zira-etc/csf/disabled/csfpost.sh

# enable kernel ppp modules
service pptpd stop
modprobe ppp_generic
modprobe ppp_deflate
modprobe ppp_async
modprobe ppp_mppe
modprobe ppp_synctty
service pptpd start

# iptables rules for redirect to external ip from localnet when request sent to external ip
/sbin/iptables -t nat -A PREROUTING -p tcp -d 89.121.131.74 --dport 80 -j DNAT --to 192.168.1.2:80
/sbin/iptables -t nat -A PREROUTING -p tcp -d 89.121.131.74 --dport 443 -j DNAT --to 192.168.1.2:443

# NAT reflection
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -d 89.121.131.74/32 -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.1.2

# drop SMTP connections based on connection rate
#iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
#iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set

# ipset
#ipset flush
#ipset -X smtpdrop
#ipset -N smtpdrop hash:net
#for i in `cat /etc/csf/ipuri-blocate.txt `; do ipset -A smtpdrop $i; done
#iptables -A INPUT -p all -m set --match-set smtpdrop src -j DROP