iamloco
(usa Ubuntu)
Enviado em 05/08/2011 - 17:44h
Ola, gostaria de saber onde colocar as regras de segurança do iptables, pois andei lendo e diz que vai em cima do arquivo, tipo no começo antes de tudo gostaria de saber realmente onde é, aqui vai o inicio do script
#!/bin/bash
iniciar(){
# ETH2: REDE INTERNET
# ETH0: REDE HU
# ATIVANDO FORWARD
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
# ANTI-HACK
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A FORWARD -m unclean -j DROP
# BLOQUEIO DE SITES
for end in `cat /etc/squid/rules/iptables`
do
iptables -A OUTPUT -d $end -j REJECT
iptables -A FORWARD -d $end -j REJECT
done
# GOOGLE TALK
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 5222 -j DROP
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 5222 -j DROP
iptables -A FORWARD -d talk.google.com -p tcp --dport 5222 -j DROP
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 5222 -j DROP
Aguardando Help's flw