Script de Firewall
Publicado por Perfil removido 21/01/2005
[ Hits: 5.710 ]
Script básico bom pra filtrar umas lanzinhas por ae!! ;-)
#!/bin/sh # # # Todo: Setup loggin, allow access to ssh/smtp/web to internal box # test to make sure instant messengers can send/receive files # test to make sure irc dcc chats/sends work # block certain ads from displaying # # IPTABLES="/sbin/iptables" ## location to iptables binary file EXTDEV="eth0" ## external device that connects to modem INTDEV="eth1" ## internal device that connects to lan EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address case "$1" in start) # ## First we want to enable ip forwarding # echo -n "Enabling IP Forwarding ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Secondly we want to enable dynamic ips # echo -n "Enabling Dynamic Ips ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Now lets clear all the tables incase they were improperly shutdown # echo -n "Flushing tables, Setting default policies to DROP ... " $IPTABLES -P INPUT DROP $IPTABLES -F INPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -P OUTPUT DROP $IPTABLES -F OUTPUT $IPTABLES -t nat -F $IPTABLES -t mangle -F echo "done." # ## Its time to start setting up our rules and policies # echo -n "Setting up the firewall now ... " ## First we want to allow only incoming connections that we establish first $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## Next we want to allow ssh incoming connections as well $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT # ## Now we are going to allow our lan with access to the external network # ## First we allow all established connections to be forwarded internally $IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT ## Second we allow all connections from the lan to the external network $IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT ## Masquerade from Internal Net to External Net $IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE # ## And last thing we need to worry about is what the internal network has access to do externally # $IPTABLES -P OUTPUT ACCEPT echo "Firewall has been fully installed" ;; stop) echo -n "Flushin all rules ... " $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t nat -F PREROUTING $IPTABLES -t nat -F POSTROUTING $IPTABLES -t nat -F OUTPUT echo "done." ;; restart) $0 stop $0 start ;; status) $IPTABLES -L ;; *) echo "usage: $0 {start|stop|restart|status}" exit 1 esac exit 0 ## EOF ##
Bloquear Facebook no Linux Educacional 3
Enviar mensagens Via Net Send no Linux
Nenhum comentário foi encontrado.
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (16)
Arch Linux - Guia para Iniciantes (2)
Problemas ao instalar o PHP (11)
Tenho dois Link's ( IP VÁLIDOS ), estou tentando fazer o failover... (0)