Script para carregar e descarregar regras com iptables
Publicado por José Guilherme 21/11/2004
[ Hits: 11.010 ]
O script tem apenas duas funções, uma para carregar as regras e a outra para limpar as chains. Você pode coloar as regras que quiser dentro da função start. O mais interessante do script são as funções de controle iptebles.sh {start|stop|restart|force-reload|status}.
#!/bin/bash
###############################################################################
# #
# IPTABLES.SH #
# Script de inicialização de regras de firewall #
# #
# Autor: José Guilherme Camara Ribeiro #
# <jgcr@pop.com.br> #
# #
###############################################################################
# #
# Copyright (C) 2003 Free Software Foundation, Inc. #
# #
# This script is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2, or (at your option) #
# any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You find more about GPL at http://www.gnu.org. #
# #
###############################################################################
function stop {
iptables -t mangle -F PREROUTING
iptables -t mangle -F INPUT
iptables -t mangle -F FORWARD
iptables -t mangle -F OUTPUT
iptables -t mangle -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -t nat -F POSTROUTING
iptables -t filter -F INPUT
iptables -t filter -F FORWARD
iptables -t filter -F OUTPUT
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
rm /var/lock/firewall
}
function start {
##########################################################
################ MANGLE PREROUTING ################
##########################################################
#Bloqueio de broadcast
iptables -t mangle -A PREROUTING -m pkttype --pkt-type broadcast -j DROP
#iptables -t mangle -A PREROUTING -p tcp --dport 622 -m limit --limit 3/m -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 10080 -m limit --limit 1/s -j ACCEPT
##########################################################
################ NAT PREROUTING ################
##########################################################
#Proxy transparente
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 680 -j REDIRECT --to-port 80
#Direcionamentos de portas
#Luciano
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 69 -j DNAT --to 10.200.5.14:80
#Pitbull
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 1255 -j DNAT --to 10.200.5.8:80
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 111 -j DNAT --to 10.200.5.8:22
##########################################################
################ MANGLE INPUT ################
##########################################################
##########################################################
################ FILTER INPUT ################
##########################################################
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#libera rede interna
iptables -t filter -A INPUT -s 10.200.5.0/255.255.255.240 -j ACCEPT
#emule tcp
iptables -t filter -A INPUT -p tcp --dport 5662 -j ACCEPT
#emule udp
iptables -t filter -A INPUT -p udp --dport 5672 -j ACCEPT
#ssh
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
#apache
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
#loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
#police default
iptables -t filter -P INPUT DROP
##########################################################
################ MANGLE OUTPUT ################
##########################################################
##########################################################
################ NAT OUTPUT ################
##########################################################
##########################################################
################ FILTER OUTPUT ################
##########################################################
##########################################################
################ MANGLE FORWARD ################
##########################################################
##########################################################
################ FILTER FORWARD ################
##########################################################
#iptables -t filter -P FORWARD DROP
##########################################################
################ MANGLE POSTROUTING ################
##########################################################
##########################################################
################ NAT POSTROUTING ################
##########################################################
iptables -t nat -A POSTROUTING -s 10.200.5.0/255.255.255.240 -j MASQUERADE
#Abilitar forward, pode ser alterado em /etc/network/options ou:
#echo "1" >/proc/sys/net/ipv4/ip_forward
touch /var/lock/firewall
}
echo "iptables:"
case "$1" in
stop)
if [ -e /var/lock/firewall ]
then
echo " Flushing rules... "
stop
else
echo " Firewall is already down!"
fi
;;
start)
if ! [ -e /var/lock/firewall ]
then
echo " Setting rules... "
start
else
echo " Firewall is already up!"
fi
;;
restart)
echo " Flushing rules... "
stop
echo " Setting rules... "
start
;;
force-reload)
echo " Flushing rules... "
stop
echo " Setting rules... "
start
;;
status)
iptables-save
;;
*)
echo " Invalid action \"$1\", use {start|stop|restart|force-reload|status}"
exit 1
esac
exit 0
Script para controle do servidor ProFTP no Slackware
Instalação do Ubuntu com Criptografia Total
Relógio em tempo real no terminal
sbinstall.sh - Descompacta, compila e instala SlackBuild
ytmp - Youtube no console com youtube-dl + mplayer.
Nenhum comentário foi encontrado.
Patrocínio
Destaques
Artigos
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Tópicos
Vou voltar moderar conteúdos de Dicas e Artigos (1)
SysAdmin ou DevOps: Qual curso inicial pra essa área? (3)
É cada coisa que me aparece! - não é só 3% (3)
Melhorando a precisão de valores flutuantes em python[AJUDA] (5)
Top 10 do mês
-
Xerxes
1° lugar - 67.405 pts -
Fábio Berbert de Paula
2° lugar - 51.015 pts -
Buckminster
3° lugar - 18.117 pts -
Mauricio Ferrari
4° lugar - 15.872 pts -
Alberto Federman Neto.
5° lugar - 14.725 pts -
Diego Mendes Rodrigues
6° lugar - 13.427 pts -
Daniel Lara Souza
7° lugar - 13.013 pts -
edps
8° lugar - 11.504 pts -
Andre (pinduvoz)
9° lugar - 11.136 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 11.116 pts
Scripts
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
