#!/bin/bash
# Block NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Block XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# Block SYN-FIN
iptables -A INPUT -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
# Block SYN-RST
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# Block FIN without ACK
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
# Block URG without ACK
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
# Rate-limit ICMP (ping) to prevent flood
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 5 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo "Packet scan blocking rules applied"