Firewall
Publicado por Charles Silva 21/09/2006
[ Hits: 9.162 ]
Homepage: www.charlessilva.com.br
Esse firewall é super seguro. Algumas coisas coisas estão comentadas e as interfaces têm que ser modificadas para aquelas que você usa.
#!/bin/sh # ############################################ # # Script Firewall - Versao 1.0 # Atualizado 20/06/2006 - Charles Silva # ############################################# echo "Starting Firewall..." ################################# # DEFINICAO DE VARIAVEIS: ################################# IPTABLES="/usr/local/sbin/iptables" # Interfaces: #IFACE_EXTERNA="Whan0" #IFACE_INTERNA="eth1" LO_IFACE="lo" # Redes: REDE_INTERNA="192.168.0.0/24" #IP_PROVEDOR="192.168.0.1" ################################################# # LIMPANDO AS CHAINS E SETANDO A POLITICA PADRAO ################################################# # Seta a politica padrao da tabela filter: $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP # Seta a politica padrao na tabela NAT: $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # Limpa as regras nas tabelas filter e nat: $IPTABLES -F $IPTABLES -t nat -F # Apaga qualquer chain fora do padrao nas tabelas filter e NAT: $IPTABLES -X $IPTABLES -t nat -X ################################################### # Permitindo trafego no loopback e nas interfaces: ################################################### $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -i $IFACE_INTERNA -s $REDE_INTERNA -j ACCEPT ########################################### # Logdrop - loga todos pacotes dropados: ########################################### $IPTABLES -N logdrop $IPTABLES -A logdrop -j LOG --log-level WARN --log-prefix "[logdrop] " $IPTABLES -A logdrop -j DROP ##################################################### # Regras para dropar e logar scanners do tipo xmas: ##################################################### $IPTABLES -N logxmas $IPTABLES -A logxmas -j LOG --log-level WARN --log-prefix "[xmas_scanners] " $IPTABLES -A logxmas -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,FIN ######################################################## $IPTABLES -N logsynfin $IPTABLES -A logsynfin -j LOG --log-level WARN --log-prefix "[SYN FIN scanners] " $IPTABLES -A logsynfin -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,RST ######################################################## $IPTABLES -N logsynrst $IPTABLES -A logsynrst -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logsynrst -j DROP ######################################################################################## # Regras para dropar e logar scanners que ativam o bit FIN sem estabelecer uma conexao: ######################################################################################## $IPTABLES -N logfin $IPTABLES -A logfin -j LOG --log-level WARN --log-prefix "[FIN scanners] " $IPTABLES -A logfin -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo que ativam todas as flags TCP: ############################################################################# $IPTABLES -N logalltcp $IPTABLES -A logalltcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logalltcp -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo nao ativam nenhuma flag TCP: ############################################################################# $IPTABLES -N lognonetcp $IPTABLES -A lognonetcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A lognonetcp -j DROP ######################################################################### # Rule allowed - for TCP connections # # This chain will be utilised if someone tries to connect to an allowed # port from the internet. If they are opening the connection, or if it's # already established we ACCEPT the packages, if not we fuck them. This is # where the state matching is performed also, we allow ESTABLISHED and # RELATED packets. $IPTABLES -N allowed #$IPTABLES -A allowed -p TCP --syn -m limit --limit 1/s -j ACCEPT $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j logdrop ######################################################################### # Watch - loga pacotes suspeitos $IPTABLES -N watch #$IPTABLES -A watch -s 192.168.0.2 -j ACCEPT $IPTABLES -A watch -j LOG --log-level WARN --log-prefix "[watch] " $IPTABLES -A watch -j ACCEPT ######################################################################### # Scanners - loga tentativas de scanners na rede # Loga e bloqueia scanners do tipo Xmas Portscanner: $IPTABLES -N xmas_scanner $IPTABLES -A xmas_scanner -p TCP --tcp-flags ALL FIN,URG,PSH -m limit --limit 7/s --limit-burst 3 -j logxmas # Loga e bloqueia scanners do tipo que ativa os bits SYN e FIN: $IPTABLES -N synfin_scanner $IPTABLES -A synfin_scanner -p TCP --tcp-flags ALL SYN,FIN -m limit --limit 7/s --limit-burst 3 -j logsynfin # Loga e bloqueia scanners do tipo que ativa os bits SYN e RST: $IPTABLES -N synrst_scanner $IPTABLES -A synrst_scanner -p TCP --tcp-flags SYN,RST SYN,RST -m limit --limit 7/s --limit-burst 3 -j logsynrst # Loga e bloqueia scanners do tipo que ativa o bit FIN sem estabelecer uma conexao: $IPTABLES -N fin_scanner $IPTABLES -A fin_scanner -p TCP --tcp-flags ALL FIN -m limit --limit 7/s --limit-burst 3 -m state --state ! ESTABLISHED -j logfin # Loga e bloqueia scanners do tipo que ativa todas flags TCP: $IPTABLES -N alltcp_scanner $IPTABLES -A alltcp_scanner -p TCP --tcp-flags ALL ALL -m limit --limit 7/s --limit-burst 3 -j logalltcp # Loga e bloqueia scanners do tipo que nao ativa nenhuma flag TCP: $IPTABLES -N nonetcp_scanner $IPTABLES -A nonetcp_scanner -p TCP --tcp-flags ALL NONE -m limit --limit 7/s --limit-burst 3 -j lognonetcp ######################################################################### # icmptrap - para pacotes ICMP: $IPTABLES -N icmptrap $IPTABLES -A icmptrap -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmptrap -p icmp --icmp-type destination-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type protocol-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type port-unreachable -j DROP $IPTABLES -A icmptrap -p icmp --icmp-type fragmentation-needed -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-route-failed -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type communication-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-precedence-violation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type precedence-cutoff -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-quench -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type echo-request -j watch $IPTABLES -A icmptrap -p icmp --icmp-type router-advertisement -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type router-solicitation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type time-exceeded -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-transit -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-reassembly -j watch $IPTABLES -A icmptrap -p icmp --icmp-type parameter-problem -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ip-header-bad -j watch $IPTABLES -A icmptrap -p icmp --icmp-type required-option-missing -j watch $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-reply -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-reply -j logdrop ######################################################################### # dropiana - dropa IP's nao liberados pela IANA(RFC1918,RFC3330) e redes reservadas $IPTABLES -N dropiana $IPTABLES -A dropiana -s 0.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 1.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 2.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 5.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 10.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 23.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 27.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 31.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 36.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 37.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 39.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 41.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 42.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 58.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 59.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 60.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 71.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 88.0.0.0/5 -j logdrop $IPTABLES -A dropiana -s 96.0.0.0/3 -j logdrop $IPTABLES -A dropiana -s 128.0.0.0/16 -j logdrop $IPTABLES -A dropiana -s 172.16.0.0/12 -j logdrop $IPTABLES -A dropiana -s 191.255.0.0/16 -j logdrop $IPTABLES -A dropiana -s 192.31.196.0/24 -j logdrop $IPTABLES -A dropiana -s 192.52.193.0/24 -j logdrop $IPTABLES -A dropiana -s 192.67.23.0/24 -j logdrop $IPTABLES -A dropiana -s 192.68.185.0/24 -j logdrop $IPTABLES -A dropiana -s 192.70.192.0/21 -j logdrop $IPTABLES -A dropiana -s 192.70.201.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.77.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.78.0/24 -j logdrop $IPTABLES -A dropiana -s 192.97.38.0/24 -j logdrop $IPTABLES -A dropiana -s 192.168.0.0/16 -j logdrop $IPTABLES -A dropiana -s 197.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 221.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 222.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 223.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 224.0.0.0/4 -j logdrop $IPTABLES -A dropiana -s 240.0.0.0/4 -j logdrop ######################################################################### # Rule safe - apenas para chamar a dropiana e a icmptrap # Create safe rule $IPTABLES -N safe # Call todas regras de scanners $IPTABLES -A safe -j xmas_scanner $IPTABLES -A safe -j synfin_scanner $IPTABLES -A safe -j synrst_scanner $IPTABLES -A safe -j fin_scanner $IPTABLES -A safe -j alltcp_scanner $IPTABLES -A safe -j nonetcp_scanner # ICMP packets $IPTABLES -A safe -p ICMP -j icmptrap # Call dropiana $IPTABLES -A safe -j dropiana # Call INPUT Safe $IPTABLES -A INPUT -j safe ######################################################################### # Regras especificas para Rede Interna # Pacotes que entram na rede $IPTABLES -N main-in # Pacotes que saem da rede $IPTABLES -N main-out ################################ # REGRAS GERAIS P/ REDE INTERNA ################################ ############################# # Libera DNS p/ rede interna ############################# $IPTABLES -A main-in -p UDP -i $IFACE_EXTERNA -s 0/0--sport 53 -j ACCEPT $IPTABLES -A main-out -p UDP -o $IFACE_EXTERNA -d 0/0 --dport 53 -j ACCEPT ################################ # Regra p/ Bloqueio da internet ################################ $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 110 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 110 -j logdrop ######################## # SSH P/ outro usuario ######################## $IPTABLES -A main-in -p TCP -s 000.00.00.000 --dport 22 -j allowed $IPTABLES -A main-out -p TCP -d 000.00.000.000 --sport 22 -j allowed $IPTABLES -A INPUT -p TCP -s 0/0 --dport 22 -j logdrop ########################## # Libera NTP p/ servidor ########################## $IPTABLES -A INPUT -p UDP -i $IFACE_EXTERNA -s 200.144.121.33 --dport 123 -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $IFACE_EXTERNA -d 200.144.121.33 --sport 123 -j ACCEPT ################################################################ # Bloqueia qualquer servico conhecido para IPs da Rede Interna ################################################################ #1025/tcp listen $IPTABLES -A main-in -p TCP -s 0/0 --dport 1025 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1025 -j logdrop #1026 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1026 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1026 -j logdrop #1027 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1027 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1027 -j logdrop #1028 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1028 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1028 -j logdrop # KDEinit $IPTABLES -A main-in -p TCP -s 0/0 --dport 1029 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1029 -j logdrop #1030 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1030 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1030 -j logdrop #1031/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1031 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1031 -j logdrop #1032/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1032 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1032 -j logdrop #1033/tcp netinfo $IPTABLES -A main-in -p TCP -s 0/0 --dport 1033 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1033 -j logdrop #1050/tcp java-or-OTGfileshare $IPTABLES -A main-in -p TCP -s 0/0 --dport 1050 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1050 -j logdrop #1059/tcp nimreg $IPTABLES -A main-in -p TCP -s 0/0 --dport 1059 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1059 -j logdrop # instl_boots $IPTABLES -A main-in -p TCP -s 0/0 --dport 1067 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1067 -j logdrop # SOCKS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1080 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1080 -j logdrop # MSSQL $IPTABLES -A main-in -p TCP -s 0/0 --dport 1433 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1433 -j logdrop # MSSQL-Monitor $IPTABLES -A main-in -p TCP -s 0/0 --dport 1434 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1434 -j logdrop # VPN $IPTABLES -A main-in -p TCP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 1083 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1083 -j logdrop #1812/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1812 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1812 -j logdrop #1813/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1813 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1813 -j logdrop #2105/eklogin $IPTABLES -A main-in -p TCP -s 0/0 --dport 2105 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 2105 -j logdrop # Squid $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3128 -j logdrop # 3268 globalcatLDAP $IPTABLES -A main-in -p TCP -s 0/0 --dport 3268 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3268 -j logdrop # 3269 globalcatLDAPssl $IPTABLES -A main-in -p TCP -s 0/0 --dport 3269 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3269 -j logdrop # MySQL $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3306 -j logdrop # Msdtc $IPTABLES -A main-in -p TCP -s 0/0 --dport 3372 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3372 -j logdrop # IISrpc-or-vat $IPTABLES -A main-in -p TCP -s 0/0 --dport 3456 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3456 -j logdrop # Terminal Server $IPTABLES -A main-in -p TCP -s 0/0 --dport 3389 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3389 -j logdrop # RPC $IPTABLES -A main-in -p TCP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p TCP -d 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -d 0/0 --dport 4444 -j logdrop # Sae-Urn $IPTABLES -A main-in -p TCP -s 0/0 --dport 4500 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4500 -j logdrop # VNC $IPTABLES -A main-in -p TCP -s 0/0 --dport 5900 -j logdrop # X $IPTABLES -A main-in -p TCP -s 0/0 --dport 6000 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 6000 -j logdrop # BACULA $IPTABLES -A main-in -p TCP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9103 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9103 -j logdrop ############################################################## # REGRAS PARA REDIRECIONAMENTO DE PACOTES - FORWARD ############################################################## # Libera acesso da Rede Interna para as outras redes: $IPTABLES -A FORWARD -i $IFACE_INTERNA -s $REDE_INTERNA -d 0/0 -j ACCEPT # Permite trafego de entrada de forma segura $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j main-in # Permite trafego de saida de forma segura $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j main-out ################# # Portas >= 1024 ################# $IPTABLES -A main-in -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A main-in -p UDP -s 0/0 --dport 1024: -j ACCEPT $IPTABLES -A INPUT -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A INPUT -p UDP -s 0/0 --dport 1024: -j ACCEPT ############################################################# # Redireciona o trafego internet da rede interna p/ o squid ############################################################# $IPTABLES -t nat -A PREROUTING -p TCP -i $IFACE_INTERNA -d ! 192.168.0.1 -s $REDE_INTERNA --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A POSTROUTING -o $IFACE_EXTERNA -j MASQUERADE ################################### # Libera pacotes ICMP p/ o Gateway ################################### $IPTABLES -A INPUT -i $IFACE_EXTERNA -s 0/0 -p ICMP -m limit --limit 1/s -j icmptrap ######################### # CONFIGURACOES FINAIS: ######################### # Habilita o IP Forward: echo 1 > /proc/sys/net/ipv4/ip_forward # Enable TCP SYN Cookie Protection echo 1 >/proc/sys/net/ipv4/tcp_syncookies # Enable broadcast echo protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Enable IP spoofing protection, turn on Source Address Verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done ##################################### # Dropa e loga todos outros pacotes ##################################### $IPTABLES -A INPUT -j logdrop $IPTABLES -A FORWARD -j logdrop echo "Firewall Started!"
Scripts recomendados
Sincronizar arquivos com rsync
IP Info - Pesquisa geográfica pelo endereço IP
Script - Realizando relatório do servidor
Comentários
[1] Comentário enviado por y2h4ck em 18/10/2006 - 13:12h
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
[2] Comentário enviado por sequelinha em 18/10/2006 - 18:15h
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Tópicos
Não to conseguindo resolver este problemas ao instalar o playonelinux (1)
Excluir banco de dados no xampp (1)
Top 10 do mês
-
Xerxes
1° lugar - 66.686 pts -
Fábio Berbert de Paula
2° lugar - 51.608 pts -
Buckminster
3° lugar - 17.733 pts -
Mauricio Ferrari
4° lugar - 15.566 pts -
Alberto Federman Neto.
5° lugar - 14.208 pts -
Diego Mendes Rodrigues
6° lugar - 13.741 pts -
Daniel Lara Souza
7° lugar - 13.313 pts -
Andre (pinduvoz)
8° lugar - 10.593 pts -
edps
9° lugar - 10.837 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 10.686 pts
Scripts
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
