Script de Firewall
Publicado por Perfil removido 21/01/2005
[ Hits: 5.690 ]
Script básico bom pra filtrar umas lanzinhas por ae!! ;-)
#!/bin/sh # # # Todo: Setup loggin, allow access to ssh/smtp/web to internal box # test to make sure instant messengers can send/receive files # test to make sure irc dcc chats/sends work # block certain ads from displaying # # IPTABLES="/sbin/iptables" ## location to iptables binary file EXTDEV="eth0" ## external device that connects to modem INTDEV="eth1" ## internal device that connects to lan EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address case "$1" in start) # ## First we want to enable ip forwarding # echo -n "Enabling IP Forwarding ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Secondly we want to enable dynamic ips # echo -n "Enabling Dynamic Ips ... " echo "1" > /proc/sys/net/ipv4/ip_forward echo "done." # ## Now lets clear all the tables incase they were improperly shutdown # echo -n "Flushing tables, Setting default policies to DROP ... " $IPTABLES -P INPUT DROP $IPTABLES -F INPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -P OUTPUT DROP $IPTABLES -F OUTPUT $IPTABLES -t nat -F $IPTABLES -t mangle -F echo "done." # ## Its time to start setting up our rules and policies # echo -n "Setting up the firewall now ... " ## First we want to allow only incoming connections that we establish first $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ## Next we want to allow ssh incoming connections as well $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT # ## Now we are going to allow our lan with access to the external network # ## First we allow all established connections to be forwarded internally $IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT ## Second we allow all connections from the lan to the external network $IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT ## Masquerade from Internal Net to External Net $IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE # ## And last thing we need to worry about is what the internal network has access to do externally # $IPTABLES -P OUTPUT ACCEPT echo "Firewall has been fully installed" ;; stop) echo -n "Flushin all rules ... " $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t nat -F PREROUTING $IPTABLES -t nat -F POSTROUTING $IPTABLES -t nat -F OUTPUT echo "done." ;; restart) $0 stop $0 start ;; status) $IPTABLES -L ;; *) echo "usage: $0 {start|stop|restart|status}" exit 1 esac exit 0 ## EOF ##
mPlayRecTv - assista e grave a programação da TV com MPlayer
ddflash - criar mídia bootável do Linux e FreeBSD
Bloqueia ataques do tipo bruteforce
Bloquear ataques DDoS com bloqueio de range de IPs e avisar por e-mail
Automatizar a instalação do IRPF no Linux
Nenhum comentário foi encontrado.
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
SysAdmin ou DevOps: Qual curso inicial pra essa área? (0)
Melhores Práticas de Nomenclatura: Pastas, Arquivos e Código (3)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta