Script para carregar e descarregar regras com iptables
Publicado por José Guilherme 21/11/2004
[ Hits: 11.190 ]
O script tem apenas duas funções, uma para carregar as regras e a outra para limpar as chains. Você pode coloar as regras que quiser dentro da função start. O mais interessante do script são as funções de controle iptebles.sh {start|stop|restart|force-reload|status}.
#!/bin/bash
###############################################################################
# #
# IPTABLES.SH #
# Script de inicialização de regras de firewall #
# #
# Autor: José Guilherme Camara Ribeiro #
# <jgcr@pop.com.br> #
# #
###############################################################################
# #
# Copyright (C) 2003 Free Software Foundation, Inc. #
# #
# This script is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2, or (at your option) #
# any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You find more about GPL at http://www.gnu.org. #
# #
###############################################################################
function stop {
iptables -t mangle -F PREROUTING
iptables -t mangle -F INPUT
iptables -t mangle -F FORWARD
iptables -t mangle -F OUTPUT
iptables -t mangle -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -t nat -F POSTROUTING
iptables -t filter -F INPUT
iptables -t filter -F FORWARD
iptables -t filter -F OUTPUT
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
rm /var/lock/firewall
}
function start {
##########################################################
################ MANGLE PREROUTING ################
##########################################################
#Bloqueio de broadcast
iptables -t mangle -A PREROUTING -m pkttype --pkt-type broadcast -j DROP
#iptables -t mangle -A PREROUTING -p tcp --dport 622 -m limit --limit 3/m -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 10080 -m limit --limit 1/s -j ACCEPT
##########################################################
################ NAT PREROUTING ################
##########################################################
#Proxy transparente
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 680 -j REDIRECT --to-port 80
#Direcionamentos de portas
#Luciano
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 69 -j DNAT --to 10.200.5.14:80
#Pitbull
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1255 -j DNAT --to 10.200.5.8:80
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 111 -j DNAT --to 10.200.5.8:22
##########################################################
################ MANGLE INPUT ################
##########################################################
##########################################################
################ FILTER INPUT ################
##########################################################
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#libera rede interna
iptables -t filter -A INPUT -s 10.200.5.0/255.255.255.240 -j ACCEPT
#emule tcp
iptables -t filter -A INPUT -p tcp --dport 5662 -j ACCEPT
#emule udp
iptables -t filter -A INPUT -p udp --dport 5672 -j ACCEPT
#ssh
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
#apache
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
#loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
#police default
iptables -t filter -P INPUT DROP
##########################################################
################ MANGLE OUTPUT ################
##########################################################
##########################################################
################ NAT OUTPUT ################
##########################################################
##########################################################
################ FILTER OUTPUT ################
##########################################################
##########################################################
################ MANGLE FORWARD ################
##########################################################
##########################################################
################ FILTER FORWARD ################
##########################################################
#iptables -t filter -P FORWARD DROP
##########################################################
################ MANGLE POSTROUTING ################
##########################################################
##########################################################
################ NAT POSTROUTING ################
##########################################################
iptables -t nat -A POSTROUTING -s 10.200.5.0/255.255.255.240 -j MASQUERADE
#Abilitar forward, pode ser alterado em /etc/network/options ou:
#echo "1" >/proc/sys/net/ipv4/ip_forward
touch /var/lock/firewall
}
echo "iptables:"
case "$1" in
stop)
if [ -e /var/lock/firewall ]
then
echo " Flushing rules... "
stop
else
echo " Firewall is already down!"
fi
;;
start)
if ! [ -e /var/lock/firewall ]
then
echo " Setting rules... "
start
else
echo " Firewall is already up!"
fi
;;
restart)
echo " Flushing rules... "
stop
echo " Setting rules... "
start
;;
force-reload)
echo " Flushing rules... "
stop
echo " Setting rules... "
start
;;
status)
iptables-save
;;
*)
echo " Invalid action \"$1\", use {start|stop|restart|force-reload|status}"
exit 1
esac
exit 0
Scripts recomendados
Extração do áudio de um DVD - Ogg Vorbis
Atualizando o sistema no Debian
Converter arquivos CBR para PDF
Comentários
Nenhum coment�rio foi encontrado.
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Atualizando o Passado: Linux no Lenovo G460 em 2025
aaPanel - Um Painel de Hospedagem Gratuito e Poderoso
O macete do Warsaw no Linux Mint e cia
Dicas
Visualizar arquivos em formato markdown (ex.: README.md) pelo terminal
Dando - teoricamente - um gás no Gnome-Shell do Arch Linux
Como instalar o Google Cloud CLI no Ubuntu/Debian
Mantenha seu Sistema Leve e Rápido com a Limpeza do APT!
Procurando vídeos de YouTube pelo terminal e assistindo via mpv (2025)
Tópicos
Será que eu deveria apreender C/C++ para desenvolver para Linux? (3)
O 1º artigo a gente nunca esquece (3)
Pastas da raiz foram para a área de trabalho [RESOLVIDO] (9)
Top 10 do mês
-
Xerxes
1° lugar - 84.674 pts -
Fábio Berbert de Paula
2° lugar - 64.849 pts -
Mauricio Ferrari
3° lugar - 19.090 pts -
Buckminster
4° lugar - 17.477 pts -
Alberto Federman Neto.
5° lugar - 16.621 pts -
Daniel Lara Souza
6° lugar - 17.261 pts -
edps
7° lugar - 15.671 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
8° lugar - 14.829 pts -
Diego Mendes Rodrigues
9° lugar - 13.520 pts -
Andre (pinduvoz)
10° lugar - 12.468 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
