firewall

Publicado por Perfil removido 17/02/2006

[ Hits: 5.164 ]

Download firewall




Esse é um script de um firewall simples, tendo como base esse script fica facil fazer um firewall :D !!

  



Esconder código-fonte

#!/bin/bash
                                                                                                                             
echo #########################################################
echo Criador  Matheus Anderson
echo email=matheusanderson@gmail.com
echo #########################################################
                                                                                                                             
#Variaveis
REDELOCAL="192.168.0.0/24"
TODOS="0/0"
                                                                                                                             
#Liberar Portas (NAT) Portas
PORTAS="21 1433 80"
for PORT in `echo $PORTAS`
do
iptables -t nat -A POSTROUTING -s $REDELOCAL -p tcp -d $TODOS --dport $PORT -o eth1 -j MASQUERADE
iptables -I FORWARD -p tcp -d $TODOS --dport $PORT -s $REDELOCAL -j ACCEPT
iptables -I OUTPUT -p tcp -d $TODOS --dport $PORT -j ACCEPT
done
                                                                                                                             
# Ignora pings
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
                                                                                                                             
                                                                                                                             
# Proteções diversas contra portscanners, ping of death, ataques DoS, etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A FORWARD -m unclean -j DROP
                                                                                                                             
                                                                                                                             
# Abre para a interface de loopback.
# Esta regra é essencial para o KDE e outros programas gráficos funcionarem
#adequadamente.
iptables -A INPUT -p tcp --syn -s 127.0.0.1/255.0.0.0 -j ACCEPT
                                                                                                                             
# Redireciona uma faixa de portas para um micro da rede local
REDIRECT="1433:1433-192.168.0.1 1434:1434-192.168.0.1"
 
for REDI in `echo $REDIRECT`
do
        PORT=`echo "$REDI" | cut -d"-" -f1`
        IPDEST=`echo "$REDI" | cut -d"-" -f2`
 
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p tcp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p udp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
done
 
#Bloqueia todas as portas que não foram liberados nas regras acima !!
iptables -A INPUT -p tcp --syn -j DROP
 
#Visualisando as regras
iptables -L -n
 
echo #####################################
echo Visualisando Regras com "-t nat"
echo #####################################
 
iptables -t nat -L

Scripts recomendados

S-ps

Impressão direta sem abrir o BrOffice / OpenOffice

Insere Block Squid

Sequenica numerica

Coleta de WWN em AIX


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts