\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u0440\u0438\u0441\u0443\u0435\u043c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e. \u041f\u0443\u0441\u0442\u044c \u043c\u044b \u0438\u043c\u0435\u0435\u043c \u043d\u0435\u043a\u0438\u0439 \u0445\u043e\u0441\u0442\u043e\u0432\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u043d\u0430 \u043d\u0435\u043c \u043a\u0440\u0443\u0442\u044f\u0442\u0441\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d, \u043f\u0440\u0438\u0447\u0435\u043c \u0441\u0432\u044f\u0437\u044c \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u043c\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c 192.168.56.0\/24 (\u044d\u0442\u0430 \u0441\u0435\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0432 VirtualBox). \u0422.\u0435. \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b \u043d\u0435 \u0432\u0438\u0434\u043d\u044b \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u041d\u0443\u0436\u043d\u043e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u0440\u043e\u0441 \u0438\u0437 \u0432\u043d\u0435 \u043d\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b.
<\/p>\n\n\n\n
#!\/bin\/bash\n#\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0435\u0442 \u0438\u043c\u044f \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b\nvirtualadapter=\"vboxnet0\"\n#\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0435\u0442 \u0441\u0430\u043c\u0443 \u0441\u0435\u0442\u044c \u0434\u043b\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b\nvirtualnet=\"192.168.56.0\/24\"\n#\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0435\u0442 \u0438\u043c\u044f \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u0430 \u0441\u0435\u0442\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b\nhostadapter=\"eth0\"\n#\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0435\u0442 \u0441\u0430\u043c\u0443 \u0441\u0435\u0442\u044c \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b, \u044d\u0442\u043e \u0436\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u0441\u0435\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432\nhostnet=\"192.168.1.0\/24\"\n#\u041f\u043e\u0440\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e RDP \u043a \u0445\u043e\u0441\u0442\u043e\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435\nrdphost=\"1234\"\n#\u041f\u043e\u0440\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e SSH \u043a \u0445\u043e\u0441\u0442\u043e\u0432\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435\nsshhost=\"2345\"\n#\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0445\u0440\u0430\u043d\u0438\u0442 \u043f\u043e\u0440\u0442\u044b \u0434\u043b\u044f \u0431\u0430\u043d\u0430, \u0435\u0441\u043b\u0438 \u0438\u0434\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u0443\u043a\u0438\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432, \u0430 \u043c\u044b \u0438\u0445 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c, \u0442\u043e \u0441\u0440\u0430\u0437\u0443 \u0432 \u0431\u0430\u043d\nportban=\"3380:3399,5985,5986,22,13000,15000,5210:5214,5230:5270,5900:5906\"\n#\u0417\u0430\u0434\u0430\u0434\u0438\u043c \u043f\u043e\u0440\u0442\u044b \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u0442\u0443\u043a\u0438\u0432\u0430\u043d\u0438\u044f\n#\u041d\u0435\u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u043e\u0440\u0442\u044b \u0434\u043b\u044f \u0441\u0442\u0443\u043a\u0430\nport1=\"3456\"\nport2=\"4567\"\nport3=\"5678\"\n#\u041f\u043e\u0440\u0442 \u0434\u043b\u044f \u0441\u0431\u0440\u043e\u0441\u0430\nportreset1=port1\nlet \"portreset1 -= 1\"\nportreset2=port1\nlet \"portreset2 += 1\"\n#\u041f\u043e\u0440\u0442\u044b \u044f\u0432\u043d\u043e\u0433\u043e \u0431\u0430\u043d\u0430\nportban1=port2\nlet \"portban1 -= 1\"\nportban2=port2\nlet \"portban2 += 1\"\nportban3=port3\nlet \"portban3 -= 1\"\nportban4=port3\nlet \"portban4 += 1\"\n\n#\u041f\u0443\u0441\u0442\u044c eth0 (192.168.1.100\/24) \u044d\u0442\u043e \u0441\u0435\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430, vboxnet0 (192.168.56.0\/24) \u044d\u0442\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u0441\u0435\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b\n\n#\u0423\u0434\u0430\u043b\u044f\u0435\u043c \u0432\u0441\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430\nsudo iptables -F\n\nsudo iptables --flush\nsudo iptables --table nat --flush\nsudo iptables --delete-chain\nsudo iptables --table nat --delete-chain\n\n# \u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u0441\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u043c\n\nsudo iptables -P INPUT DROP\nsudo iptables -P OUTPUT DROP\nsudo iptables -P FORWARD DROP\n\n\n\n\n\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043c \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u043f\u0435\u0442\u043b\u0435\u0432\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0438 \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u043f\u0435\u0442\u043b\u0435\u0432\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0432 \u0442\u0430\u0431\u043b\u0438\u0446\u0430\u0445 INPUT\nsudo iptables -A INPUT -i lo -j ACCEPT \nsudo iptables -A OUTPUT -o lo -j ACCEPT\n\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 ICMP\nsudo iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT\nsudo iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT\nsudo iptables -A OUTPUT -p icmp -j ACCEPT\n\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0449\u0435\u0439 \u0432\u0441\u0435 \u0438\u0441\u0445\u043e\u043b\u044f\u0449\u0438\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f\nsudo iptables -P OUTPUT ACCEPT\n\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0438\u0442\u044c \u043f\u043e\u043f\u0430\u0434\u0430\u043d\u0438\u0435 \u043d\u0430 \u043d\u0430\u0448 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0435\u0445 TCP- \u0438 UDP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0448\u0435\u043d\u044b \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438\nsudo iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT\nsudo iptables -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT\n\n\n#\u0422\u0435\u043f\u0435\u0440\u044c \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442\u044b \u0434\u043b\u044f \u043d\u0430\u0448\u0438\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439, \u043f\u0440\u0438\u0447\u0435\u043c \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430\n\n#\u0414\u043b\u044f DNS, \u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e\n#sudo iptables -A INPUT --protocol udp --dport 53 --match state --state NEW --match string --algo kmp --hex-string \"|00 00 02 00 01|\" --from 40 --to 45 --match recent --name DNST --update --seconds 600 --jump DROP\n#sudo iptables -A INPUT --protocol udp --dport 53 --match state --state NEW --match string --algo kmp --hex-string \"|00 00 02 00 01|\" --from 40 --to 45 --match recent --name DNST --set --jump ACCEPT\n#sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT\n#sudo iptables -A OUTPUT -p udp --sport 53 -j ACCEPT\n\n\n#\u0414\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u0441\u0442\u0443\u043a\n#\u0421\u043d\u0430\u0447\u0430\u043b\u0430 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0441\u0442\u0443\u0447\u0430\u0442\u044c \u0432 \u043f\u043e\u0440\u0442 port1 \u043d\u0435 \u0431\u043e\u043b\u0435\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0430 \u0437\u0430 \u043c\u0438\u043d\u0443\u0442\u0443\n#\u043f\u043e\u0442\u043e\u043c \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0441\u0442\u0443\u0447\u0430\u0442\u044c \u0432 \u043f\u043e\u0440\u0442 port2 \u043d\u0435 \u0431\u043e\u043b\u0435\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0430 \u0437\u0430 \u043c\u0438\u043d\u0443\u0442\u0443\n#\u043f\u043e\u0442\u043e\u043c \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u0441\u0442\u0443\u0447\u0430\u0442\u044c \u0432 \u043f\u043e\u0440\u0442 port3 \u043d\u0435 \u0431\u043e\u043b\u0435\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0430 \u0437\u0430 \u043c\u0438\u043d\u0443\u0442\u0443\n#\u0437\u0430\u0442\u0435\u043c \u0438\u0434\u0435\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u043d\u0443\u0436\u043d\u043e\u043c\u0443 \u043f\u043e\u0440\u0442\u0443 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0438 \u043d\u0435 \u0431\u043e\u043b\u0435\u0435 20 \u0441\u0435\u043a\u0443\u043d\u0434\n#\u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u0440\u0430\u0437\u0443 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f\nsudo iptables -N BanSet\nsudo iptables -A BanSet -m recent --name BAN1H --remove\nsudo iptables -A BanSet -m recent --set --name BAN1H\nsudo iptables -A BanSet -m recent --name knock1H --remove\nsudo iptables -A BanSet -m recent --name knock2H --remove\nsudo iptables -A BanSet -m recent --name knock3H --remove\nsudo iptables -A BanSet -j DROP\n\n\nsudo iptables -N Resetknock\nsudo iptables -A Resetknock -m recent --name knock1H --remove\nsudo iptables -A Resetknock -m recent --name knock2H --remove\nsudo iptables -A Resetknock -m recent --name knock3H --remove\nsudo iptables -A Resetknock -m recent --name BAN1H --remove\nsudo iptables -A Resetknock -j DROP\n\nsudo iptables -N Resetknock123\nsudo iptables -A Resetknock123 -m recent --name knock1H --remove\nsudo iptables -A Resetknock123 -m recent --name knock2H --remove\nsudo iptables -A Resetknock123 -m recent --name knock3H --remove\nsudo iptables -A Resetknock123 -j DROP\n\nsudo iptables -N Resetknock12\nsudo iptables -A Resetknock12 -m recent --name knock1H --remove\nsudo iptables -A Resetknock12 -m recent --name knock2H --remove\nsudo iptables -A Resetknock12 -j DROP\n\nsudo iptables -N Resetknock1\nsudo iptables -A Resetknock1 -m recent --name knock1H --remove\nsudo iptables -A Resetknock1 -j DROP\n\nsudo iptables -N Resetknock2\nsudo iptables -A Resetknock2 -m recent --name knock2H --remove\nsudo iptables -A Resetknock2 -j DROP\n\nsudo iptables -N Resetknock3\nsudo iptables -A Resetknock3 -m recent --name knock3H --remove\nsudo iptables -A Resetknock3 -j DROP\n\nsudo iptables -N knock\nsudo iptables -A knock -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H -j Resetknock123\nsudo iptables -A knock -m recent --rcheck --seconds 60 --hitcount 1 --name knock2H -j BanSet\nsudo iptables -A knock -m recent --rcheck --seconds 60 --hitcount 1 --name knock3H -j BanSet\nsudo iptables -A knock -m recent --rcheck --seconds 60 --hitcount 2 --name knock1H -j BanSet\nsudo iptables -A knock -m recent --name knock1H --remove\nsudo iptables -A knock -m recent --set --name knock1H\nsudo iptables -A knock -j DROP\n\nsudo iptables -N knock1\nsudo iptables -A knock1 -m recent --rcheck --seconds 10 --hitcount 1 --name knock1H -j ACCEPT\nsudo iptables -A knock1 -j DROP\n\nsudo iptables -N knock21\nsudo iptables -A knock21 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H -j Resetknock123\nsudo iptables -A knock21 -m recent --rcheck --seconds 60 --hitcount 1 --name knock3H -j BanSet\nsudo iptables -A knock21 -m recent --rcheck --seconds 60 --hitcount 2 --name knock2H -j BanSet\nsudo iptables -A knock21 -m recent --name knock2H --remove\nsudo iptables -A knock21 -m recent --set --name knock2H\nsudo iptables -A knock21 -j DROP\n\nsudo iptables -N knock2\nsudo iptables -A knock2 -m recent --rcheck --seconds 10 --hitcount 1 --name knock2H -j knock1\nsudo iptables -A knock2 -j DROP\n\nsudo iptables -N knock32\nsudo iptables -A knock32 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H -j Resetknock123\nsudo iptables -A knock32 -m recent --rcheck --seconds 60 --hitcount 2 --name knock3H -j BanSet\nsudo iptables -A knock32 -m recent --name knock3H --remove\nsudo iptables -A knock32 -m recent --set --name knock3H\nsudo iptables -A knock32 -j DROP\n\nsudo iptables -N knock3\nsudo iptables -A knock3 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H -j Resetknock123\nsudo iptables -A knock3 -m recent --rcheck --seconds 60 --hitcount 2 --name knock1H -j DROP\nsudo iptables -A knock3 -m recent --rcheck --seconds 60 --hitcount 2 --name knock2H -j DROP\nsudo iptables -A knock3 -m recent --rcheck --seconds 60 --hitcount 2 --name knock3H -j DROP\nsudo iptables -A knock3 -m recent --rcheck --seconds 10 --hitcount 1 --name knock3H -j knock2\nsudo iptables -A knock3 -j DROP\n\n\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport $port1 -j knock\nsudo iptables -A INPUT -m state --state NEW -p tcp -m multiport --dport $portreset1,$portreset2 -j Resetknock\n\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport $port2 -m recent --set --name knock2H -j knock21\nsudo iptables -A INPUT -m state --state NEW -p tcp -m multiport --dport $portban1,$portban2 -j BanSet\n\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport $port3 -m recent --set --name knock3H -j knock32\nsudo iptables -A INPUT -m state --state NEW -p tcp -m multiport --dport $portban3,$portban4 -j BanSet\n\n\n#\u041f\u043e\u043c\u0435\u0449\u0430\u0435\u043c \u0432 \u0431\u0430\u043d \u043d\u0430 10 \u0434\u043d\u0435\u0439 \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u0440\u043e\u0431\u0443\u0435\u0442 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043f\u043e\u0440\u0442\u044b \u0434\u043b\u044f RDP \u0438 SSH \u0438 \u0442\u0430\u043a \u0434\u0430\u043b\u0435\u0435 (3389 \u0438 22)\nsudo iptables -A INPUT -m state --state NEW -p tcp -m multiport --dport $portban -j BanSet\n\n\n\n#\u0414\u043b\u044f \u043c\u043e\u0435\u0433\u043e RDP\n\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport $rdphost -j knock3\nsudo iptables -A OUTPUT -m state --state NEW -p tcp --sport $rdphost -j knock3\n\n#sudo iptables -N RDP\n#sudo iptables -A INPUT -p tcp --dport $rdphost -j RDP\n#sudo iptables -A OUTPUT -p tcp --sport $rdphost -j RDP\n#sudo iptables -A RDP -m state --state NEW -m recent --set --name RDPH --rsource \n#sudo iptables -A RDP -m recent --update --seconds 300 --hitcount 1 --name RDPH --rsource -j DROP\n#sudo iptables -A RDP -j ACCEPT\n\n\n\n\n#\u0414\u043b\u044f \u043c\u043e\u0435\u0433\u043e SSH\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport $sshhost -j knock3\nsudo iptables -A OUTPUT -m state --state NEW -p tcp --sport $sshhost -j knock3\n\n#sudo iptables -N SSH\n#sudo iptables -A INPUT -p tcp --dport $sshhost -j SSH\n#sudo iptables -A OUTPUT -p tcp --sport $sshhost -j SSH\n#sudo iptables -A SSH -m state --state NEW -m recent --set --name SSHH --rsource \n#sudo iptables -A SSH -m recent --update --seconds 300 --hitcount 1 --name SSHH --rsource -j DROP\n#sudo iptables -A SSH -j ACCEPT\n\n\n\n#\u041c\u043e\u0434\u0443\u043b\u0438 iptables MicrosoftVPN \u043d\u0443\u0436\u043d\u044b \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 gre, \u0430 \u0442\u0430\u043a \u0436\u0435 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b ftp\nmodprobe nf_conntrack\nmodprobe iptable_nat\nmodprobe nf_conntrack_ftp\nmodprobe nf_nat_ftp\nmodprobe nf_conntrack_pptp\nmodprobe nf_nat_pptp\n#echo 1 > \/proc\/sys\/net\/netfilter\/nf_conntrack_helper\n\n\n#\u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 NAT\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 FORWARD, \u0442\u0430\u0431\u043b\u0438\u0446\u0435 filter\nsudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n#\u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0435 FORWARD, \u0442\u0430\u0431\u043b\u0438\u0446\u0435 filter\nsudo iptables -A FORWARD -m conntrack --ctstate NEW -i $virtualadapter -j ACCEPT\n#\u0412\u0441\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u043e\u0445\u043e\u0434\u044f\u0442 \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 FORWARD - \u043e\u0442\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0442\u044c\nsudo iptables -P FORWARD DROP\n#\u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (\u043f\u043e\u0434\u043c\u0435\u043d\u0443 \u0430\u0434\u0440\u0435\u0441\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044f \u043f\u0430\u043a\u0435\u0442\u0430 \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430\u0445) \u0432\u0441\u0435\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0438\u0441\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0441 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 eth0\nsudo iptables -t nat -A POSTROUTING -o $hostadapter -s $virtualnet -j MASQUERADE\n\n#\u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438\n\n#\u041f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c DNS\n#sudo iptables -t nat -A PREROUTING -p udp --in-interface $hostadapter --dport 53 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p udp -d 192.168.56.102 --dport 53 -j ACCEPT\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 53 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 53 -j ACCEPT\n\n#ftp 1C\nsudo iptables -A PREROUTING -t raw -p tcp --dport 21 --in-interface $hostadapter -j CT --helper ftp\n\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 20 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 20 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 21 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 21 -j ACCEPT\n\n\n#\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u043e\u0447\u0442\u044b \u043e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u043e\u0440\u0442\u044b \n\n#SMTP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 25 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 25 -j ACCEPT\n \n#SSMTP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 465 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 465 -j ACCEPT\n\n#SMTP Submission\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 587 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 587 -j ACCEPT\n\n#POP3\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 110 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 110 -j ACCEPT\n\n#SPOP3\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 995 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 995 -j ACCEPT\n\n#IMAP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 143 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 143 -j ACCEPT\n\n\n#SIMAP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 993 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 993 -j ACCEPT\n\n\n#HTTP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 80 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 80 -j ACCEPT\n\n#SHTTP\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 443 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 443 -j ACCEPT\n\n#\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0447\u0442\u043e\u0439 Zimbra\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7071 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 7071 -j ACCEPT\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 8443 -j DNAT --to-destination 192.168.56.102\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 8443 -j ACCEPT\n\n\n#\u0414\u043b\u044f VPN\n\n#OpenVPN\n#sudo iptables -N OpenVPN\n#sudo iptables -t nat -A PREROUTING -p udp --in-interface $hostadapter --dport 1194 -j DNAT --to-destination 10.41.0.2\n#sudo iptables -A FORWARD -i $hostadapter -p udp -d 10.41.0.2 --dport 1194 -j OpenVPN\n#sudo iptables -A OpenVPN -m recent --set --name OpenVPNH --rsource \n#sudo iptables -A OpenVPN -m recent --update --seconds 60 --hitcount 1 --name OpenVPNH --rsource -j LOG --log-prefix \"Anti OpenVPNH-Bruteforce: \" --log-level 6 \n#sudo iptables -A OpenVPN -m recent --update --seconds 60 --hitcount 1 --name OpenVPNH --rsource -j DROP\n#sudo iptables -A OpenVPN -j ACCEPT\n\n#Microsoft VPN\n#sudo iptables -A FORWARD -p gre -j ACCEPT\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 1723 -j DNAT --to-destination 10.41.0.2\n#sudo iptables -I FORWARD 1 -i $hostadapter -p tcp -d 10.41.0.2 -p tcp -m tcp --dport 1723 -j ACCEPT\n\n\n#RDP MAIL\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5217 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5217 -m recent --rcheck --seconds 60 --hitcount 2 --name knock1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5217 -m recent --rcheck --seconds 60 --hitcount 2 --name knock2H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5217 -m recent --rcheck --seconds 60 --hitcount 2 --name knock3H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5217 -m recent --rcheck --seconds 10 --hitcount 1 --name knock3H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock2H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock1H --rsource -j DNAT --to-destination 192.168.56.102:3580\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 3580 -j knock3\n#sudo iptables -N RDPMAIL\n#sudo iptables -A RDPMAIL -m state --state NEW -m recent --set --name RDPMAILH --rsource \n#sudo iptables -A RDPMAIL -m recent --update --seconds 60 --hitcount 1 --name RDPMAILH --rsource -j LOG --log-prefix \"Anti RDPMAILH-Bruteforce: \" --log-level 6 \n#sudo iptables -A RDPMAIL -m recent --update --seconds 60 --hitcount 1 --name RDPMAILH --rsource -j DROP\n#sudo iptables -A RDPMAIL -j ACCEPT\n\n#SSH MAIL\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7977 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7977 -m recent --rcheck --seconds 60 --hitcount 2 --name knock1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7977 -m recent --rcheck --seconds 60 --hitcount 2 --name knock2H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7977 -m recent --rcheck --seconds 60 --hitcount 2 --name knock3H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 7977 -m recent --rcheck --seconds 10 --hitcount 1 --name knock3H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock2H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock1H --rsource -j DNAT --to-destination 192.168.56.102:3522\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.102 --dport 3522 -j knock3\n#sudo iptables -N SSHMAIL\n#sudo iptables -A SSHMAIL -m state --state NEW -m recent --set --name SSHMAILH --rsource \n#sudo iptables -A SSHMAIL -m recent --update --seconds 300 --hitcount 1 --name SSHMAILH --rsource -j LOG --log-prefix \"Anti SSHMAILH-Bruteforce: \" --log-level 6 \n#sudo iptables -A SSHMAIL -m recent --update --seconds 60 --hitcount 1 --name SSHMAILH --rsource -j DROP\n#sudo iptables -A SSHMAIL -j ACCEPT\n\n\n#RDP 1C\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -m recent --rcheck --seconds 864000 --hitcount 1 --name BAN1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -m recent --rcheck --seconds 60 --hitcount 2 --name knock1H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -m recent --rcheck --seconds 60 --hitcount 2 --name knock2H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -m recent --rcheck --seconds 60 --hitcount 2 --name knock3H --rsource -j REDIRECT --to-port 3389\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -m recent --rcheck --seconds 10 --hitcount 1 --name knock3H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock2H --rsource -m recent --rcheck --seconds 10 --hitcount 1 --name knock1H --rsource -j DNAT --to-destination 192.168.56.101:3580\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 3580 -j knock3\n#sudo iptables -N RDP1C\n#sudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 5216 -j DNAT --to-destination 192.168.56.101:3580\n#sudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 3580 -j RDP1C\n#sudo iptables -A RDP1C -m state --state NEW -m recent --set --name RDP1CH --rsource \n#sudo iptables -A RDP1C -m recent --update --seconds 60 --hitcount 1 --name RDP1CH --rsource -j DROP\n#sudo iptables -A RDP1C -j ACCEPT\n\n\n\n#HTTP 1C\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 82 -j DNAT --to-destination 192.168.56.101:80\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 80 -j ACCEPT\n\n#HTTP TSLocalAktiv\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 1010 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1010 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -p tcp --in-interface $hostadapter --dport 1011 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1011 -j ACCEPT\n\n\n#\u041e\u0431\u0449\u0438\u0439 \u0434\u043e\u0441\u0443\u043f \u043a \u043f\u0430\u043f\u043a\u0430\u043c \u043d\u0430 1C (SMB)\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 445 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 445 -j ACCEPT\n\n#\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u0430 1\u0421 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 1541 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1541 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 1560:1591 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1560:1591 -j ACCEPT\n#\u041c\u0435\u043d\u0435\u0434\u0436\u0435\u0440 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0439 1\u0421\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 475 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 475 -j ACCEPT\n#\u041e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442\u044b SQL\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 1433 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1434 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 1433 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 1434 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -s $hostnet -p udp --in-interface $hostadapter --dport 1433 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p udp -d 192.168.56.101 --dport 1434 -j ACCEPT\nsudo iptables -t nat -A PREROUTING -s $hostnet -p tcp --in-interface $hostadapter --dport 135 -j DNAT --to-destination 192.168.56.101\nsudo iptables -A FORWARD -i $hostadapter -p tcp -d 192.168.56.101 --dport 135 -j ACCEPT\n\n\n#\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u043f\u043e\u0440\u0442\u043e\u0432, \u0431\u0443\u0434\u0435\u0442 \u043a\u0430\u0437\u0430\u0442\u044c\u0441\u044f \u0447\u0442\u043e \u043f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\nsudo iptables -A INPUT -p tcp -m tcp -j DROP\n\n\n#\u0412\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443\nsudo echo \"#! \/sbin\/iptables-restore\" > \/etc\/network\/if-up.d\/iptables-rules\nsudo iptables-save >> \/etc\/network\/if-up.d\/iptables-rules\nsudo chmod +x \/etc\/network\/if-up.d\/iptables-rules\n\n\n#\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0442\u0435\u0445, \u043a\u0442\u043e \u043f\u043e\u043f\u0430\u043b \u0432 \u0431\u0430\u043d \u043c\u043e\u0436\u043d\u043e \u0432 \/proc\/net\/xt_recent\/YOURNAME\n\n\n\n<\/pre>\n\n\n\n\u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043a\u0440\u0438\u043f\u0442\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u043b\u0438\u0448\u043d\u0435\u0433\u043e, \u043c\u043d\u043e\u0433\u043e\u0435 \u0437\u0430\u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e, \u0432 \u043e\u0431\u0449\u0435\u043c \u043e\u043d \u043d\u0430 \u0432\u0441\u0435 \u0441\u043b\u0443\u0447\u0430\u0438 \u0436\u0438\u0437\u043d\u0438. \u041a\u043e\u043d\u0435\u0447\u043d\u043e \u043c\u043e\u0436\u043d\u043e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u044b \u0441\u0432\u043e\u044e \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044e \u0441\u0442\u0443\u043a\u043e\u0432, \u043d\u043e \u0432 \u0446\u0435\u043b\u043e\u043c \u0432\u043f\u043e\u043b\u043d\u0435 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043e\u0434\u043d\u043e\u0439 \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u0438. <\/p>\n\n\n\n
\u0414\u0430\u043d\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 root.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043e\u0431\u0440\u0438\u0441\u0443\u0435\u043c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e. \u041f\u0443\u0441\u0442\u044c \u043c\u044b \u0438\u043c\u0435\u0435\u043c \u043d\u0435\u043a\u0438\u0439 \u0445\u043e\u0441\u0442\u043e\u0432\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u043d\u0430 \u043d\u0435\u043c \u043a\u0440\u0443\u0442\u044f\u0442\u0441\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d, \u043f\u0440\u0438\u0447\u0435\u043c \u0441\u0432\u044f\u0437\u044c \u043c\u0435\u0436\u0434\u0443 \u043d\u0438\u043c\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0447\u0435\u0440\u0435\u0437 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c 192.168.56.0\/24 (\u044d\u0442\u0430 \u0441\u0435\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0432 VirtualBox). \u0422.\u0435. \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b \u043d\u0435 \u0432\u0438\u0434\u043d\u044b \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438. \u041d\u0443\u0436\u043d\u043e \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0431\u0440\u043e\u0441 \u0438\u0437 \u0432\u043d\u0435 \u043d\u0430 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043c\u0430\u0448\u0438\u043d\u044b. #!\/bin\/bash #\u041f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0430\u044f \u0437\u0430\u0434\u0430\u0435\u0442 \u0438\u043c\u044f \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/posts\/753"}],"collection":[{"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=753"}],"version-history":[{"count":4,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/posts\/753\/revisions"}],"predecessor-version":[{"id":832,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=\/wp\/v2\/posts\/753\/revisions\/832"}],"wp:attachment":[{"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=753"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ast-1c.kz\/almasoft\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}