Firewall
Publicado por Fabio Tezzei 23/02/2006
[ Hits: 5.778 ]
FIz mais um firewall, para a galera testar.
no caso do Debian, coloque o script no /bin
e crie um link simbolico para o rc2.d.
No caso de red hat e seus derivados, coloque no no /bin, com uma chamada no rc.local.
#!/bin/bash echo echo " Ativando o Firewall" IP_SERVER= IP_SERVER_interno= ANY="0/0" LOOPBACK="127.0.0.1" INTERFACE_EXTERNA="eth0" CLASS_A="10.0.0.0/8" CLASS_B="172.16.0.0/12" CLASS_C="192.168.0.0/16" CLASS_D_MULTICAST="224.0.0.0/4" CLASS_E_RESERVED_NET="240.0.0.0/5" BROADCAST_ORI="0.0.0.0" BROADCAST_DEST="255.255.255.255" echo "Carregando Modulos" modprobe iptable_filter modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_conntrack modprobe ip_conntrack_ftp # Bloquea Geral Policy = DROP ## Caso for fazer compartilhamento de Internet, mudar FORWARD para ACCEPT iptables -F iptables -Z iptables -t nat -F iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD ACCEPT echo "Protecao contra ataques de spoof ativada " ## Protecao contra ATAQUES DE SPOOF com ip's invalidos # Recusa pacotes para/dizendo ser de uma Classe A privada e loga. iptables -A INPUT -i $INTERFACE_EXTERNA -s $CLASS_A -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -d $CLASS_A -j DROP # Recusa pacotes para/dizendo ser de uma Classe B privada e loga. iptables -A INPUT -i $INTERFACE_EXTERNA -s $CLASS_B -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -d $CLASS_B -j DROP #iptables -A OUTPUT -s $CLASS_B -j DROP #iptables -A OUTPUT -d $CLASS_B -j DROP # Recusa pacotes para/dizendo ser de uma Classe C privada e loga. #iptables -A INPUT -i $INTERFACE_EXTERNA -s $CLASS_C -j DROP #iptables -A OUTPUT -s $CLASS_C -j DROP #iptables -A OUTPUT -d $CLASS_C -j DROP # Recusa pacotes dizendo ser da interface de loopback e loga. iptables -A INPUT -i $INTERFACE_EXTERNA -s $LOOPBACK -j DROP #iptables -A OUTPUT -s $LOOPBACK -j DROP # Recusa enderecos de ORIGEM da broadcast iptables -A INPUT -i $INTERFACE_EXTERNA -s $BROADCAST_DEST -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -d $BROADCAST_ORI -j DROP # Recusa uma classe D de enderecos multicast (in.h) (NET-3-HOWTO) # Multicast eh ilegal como endereco de origem. # Multicast usa UDP. iptables -A INPUT -i $INTERFACE_EXTERNA -s $CLASS_D_MULTICAST -j DROP # Recusa uma classe E de enderecos reservados iptables -A INPUT -i $INTERFACE_EXTERNA -s $CLASS_E_RESERVED_NET -j DROP #Enderecos Reservados Pelo IANA # recusa enderecos definidos como reservados pela IANA # 0.*.*.*, 1.*.*.*, 2.*.*.*, 5.*.*.*, 7.*.*.*, 23.*.*.*, 27.*.*.* # 31.*.*.*, 37.*.*.*, 39.*.*.*, 41.*.*.*, 42.*.*.*, 58-60.*.*.* # 65-95.*.*.*, 96-126.*.*.*, 197.*.*.*, 201.*.*.* (?), 217-223.*.*.* iptables -A INPUT -i $INTERFACE_EXTERNA -s 1.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 2.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 5.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 7.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 23.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 27.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 31.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 37.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 39.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 41.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 42.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 58.0.0.0/7 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 70.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 71.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 72.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 73.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 74.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 75.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 76.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 77.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 78.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 79.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 80.0.0.0/4 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 96.0.0.0/4 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 112.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 113.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 114.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 115.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 116.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 117.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 118.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 119.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 120.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 121.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 122.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 123.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 124.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 125.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 126.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 217.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 218.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 219.0.0.0/8 -j DROP iptables -A INPUT -i $INTERFACE_EXTERNA -s 220.0.0.0/6 -j DROP #Fechamento de bakdoor que possam ser abertas por trojans #BackOrifice (logged) iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 31337 -j DROP iptables -A INPUT -p udp -s $ANY -d $ANY --dport 31337 -j DROP #NetBus iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 12345:12346 -j DROP iptables -A INPUT -p udp -s $ANY -d $ANY --dport 12345:12346 -j DROP #teste LOG NetBus #iptables -A INPUT -s $ANY -m limit --limit 1/s -j LOG #iptables -A FORWARD -p tcp --dport 12345:12346 -s $ANY -d $ANY -j LOG --log-prefix 'NetBus Lammer Attack' #TrinOO iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 1542 -j DROP iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 27665 -j DROP iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 27444 -j DROP iptables -A INPUT -p tcp -s $ANY -d $ANY --dport 31335 -j DROP #Habilitar Por Mac #iptables -A INPUT -p icmp -m mac --mac-source 00:00:21:FA:B3:02 -j ACCEPT #iptables -A OUTPUT -p icmp -d $ANY -j ACCEPT #echo "Liberado FTP" # Liberar FTP / IP (SERVIDOR) # Portas 20/21 - #iptables -A INPUT -p tcp -s $ANY --sport 1024:65535 -d $IP_SERVER --dport 21 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 21 -d $ANY --dport 1024:65535 -j ACCEPT #iptables -A INPUT -p tcp -s $ANY --sport 1024:65535 -d $IP_SERVER --dport 20 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 20 -d $ANY --dport 1024:65535 -j ACCEPT #Libera Cliente SSH (22) iptables -A INPUT -p tcp -s $ANY --sport 22 -j ACCEPT iptables -A OUTPUT -p tcp -d $ANY --dport 22 -j ACCEPT #Libera Servidor SSH (22) iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER_interno --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp -s $IP_SERVER_interno --sport 22 -d $ANY -j ACCEPT iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 22 -d $ANY -j ACCEPT #Libera Cliente Telnet (23) #iptables -A INPUT -p tcp -s $ANY --sport 23 -j ACCEPT #iptables -A OUTPUT -p tcp -d $ANY --dport 23 -j ACCEPT #Libera Servidor Telnet (23) #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 23 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 23 -d $ANY -j ACCEPT #Liberar Porta 25 (SMTP) #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 25 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 25 -d $ANY -j ACCEPT #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER_interno --dport 25 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER_interno --sport 25 -d $ANY -j ACCEPT #iptables -A INPUT -p tcp -s $ANY -d 127.0.0.1 --dport 25 -j ACCEPT #iptables -A OUTPUT -p tcp -s 127.0.0.1 --sport 25 -d $ANY -j ACCEPT #Liberar Porta 80 (SERVIDOR) iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 80 -d $ANY -j ACCEPT #iptables -A INPUT -p tcp -s $ANY -d 200.150.245.51 --dport 80 -j ACCEPT #iptables -A OUTPUT -p tcp -s 200.150.245.51 --sport 80 -d $ANY -j ACCEPT #Liberar Portas 110 (POP3) #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER_interno --dport 110 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER_interno --sport 110 -d $ANY -j ACCEPT #Identd ( Problemas de Delay com NAT + DROP no Identd (Forum Firewall - LinuxSecurity) #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 113 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 113 -d $ANY -j ACCEPT #iptables -A INPUT -p tcp -d $IP_SERVER --dport 113 -j REJECT --reject-with tcp-reset #iptables -A FORWARD -p tcp -d $IP_SERVER --dport 113 -j REJECT --reject-with tcp-reset #Cliente DNS iptables -A INPUT -p udp --sport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp --sport 53 -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT #Servidor DNS iptables -A INPUT -p udp -s $ANY -d $IP_SERVER_interno --dport 53 -j ACCEPT iptables -A OUTPUT -p udp -s $IP_SERVER_interno --sport 53 -d $ANY -j ACCEPT iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER_interno --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -s $IP_SERVER_interno --sport 53 -d $ANY -j ACCEPT #Liberar Servidor IMAP (143) #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 143 -j ACCEPT #iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 143 -d $ANY -j ACCEPT #Bloquear MYSQL Externo #ptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 3306 -j DROP #ptables -A OUTPUT -p tcp -s $IP_SERVER --sport 3306 -d $ANY -j DROP iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 3128 -j DROP #Liberar Acesso FILE SERVER #echo "Liberado acesso as portas 135,137,139" #iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 135:139 -j ACCEPT #iptables -A OUTPUT -p tcp -d $ANY -s $IP_SERVER --sport 135:139 -j ACCEPT #iptables -A INPUT -p udp -s $ANY -d $IP_SERVER --dport 135:139 -j ACCEPT #iptables -A OUTPUT -p udp -s $IP_SERVER --sport 135:139 -d $ANY -j ACCEPT echo "Liberado portas nao privilegiadas" #Liberar Portas nao Privilegiadas (1024 -> 65535 ) (Clientes HTTP/MAIL etc) #Sempre Deixar aberta iptables -A INPUT -p tcp -s $ANY -d $IP_SERVER --dport 1024:65535 -j ACCEPT iptables -A OUTPUT -p tcp -s $IP_SERVER --sport 1024:65535 -d $ANY -j ACCEPT #Protecoes Gerais ##Protecao com Syn-flood DoS iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT ##Protecao contra stealth scan iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT ##Protecao contra Furtive port scanner iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT ##Protecao conta Ping of Death iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT #Bloquear Pacotes Desfragmentados (headers) iptables -A FORWARD -f -j DROP iptables -A INPUT -f -j DROP #Proteger Contra Scan, so deixar que Habilitado para ip especificado #iptables -A INPUT -p tcp -s $ANY --dport 22 -j ACCEPT #iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with tcp-reset ################ #REGRAS DE PING# ################ #Habilitar Pacotes ICMP #Echo Reply - Habilita responder ping, se mudar pra INPUT ele deixa pingar iptables -A OUTPUT -p ICMP -s $ANY --icmp-type 0 -j ACCEPT iptables -A INPUT -p ICMP -s $ANY --icmp-type 0 -j ACCEPT #Destination Unreachable iptables -A OUTPUT -p ICMP -s $ANY --icmp-type 3 -j ACCEPT #Redirect iptables -A OUTPUT -p ICMP -s $ANY --icmp-type 5 -j ACCEPT #Echo Request - Receber PING iptables -A OUTPUT -p ICMP -s $ANY --icmp-type 8 -j ACCEPT iptables -A INPUT -p ICMP -s $ANY --icmp-type 8 -j ACCEPT #Time Exceeded iptables -A OUTPUT -p ICMP -s $ANY --icmp-type 11 -j ACCEPT ############################################## #REGRAS DE NAT que cliente pode acessar o que# ############################################## #Caso queiro que um client nat nao use telnet, por exemplo #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 23 -j DROP #Bloquear Algumas Portas PAra maquinas Internas no Compartilhamento #SSH #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -j DROP #HTTP #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 80 -j DROP #SMTP (Externo) #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -j DROP #POP3 (Externo) #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 110 -j DROP #ICQ #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 4000 -j DROP #iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 4001 -j DROP ################################### #REGRAS DE NAT e REDIRECIONAMENTOS# ################################### #### Compartilhamento como Masquerading do ipchains #Habilitando IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward #Usando Masquerading ppp0 / ethX iptables -t nat -A POSTROUTING -o $INTERFACE_EXTERNA -j MASQUERADE ### #FTP - Software Tech For Win iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 20 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 20 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 21 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 21 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #Libera POP/SMTP Externos iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 25 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 25 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 110 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 110 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT ##### Liberado Geral - Servidores iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -s 192.168.0.1 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -d 192.168.0.1 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p icmp -m state --state ESTABLISHED,RELATED -s 192.168.0.1 -j ACCEPT iptables -A FORWARD -p icmp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p icmp -m state --state ESTABLISHED,RELATED -d 192.168.0.1 -j ACCEPT iptables -A FORWARD -p icmp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -s 192.168.0.2 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -d 192.168.0.2 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p icmp -m state --state ESTABLISHED,RELATED -s 192.168.0.2 -j ACCEPT iptables -A FORWARD -p icmp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p icmp -m state --state ESTABLISHED,RELATED -d 192.168.0.2 -j ACCEPT iptables -A FORWARD -p icmp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -s 192.168.0.253 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -d 192.168.0.253 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -s 192.168.0.254 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -d 192.168.0.254 -j ACCEPT iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT ##################################### #iptables -A FORWARD -p udp -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT #iptables -A FORWARD -p udp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #iptables -A FORWARD -p udp -m state --state ESTABLISHED,RELATED --dport 53 -j ACCEPT #iptables -A FORWARD -p udp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 53 -j ACCEPT #iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 53 -j ACCEPT #iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #Redirecionamento de pacotes Exchange iptables -A PREROUTING -t nat -p tcp -d $IP_SERVER --dport 25 -j DNAT --to 192.168.0.2:25 #Redirecionamento Pop iptables -A PREROUTING -t nat -p tcp -d $IP_SERVER --dport 110 -j DNAT --to 192.168.0.2:110 #Redirecionamento Http iptables -A PREROUTING -t nat -p tcp -d $IP_SERVER --dport 80 -j DNAT --to 192.168.0.2:80 #Terminal Service iptables -A PREROUTING -t nat -p tcp -d 200.150.245.51 --dport 3389 -j DNAT --to 192.168.0.1:3389 iptables -A PREROUTING -t nat -p tcp -d 200.150.245.52 --dport 3389 -j DNAT --to 192.168.0.2:3389 #Receita Federal #iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --sport 3456 -j ACCEPT #iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED --dport 3456 -j ACCEPT #iptables -A FORWARD -p tcp -m state --state NEW -i $INTERFACE_EXTERNA -j ACCEPT #IP Interno saindo pelo Externo (Colocar aqui o ip da placa que esta na rede interna) #iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.0 -j SNAT --to $IP_SERVER #Proxy Transparente #iptables -t nat -A PREROUTING -i $INTERFACE_EXTERNA -p tcp --dport 80 -j REDIRECT --to-port 3128 #Liberar Localhost iptables -A INPUT -i lo -s $ANY -j ACCEPT iptables -A OUTPUT -o lo -d $ANY -j ACCEPT #Liberar LAN iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -o eth1 -d 192.168.0.0/24 -j ACCEPT #SMTP para o Exchange iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
Instalador do Nagios no Fedora 14 e CentOS 5
Script para renomear vários arquivos ao mesmo tempo.
Vou voltar moderar conteúdos de Dicas e Artigos (0)
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Vou voltar moderar conteúdos de Dicas e Artigos (0)
Instalação Uefi com o instalador clássico do Mageia (0)
É cada coisa que me aparece! - não é só 3% (2)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta