Script de Firewall
Publicado por Perfil removido 21/01/2005
[ Hits: 5.823 ]
Script básico bom pra filtrar umas lanzinhas por ae!! ;-)
#!/bin/sh # # # Todo: Setup loggin, allow access to ssh/smtp/web to internal box # test to make sure instant messengers can send/receive files # test to make sure irc dcc chats/sends work # block certain ads from displaying # # IPTABLES="/sbin/iptables" ## location to iptables binary file EXTDEV="eth0" ## external device that connects to modem INTDEV="eth1" ## internal device that connects to lan EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address case "$1" in start) # ## First we want to enable ip forwarding # echo -n "Enabling IP Forwarding ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Secondly we want to enable dynamic ips # echo -n "Enabling Dynamic Ips ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Now lets clear all the tables incase they were improperly shutdown # echo -n "Flushing tables, Setting default policies to DROP ... " $IPTABLES -P INPUT DROP $IPTABLES -F INPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -P OUTPUT DROP $IPTABLES -F OUTPUT $IPTABLES -t nat -F $IPTABLES -t mangle -F echo "done." # ## Its time to start setting up our rules and policies # echo -n "Setting up the firewall now ... " ## First we want to allow only incoming connections that we establish first $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## Next we want to allow ssh incoming connections as well $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT # ## Now we are going to allow our lan with access to the external network # ## First we allow all established connections to be forwarded internally $IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT ## Second we allow all connections from the lan to the external network $IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT ## Masquerade from Internal Net to External Net $IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE # ## And last thing we need to worry about is what the internal network has access to do externally # $IPTABLES -P OUTPUT ACCEPT echo "Firewall has been fully installed" ;; stop) echo -n "Flushin all rules ... " $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t nat -F PREROUTING $IPTABLES -t nat -F POSTROUTING $IPTABLES -t nat -F OUTPUT echo "done." ;; restart) $0 stop $0 start ;; status) $IPTABLES -L ;; *) echo "usage: $0 {start|stop|restart|status}" exit 1 esac exit 0 ## EOF ##
Java 7/8 - Instalação automatizada no Ubuntu
Alta disponibilidade de Links com CentOS 6
Nenhum coment�rio foi encontrado.
Atualizando o Passado: Linux no Lenovo G460 em 2025
aaPanel - Um Painel de Hospedagem Gratuito e Poderoso
O macete do Warsaw no Linux Mint e cia
Visualizar arquivos em formato markdown (ex.: README.md) pelo terminal
Dando - teoricamente - um gás no Gnome-Shell do Arch Linux
Como instalar o Google Cloud CLI no Ubuntu/Debian
Mantenha seu Sistema Leve e Rápido com a Limpeza do APT!
Procurando vídeos de YouTube pelo terminal e assistindo via mpv (2025)
O 1º artigo a gente nunca esquece (1)
Pastas da raiz foram para a área de trabalho [RESOLVIDO] (9)
Problema ao atualizar archlinux nvidia [RESOLVIDO] (3)