Closed landonstewart closed 5 years ago
For T-Pot 18.10 the best starting point for persistent iptables rules that do not interfere with the basic startup would be in /opt/tpot/bin/rules.sh
. This will also ensure to (if inserted before NFQ rules take place) that these ports will not be forwarded to the NFQ based honeypots Honeytrap and Glutton. Please ensure to create a backup of your changes since the file will be overwritten should you use update.sh
in the future.
The recommended way however is to statically NAT the ports 1-64000 on a router a gateway in front of T-Pot.
/opt/tpot/bin/rules.sh
Same issue on the newest version.
Issues
I'd like to firewall tcp/64295 and tcp/64297 so only certain subnets can reach them. Where can I do this so it persists between reboots and is not overwritten?
I tried updating the file /opt/tpot/host/etc/systemd/tpot.service to specify a source on in the following line but it didn't do anything when restarting or stopping/starting the tpot service.
Changed this:
ExecStartPre=/sbin/iptables -w -A INPUT -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
To this:
ExecStartPre=/sbin/iptables -w -A INPUT -s <subnet/prefix> -p tcp -m multiport --dports 64295:64303,7634 -j ACCEPT
Baisc support information
What T-Pot version are you currtently using? -- Latest 17.10 ISO
Are you running on a Intel NUC or a VM? -- Hardware
How long has your installation been running?
Did you install any upgrades or packages? -- no
Did you modify any scripts? -- No other than the info above
Have you turned persistence on/off? -- no
How much RAM available (login via ssh and run
htop
)? -- 54GB/64GBHow much stress are the CPUs under (login via ssh and run
htop
)?htop
)?sudo df -h
)?sudo start.sh
)?