Script de Firewall

Publicado por Perfil removido 21/01/2005

[ Hits: 5.683 ]

Download rc.firewall




Script básico bom pra filtrar umas lanzinhas por ae!! ;-)

  



Esconder código-fonte

#!/bin/sh
#
#
# Todo: Setup loggin, allow access to ssh/smtp/web to internal box
#       test to make sure instant messengers can send/receive files
#       test to make sure irc dcc chats/sends work
#       block certain ads from displaying
#
#

IPTABLES="/sbin/iptables"   ## location to iptables binary file

EXTDEV="eth0"               ## external device that connects to modem
INTDEV="eth1"               ## internal device that connects to lan

EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address
INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address

case "$1" in
  start)

#
## First we want to enable ip forwarding
#
echo -n "Enabling IP Forwarding ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Secondly we want to enable dynamic ips
#
echo -n "Enabling Dynamic Ips ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Now lets clear all the tables incase they were improperly shutdown
#

echo -n "Flushing tables, Setting default policies to DROP ... "
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
echo "done."

#
## Its time to start setting up our rules and policies
#

echo -n "Setting up the firewall now ... "
## First we want to allow only incoming connections that we establish first
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Next we want to allow ssh incoming connections as well
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT

#
## Now we are going to allow our lan with access to the external network
#

## First we allow all established connections to be forwarded internally
$IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT

## Second we allow all connections from the lan to the external network
$IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT

## Masquerade from Internal Net to External Net
$IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE

#
## And last thing we need to worry about is what the internal network has access to do externally
#

$IPTABLES -P OUTPUT ACCEPT


echo "Firewall has been fully installed"

;;
stop)

echo -n "Flushin all rules ... "
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -F OUTPUT
echo "done."
;;
restart)
$0 stop
$0 start
;;
status)
$IPTABLES -L
;;
*)
echo "usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0

## EOF ##

Scripts recomendados

Criação de pasta com senha no Apache

SlackelsPKG 1.0 - uma réplica de gerenciador de pacotes para o Slackware Current

PKG Sync v3.0 - Utilitário para backup de pacotes deb baixados - Versão final

Backup LDAP

Listando usuários em um grupo


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts