Firewall
Publicado por Charles Silva 21/09/2006
[ Hits: 9.261 ]
Homepage: www.charlessilva.com.br
Esse firewall é super seguro. Algumas coisas coisas estão comentadas e as interfaces têm que ser modificadas para aquelas que você usa.
#!/bin/sh # ############################################ # # Script Firewall - Versao 1.0 # Atualizado 20/06/2006 - Charles Silva # ############################################# echo "Starting Firewall..." ################################# # DEFINICAO DE VARIAVEIS: ################################# IPTABLES="/usr/local/sbin/iptables" # Interfaces: #IFACE_EXTERNA="Whan0" #IFACE_INTERNA="eth1" LO_IFACE="lo" # Redes: REDE_INTERNA="192.168.0.0/24" #IP_PROVEDOR="192.168.0.1" ################################################# # LIMPANDO AS CHAINS E SETANDO A POLITICA PADRAO ################################################# # Seta a politica padrao da tabela filter: $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP # Seta a politica padrao na tabela NAT: $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # Limpa as regras nas tabelas filter e nat: $IPTABLES -F $IPTABLES -t nat -F # Apaga qualquer chain fora do padrao nas tabelas filter e NAT: $IPTABLES -X $IPTABLES -t nat -X ################################################### # Permitindo trafego no loopback e nas interfaces: ################################################### $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -i $IFACE_INTERNA -s $REDE_INTERNA -j ACCEPT ########################################### # Logdrop - loga todos pacotes dropados: ########################################### $IPTABLES -N logdrop $IPTABLES -A logdrop -j LOG --log-level WARN --log-prefix "[logdrop] " $IPTABLES -A logdrop -j DROP ##################################################### # Regras para dropar e logar scanners do tipo xmas: ##################################################### $IPTABLES -N logxmas $IPTABLES -A logxmas -j LOG --log-level WARN --log-prefix "[xmas_scanners] " $IPTABLES -A logxmas -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,FIN ######################################################## $IPTABLES -N logsynfin $IPTABLES -A logsynfin -j LOG --log-level WARN --log-prefix "[SYN FIN scanners] " $IPTABLES -A logsynfin -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,RST ######################################################## $IPTABLES -N logsynrst $IPTABLES -A logsynrst -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logsynrst -j DROP ######################################################################################## # Regras para dropar e logar scanners que ativam o bit FIN sem estabelecer uma conexao: ######################################################################################## $IPTABLES -N logfin $IPTABLES -A logfin -j LOG --log-level WARN --log-prefix "[FIN scanners] " $IPTABLES -A logfin -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo que ativam todas as flags TCP: ############################################################################# $IPTABLES -N logalltcp $IPTABLES -A logalltcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logalltcp -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo nao ativam nenhuma flag TCP: ############################################################################# $IPTABLES -N lognonetcp $IPTABLES -A lognonetcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A lognonetcp -j DROP ######################################################################### # Rule allowed - for TCP connections # # This chain will be utilised if someone tries to connect to an allowed # port from the internet. If they are opening the connection, or if it's # already established we ACCEPT the packages, if not we fuck them. This is # where the state matching is performed also, we allow ESTABLISHED and # RELATED packets. $IPTABLES -N allowed #$IPTABLES -A allowed -p TCP --syn -m limit --limit 1/s -j ACCEPT $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j logdrop ######################################################################### # Watch - loga pacotes suspeitos $IPTABLES -N watch #$IPTABLES -A watch -s 192.168.0.2 -j ACCEPT $IPTABLES -A watch -j LOG --log-level WARN --log-prefix "[watch] " $IPTABLES -A watch -j ACCEPT ######################################################################### # Scanners - loga tentativas de scanners na rede # Loga e bloqueia scanners do tipo Xmas Portscanner: $IPTABLES -N xmas_scanner $IPTABLES -A xmas_scanner -p TCP --tcp-flags ALL FIN,URG,PSH -m limit --limit 7/s --limit-burst 3 -j logxmas # Loga e bloqueia scanners do tipo que ativa os bits SYN e FIN: $IPTABLES -N synfin_scanner $IPTABLES -A synfin_scanner -p TCP --tcp-flags ALL SYN,FIN -m limit --limit 7/s --limit-burst 3 -j logsynfin # Loga e bloqueia scanners do tipo que ativa os bits SYN e RST: $IPTABLES -N synrst_scanner $IPTABLES -A synrst_scanner -p TCP --tcp-flags SYN,RST SYN,RST -m limit --limit 7/s --limit-burst 3 -j logsynrst # Loga e bloqueia scanners do tipo que ativa o bit FIN sem estabelecer uma conexao: $IPTABLES -N fin_scanner $IPTABLES -A fin_scanner -p TCP --tcp-flags ALL FIN -m limit --limit 7/s --limit-burst 3 -m state --state ! ESTABLISHED -j logfin # Loga e bloqueia scanners do tipo que ativa todas flags TCP: $IPTABLES -N alltcp_scanner $IPTABLES -A alltcp_scanner -p TCP --tcp-flags ALL ALL -m limit --limit 7/s --limit-burst 3 -j logalltcp # Loga e bloqueia scanners do tipo que nao ativa nenhuma flag TCP: $IPTABLES -N nonetcp_scanner $IPTABLES -A nonetcp_scanner -p TCP --tcp-flags ALL NONE -m limit --limit 7/s --limit-burst 3 -j lognonetcp ######################################################################### # icmptrap - para pacotes ICMP: $IPTABLES -N icmptrap $IPTABLES -A icmptrap -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmptrap -p icmp --icmp-type destination-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type protocol-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type port-unreachable -j DROP $IPTABLES -A icmptrap -p icmp --icmp-type fragmentation-needed -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-route-failed -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type communication-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-precedence-violation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type precedence-cutoff -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-quench -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type echo-request -j watch $IPTABLES -A icmptrap -p icmp --icmp-type router-advertisement -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type router-solicitation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type time-exceeded -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-transit -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-reassembly -j watch $IPTABLES -A icmptrap -p icmp --icmp-type parameter-problem -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ip-header-bad -j watch $IPTABLES -A icmptrap -p icmp --icmp-type required-option-missing -j watch $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-reply -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-reply -j logdrop ######################################################################### # dropiana - dropa IP's nao liberados pela IANA(RFC1918,RFC3330) e redes reservadas $IPTABLES -N dropiana $IPTABLES -A dropiana -s 0.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 1.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 2.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 5.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 10.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 23.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 27.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 31.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 36.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 37.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 39.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 41.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 42.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 58.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 59.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 60.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 71.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 88.0.0.0/5 -j logdrop $IPTABLES -A dropiana -s 96.0.0.0/3 -j logdrop $IPTABLES -A dropiana -s 128.0.0.0/16 -j logdrop $IPTABLES -A dropiana -s 172.16.0.0/12 -j logdrop $IPTABLES -A dropiana -s 191.255.0.0/16 -j logdrop $IPTABLES -A dropiana -s 192.31.196.0/24 -j logdrop $IPTABLES -A dropiana -s 192.52.193.0/24 -j logdrop $IPTABLES -A dropiana -s 192.67.23.0/24 -j logdrop $IPTABLES -A dropiana -s 192.68.185.0/24 -j logdrop $IPTABLES -A dropiana -s 192.70.192.0/21 -j logdrop $IPTABLES -A dropiana -s 192.70.201.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.77.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.78.0/24 -j logdrop $IPTABLES -A dropiana -s 192.97.38.0/24 -j logdrop $IPTABLES -A dropiana -s 192.168.0.0/16 -j logdrop $IPTABLES -A dropiana -s 197.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 221.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 222.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 223.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 224.0.0.0/4 -j logdrop $IPTABLES -A dropiana -s 240.0.0.0/4 -j logdrop ######################################################################### # Rule safe - apenas para chamar a dropiana e a icmptrap # Create safe rule $IPTABLES -N safe # Call todas regras de scanners $IPTABLES -A safe -j xmas_scanner $IPTABLES -A safe -j synfin_scanner $IPTABLES -A safe -j synrst_scanner $IPTABLES -A safe -j fin_scanner $IPTABLES -A safe -j alltcp_scanner $IPTABLES -A safe -j nonetcp_scanner # ICMP packets $IPTABLES -A safe -p ICMP -j icmptrap # Call dropiana $IPTABLES -A safe -j dropiana # Call INPUT Safe $IPTABLES -A INPUT -j safe ######################################################################### # Regras especificas para Rede Interna # Pacotes que entram na rede $IPTABLES -N main-in # Pacotes que saem da rede $IPTABLES -N main-out ################################ # REGRAS GERAIS P/ REDE INTERNA ################################ ############################# # Libera DNS p/ rede interna ############################# $IPTABLES -A main-in -p UDP -i $IFACE_EXTERNA -s 0/0--sport 53 -j ACCEPT $IPTABLES -A main-out -p UDP -o $IFACE_EXTERNA -d 0/0 --dport 53 -j ACCEPT ################################ # Regra p/ Bloqueio da internet ################################ $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 110 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 110 -j logdrop ######################## # SSH P/ outro usuario ######################## $IPTABLES -A main-in -p TCP -s 000.00.00.000 --dport 22 -j allowed $IPTABLES -A main-out -p TCP -d 000.00.000.000 --sport 22 -j allowed $IPTABLES -A INPUT -p TCP -s 0/0 --dport 22 -j logdrop ########################## # Libera NTP p/ servidor ########################## $IPTABLES -A INPUT -p UDP -i $IFACE_EXTERNA -s 200.144.121.33 --dport 123 -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $IFACE_EXTERNA -d 200.144.121.33 --sport 123 -j ACCEPT ################################################################ # Bloqueia qualquer servico conhecido para IPs da Rede Interna ################################################################ #1025/tcp listen $IPTABLES -A main-in -p TCP -s 0/0 --dport 1025 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1025 -j logdrop #1026 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1026 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1026 -j logdrop #1027 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1027 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1027 -j logdrop #1028 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1028 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1028 -j logdrop # KDEinit $IPTABLES -A main-in -p TCP -s 0/0 --dport 1029 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1029 -j logdrop #1030 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1030 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1030 -j logdrop #1031/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1031 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1031 -j logdrop #1032/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1032 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1032 -j logdrop #1033/tcp netinfo $IPTABLES -A main-in -p TCP -s 0/0 --dport 1033 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1033 -j logdrop #1050/tcp java-or-OTGfileshare $IPTABLES -A main-in -p TCP -s 0/0 --dport 1050 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1050 -j logdrop #1059/tcp nimreg $IPTABLES -A main-in -p TCP -s 0/0 --dport 1059 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1059 -j logdrop # instl_boots $IPTABLES -A main-in -p TCP -s 0/0 --dport 1067 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1067 -j logdrop # SOCKS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1080 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1080 -j logdrop # MSSQL $IPTABLES -A main-in -p TCP -s 0/0 --dport 1433 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1433 -j logdrop # MSSQL-Monitor $IPTABLES -A main-in -p TCP -s 0/0 --dport 1434 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1434 -j logdrop # VPN $IPTABLES -A main-in -p TCP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 1083 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1083 -j logdrop #1812/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1812 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1812 -j logdrop #1813/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1813 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1813 -j logdrop #2105/eklogin $IPTABLES -A main-in -p TCP -s 0/0 --dport 2105 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 2105 -j logdrop # Squid $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3128 -j logdrop # 3268 globalcatLDAP $IPTABLES -A main-in -p TCP -s 0/0 --dport 3268 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3268 -j logdrop # 3269 globalcatLDAPssl $IPTABLES -A main-in -p TCP -s 0/0 --dport 3269 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3269 -j logdrop # MySQL $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3306 -j logdrop # Msdtc $IPTABLES -A main-in -p TCP -s 0/0 --dport 3372 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3372 -j logdrop # IISrpc-or-vat $IPTABLES -A main-in -p TCP -s 0/0 --dport 3456 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3456 -j logdrop # Terminal Server $IPTABLES -A main-in -p TCP -s 0/0 --dport 3389 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3389 -j logdrop # RPC $IPTABLES -A main-in -p TCP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p TCP -d 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -d 0/0 --dport 4444 -j logdrop # Sae-Urn $IPTABLES -A main-in -p TCP -s 0/0 --dport 4500 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4500 -j logdrop # VNC $IPTABLES -A main-in -p TCP -s 0/0 --dport 5900 -j logdrop # X $IPTABLES -A main-in -p TCP -s 0/0 --dport 6000 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 6000 -j logdrop # BACULA $IPTABLES -A main-in -p TCP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9103 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9103 -j logdrop ############################################################## # REGRAS PARA REDIRECIONAMENTO DE PACOTES - FORWARD ############################################################## # Libera acesso da Rede Interna para as outras redes: $IPTABLES -A FORWARD -i $IFACE_INTERNA -s $REDE_INTERNA -d 0/0 -j ACCEPT # Permite trafego de entrada de forma segura $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j main-in # Permite trafego de saida de forma segura $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j main-out ################# # Portas >= 1024 ################# $IPTABLES -A main-in -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A main-in -p UDP -s 0/0 --dport 1024: -j ACCEPT $IPTABLES -A INPUT -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A INPUT -p UDP -s 0/0 --dport 1024: -j ACCEPT ############################################################# # Redireciona o trafego internet da rede interna p/ o squid ############################################################# $IPTABLES -t nat -A PREROUTING -p TCP -i $IFACE_INTERNA -d ! 192.168.0.1 -s $REDE_INTERNA --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A POSTROUTING -o $IFACE_EXTERNA -j MASQUERADE ################################### # Libera pacotes ICMP p/ o Gateway ################################### $IPTABLES -A INPUT -i $IFACE_EXTERNA -s 0/0 -p ICMP -m limit --limit 1/s -j icmptrap ######################### # CONFIGURACOES FINAIS: ######################### # Habilita o IP Forward: echo 1 > /proc/sys/net/ipv4/ip_forward # Enable TCP SYN Cookie Protection echo 1 >/proc/sys/net/ipv4/tcp_syncookies # Enable broadcast echo protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Enable IP spoofing protection, turn on Source Address Verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done ##################################### # Dropa e loga todos outros pacotes ##################################### $IPTABLES -A INPUT -j logdrop $IPTABLES -A FORWARD -j logdrop echo "Firewall Started!"
Scripts recomendados
Retra de iptables para DMZ na porta 80
Converter Arquivo RMVB para AVI
Backup individual de contas no ZIMBRA MAIL
Unificando arquivos de bloqueio e liberação no squid
Comentários
[1] Comentário enviado por y2h4ck em 18/10/2006 - 13:12h
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
[2] Comentário enviado por sequelinha em 18/10/2006 - 18:15h
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Pra quem contribui com artigos e dicas (0)
Arch Linux - Guia para Iniciantes (5)
Artigos
tux-gpt - Assistente de IA para o Terminal
Instalação e configuração do Chrony
Programa IRPF - Guia de Instalação e Resolução de alguns Problemas
Dicas
O Que Fazer Após Instalar Ubuntu 25.04
O Que Fazer Após Instalar Fedora 42
Debian 12 -- Errata - Correções de segurança
Instalando o Pi-Hole versão v5.18.4 depois do lançamento da versão v6.0
Tópicos
Pra quem contribui com artigos e dicas (0)
Monitor fora de escala ao bootar sistema (9)
NAT LoopBack - Hairpin NAT (2)
Alguém poderia me ajudar a escolher peças pra montar um desktop? (18)
Top 10 do mês
-
Xerxes
1° lugar - 76.138 pts -
Fábio Berbert de Paula
2° lugar - 56.843 pts -
Buckminster
3° lugar - 24.785 pts -
Mauricio Ferrari
4° lugar - 17.886 pts -
Alberto Federman Neto.
5° lugar - 16.904 pts -
Daniel Lara Souza
6° lugar - 14.932 pts -
edps
7° lugar - 14.908 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
8° lugar - 14.663 pts -
Diego Mendes Rodrigues
9° lugar - 14.226 pts -
Andre (pinduvoz)
10° lugar - 12.404 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
