9,12 +9,13 @@ default[:metasploitable][:docker_users] = ['boba_fett',
|
|||
|
||||
default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
|
||||
|
||||
default[:metasploitable][:ports][:cups] = 631
|
||||
default[:metasploitable][:ports][:apache] = 80
|
||||
default[:metasploitable][:ports][:unrealircd] = 6697
|
||||
default[:metasploitable][:ports][:proftpd] = 21
|
||||
default[:metasploitable][:ports][:mysql] = 3306
|
||||
default[:metasploitable][:ports][:chatbot][:ui] = default[:metasploitable][:ports][:apache]
|
||||
default[:metasploitable][:ports][:chatbot][:nodejs] = 3000
|
||||
default[:metasploitable][:ports][:chatbot][:ruby] = 8181
|
||||
default[:metasploitable][:ports][:samba] = 445
|
||||
default[:metasploitable][:ports] = { :cups => 631,
|
||||
:apache => 80,
|
||||
:unrealircd => 6697,
|
||||
:proftpd => 21,
|
||||
:mysql => 3306,
|
||||
:chatbot_ui => 80,
|
||||
:chatbot_nodejs => 3000,
|
||||
:ruby => 8181,
|
||||
:samba => 445
|
||||
}
|
||||
|
|
|
@ -9,12 +9,14 @@ execute "apt-get update" do
|
|||
end
|
||||
|
||||
bash 'setup for knockd, used for flag' do
|
||||
code 'iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP'
|
||||
code 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
|
||||
code_to_execute = ""
|
||||
code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
|
||||
code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
|
||||
node[:metasploitable][:ports].keys.each do |service|
|
||||
code "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service]} -j ACCEPT"
|
||||
code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
|
||||
end
|
||||
code 'iptables -A INPUT -j DROP'
|
||||
code_to_execute << "iptables -A INPUT -j DROP\n"
|
||||
code code_to_execute
|
||||
end
|
||||
|
||||
package 'iptables-persistent' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user