Enviado em 20/07/2015 - 10:28h
Bom dia amigos.me chamo alexandre e estou com um pequeno problema aki#!/bin/sh
caminho="/partition/bloquear/"
###############limpa os treco tudo
#rm -f ${caminho}ipsexo
##rm -f ${caminho}limpar_restricao
#vai ficar assim
#dig +short www.f****.com >> ${caminho}ipsexo
#enquanto le o arquivo executa a descoberta de ips
sort ${caminho}sexo | while read p; do
dig +short $p >> ${caminho}ipsexo
done
#remover linha iguais, copiando e colando em cima do mesmo arquivo
sort ${caminho}ipsexo | uniq >> ${caminho}tempipsexo ; rm -f ${caminho}ipsexo ; mv ${caminho}tempipsexo ${caminho}ipsexo
sed '/timed out/d' ${caminho}ipsexo >> ${caminho}tempipsexo ; rm -f ${caminho}ipsexo ; mv ${caminho}tempipsexo ${caminho}ipsexo
#verifica a existencia de regras anteriores e as deleta em FORWARD
iptables -t filter -L >> ${caminho}verifica
if grep -q "RESTRICAO" "${caminho}verifica"
then {
##########Apagar regras de redirecionar para a chain RESTRICAO
sort ${caminho}iplocalantigo | while read IPantigo; do
/usr/sbin/iptables -D FORWARD -p tcp -s $IPantigo --dport 20:79 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 81:909 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 914:8179 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 8182:65535 -j RESTRICAO
done
#apagar cópia iplocalantigo
rm -f ${caminho}iplocalantigo
}
fi
if grep -q "RESTRICAO" "${caminho}verifica"
then {
###########Apagar Chain RESTRICAO
/usr/sbin/iptables -t filter -F RESTRICAO
/usr/sbin/iptables -t filter -X RESTRICAO
}
fi
###########Criar nova chain com nome RESTRICAO
/usr/sbin/iptables -t filter -N RESTRICAO
rm -f ${caminho}verifica
###########Politica padrão da chain RESTRICAO é accept
iptables -t filter -A RESTRICAO -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.2 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.2 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.2 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.10 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.10 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.10 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.11 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.11 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.11 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.12 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.12 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.12 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.21 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.21 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.21 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.22 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.22 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.22 -j ACCEPT
iptables -A FORWARD -j DROPDNS
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state established,related -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
###########Destinos bloqueados da RESTRICAO
sort ${caminho}ipsexo | while read IP2; do
/usr/sbin/iptables -I RESTRICAO -d $IP2 -j REJECT
done
sort ${caminho}iplocal | while read IP; do
###########Redirecionar para a chain RESTRICAO, os ips locais
/usr/sbin/iptables -I FORWARD -p tcp -s $IP --dport 20:79 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 81:909 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 914:8179 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 8182:65535 -j RESTRICAO >> ${caminho}FORWARD
done
#faz copia de segurança
cp ${caminho}iplocal ${caminho}iplocalantigo
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.2.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.10.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.11.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.12.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.21.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.22.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 443 #HTTPS
Comparação entre os escalonadores BFQ e MQ-Deadline (acesso a disco) no Arch e Debian
Conciliando o uso da ZRAM e SWAP em disco na sua máquina
Servidor de Backup com Ubuntu Server 24.04 LTS, RAID e Duplicati (Dell PowerEdge T420)
Visualizar câmeras IP ONVIF no Linux sem necessidade de instalar aplicativos
Converter os repositórios Debian para o novo formato com as chaves
Instalando Spotify no Debian 13
Realizar overclock no Miyoo Mini (plus ou normal)
linux mint reconhece microfone de lapela como fone de ouvido sem micro... (5)
E aí? O Warsaw já está funcionando no Debian 13? (2)
Dúvidas sobre a originalidade de conteúdos online (12)