Script de Firewall

Publicado por Perfil removido 21/01/2005

[ Hits: 5.710 ]

Download rc.firewall




Script básico bom pra filtrar umas lanzinhas por ae!! ;-)

  



Esconder código-fonte

#!/bin/sh
#
#
# Todo: Setup loggin, allow access to ssh/smtp/web to internal box
#       test to make sure instant messengers can send/receive files
#       test to make sure irc dcc chats/sends work
#       block certain ads from displaying
#
#

IPTABLES="/sbin/iptables"   ## location to iptables binary file

EXTDEV="eth0"               ## external device that connects to modem
INTDEV="eth1"               ## internal device that connects to lan

EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address
INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address

case "$1" in
  start)

#
## First we want to enable ip forwarding
#
echo -n "Enabling IP Forwarding ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Secondly we want to enable dynamic ips
#
echo -n "Enabling Dynamic Ips ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Now lets clear all the tables incase they were improperly shutdown
#

echo -n "Flushing tables, Setting default policies to DROP ... "
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
echo "done."

#
## Its time to start setting up our rules and policies
#

echo -n "Setting up the firewall now ... "
## First we want to allow only incoming connections that we establish first
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Next we want to allow ssh incoming connections as well
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT

#
## Now we are going to allow our lan with access to the external network
#

## First we allow all established connections to be forwarded internally
$IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT

## Second we allow all connections from the lan to the external network
$IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT

## Masquerade from Internal Net to External Net
$IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE

#
## And last thing we need to worry about is what the internal network has access to do externally
#

$IPTABLES -P OUTPUT ACCEPT


echo "Firewall has been fully installed"

;;
stop)

echo -n "Flushin all rules ... "
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -F OUTPUT
echo "done."
;;
restart)
$0 stop
$0 start
;;
status)
$IPTABLES -L
;;
*)
echo "usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0

## EOF ##

Scripts recomendados

Diagnóstico de Rede

Bloquear Facebook no Linux Educacional 3

Atualização do FreeBSD

Enviar mensagens Via Net Send no Linux

upload script


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts