AJuda LoadBalance Brazilfw e DansGuardian
1. AJuda LoadBalance Brazilfw e DansGuardian
rockshock25
(usa Outra)
Enviado em 20/07/2015 - 10:28h
Bom dia amigos.me chamo alexandre e estou com um pequeno problema akiEstou usando este codigo no meu script de inicialização porem quando eu coloco ele e as rotas . o meu dans guardian desativa para
estes ips da rotas .e libera os sites bloqueados .
sabem se tem algum erro q estou fazendo e se podem me ajudar ? grato
Script
#!/bin/sh
caminho="/partition/bloquear/"
###############limpa os treco tudo
#rm -f ${caminho}ipsexo
##rm -f ${caminho}limpar_restricao
#vai ficar assim
#dig +short www.f****.com >> ${caminho}ipsexo
#enquanto le o arquivo executa a descoberta de ips
sort ${caminho}sexo | while read p; do
dig +short $p >> ${caminho}ipsexo
done
#remover linha iguais, copiando e colando em cima do mesmo arquivo
sort ${caminho}ipsexo | uniq >> ${caminho}tempipsexo ; rm -f ${caminho}ipsexo ; mv ${caminho}tempipsexo ${caminho}ipsexo
sed '/timed out/d' ${caminho}ipsexo >> ${caminho}tempipsexo ; rm -f ${caminho}ipsexo ; mv ${caminho}tempipsexo ${caminho}ipsexo
#verifica a existencia de regras anteriores e as deleta em FORWARD
iptables -t filter -L >> ${caminho}verifica
if grep -q "RESTRICAO" "${caminho}verifica"
then {
##########Apagar regras de redirecionar para a chain RESTRICAO
sort ${caminho}iplocalantigo | while read IPantigo; do
/usr/sbin/iptables -D FORWARD -p tcp -s $IPantigo --dport 20:79 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 81:909 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 914:8179 -j RESTRICAO
/usr/sbin/iptables -D FORWARD -s $IPantigo -p tcp --dport 8182:65535 -j RESTRICAO
done
#apagar cópia iplocalantigo
rm -f ${caminho}iplocalantigo
}
fi
if grep -q "RESTRICAO" "${caminho}verifica"
then {
###########Apagar Chain RESTRICAO
/usr/sbin/iptables -t filter -F RESTRICAO
/usr/sbin/iptables -t filter -X RESTRICAO
}
fi
###########Criar nova chain com nome RESTRICAO
/usr/sbin/iptables -t filter -N RESTRICAO
rm -f ${caminho}verifica
###########Politica padrão da chain RESTRICAO é accept
iptables -t filter -A RESTRICAO -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.2 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.2 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.2 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.10 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.10 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.10 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.11 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.11 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.11 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.12 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.12 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.12 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.21 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.21 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.21 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.22 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.22 -j MASQUERADE
iptables -I FORWARD -s 192.168.0.22 -j ACCEPT
iptables -A FORWARD -j DROPDNS
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state established,related -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
###########Destinos bloqueados da RESTRICAO
sort ${caminho}ipsexo | while read IP2; do
/usr/sbin/iptables -I RESTRICAO -d $IP2 -j REJECT
done
sort ${caminho}iplocal | while read IP; do
###########Redirecionar para a chain RESTRICAO, os ips locais
/usr/sbin/iptables -I FORWARD -p tcp -s $IP --dport 20:79 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 81:909 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 914:8179 -j RESTRICAO >> ${caminho}FORWARD
/usr/sbin/iptables -I FORWARD -s $IP -p tcp --dport 8182:65535 -j RESTRICAO >> ${caminho}FORWARD
done
#faz copia de segurança
cp ${caminho}iplocal ${caminho}iplocalantigo
Rotas
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.2.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.2 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.10.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.10 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.11.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.11 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.12.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.12 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.21.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.21 0.0.0.0 443 #HTTPS
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 9 #Discard
yes dynamic network source internet,internet2 192.168.0.22.0.0.0 22 #SSH
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 80 #WWW
yes dynamic network source internet,internet2 192.168.0.22 0.0.0.0 443 #HTTPS
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Aprenda a Gerenciar Permissões de Arquivos no Linux
Como transformar um áudio em vídeo com efeito de forma de onda (wave form)
Como aprovar Pull Requests em seu repositório Github via linha de comando
Dicas
Quebra de linha na data e hora no Linux Mint
Organizando seus PDF com o Zotero
Tópicos
tentando instalar em um notebook antigo o Linux LegacyOS_2023... [RESO... (9)
Problema com Conexão Outlook via Firewall (OpenSUSE) com Internet Fibr... (5)
Top 10 do mês
-
Xerxes
1° lugar - 75.540 pts -
Fábio Berbert de Paula
2° lugar - 61.730 pts -
Mauricio Ferrari
3° lugar - 18.117 pts -
Buckminster
4° lugar - 17.081 pts -
Alberto Federman Neto.
5° lugar - 15.257 pts -
Daniel Lara Souza
6° lugar - 14.425 pts -
edps
7° lugar - 14.088 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
8° lugar - 13.398 pts -
Diego Mendes Rodrigues
9° lugar - 13.320 pts -
Andre (pinduvoz)
10° lugar - 10.721 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
