Firewall
Publicado por Charles Silva 21/09/2006
[ Hits: 9.250 ]
Homepage: www.charlessilva.com.br
Esse firewall é super seguro. Algumas coisas coisas estão comentadas e as interfaces têm que ser modificadas para aquelas que você usa.
#!/bin/sh # ############################################ # # Script Firewall - Versao 1.0 # Atualizado 20/06/2006 - Charles Silva # ############################################# echo "Starting Firewall..." ################################# # DEFINICAO DE VARIAVEIS: ################################# IPTABLES="/usr/local/sbin/iptables" # Interfaces: #IFACE_EXTERNA="Whan0" #IFACE_INTERNA="eth1" LO_IFACE="lo" # Redes: REDE_INTERNA="192.168.0.0/24" #IP_PROVEDOR="192.168.0.1" ################################################# # LIMPANDO AS CHAINS E SETANDO A POLITICA PADRAO ################################################# # Seta a politica padrao da tabela filter: $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP # Seta a politica padrao na tabela NAT: $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # Limpa as regras nas tabelas filter e nat: $IPTABLES -F $IPTABLES -t nat -F # Apaga qualquer chain fora do padrao nas tabelas filter e NAT: $IPTABLES -X $IPTABLES -t nat -X ################################################### # Permitindo trafego no loopback e nas interfaces: ################################################### $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -i $IFACE_INTERNA -s $REDE_INTERNA -j ACCEPT ########################################### # Logdrop - loga todos pacotes dropados: ########################################### $IPTABLES -N logdrop $IPTABLES -A logdrop -j LOG --log-level WARN --log-prefix "[logdrop] " $IPTABLES -A logdrop -j DROP ##################################################### # Regras para dropar e logar scanners do tipo xmas: ##################################################### $IPTABLES -N logxmas $IPTABLES -A logxmas -j LOG --log-level WARN --log-prefix "[xmas_scanners] " $IPTABLES -A logxmas -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,FIN ######################################################## $IPTABLES -N logsynfin $IPTABLES -A logsynfin -j LOG --log-level WARN --log-prefix "[SYN FIN scanners] " $IPTABLES -A logsynfin -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,RST ######################################################## $IPTABLES -N logsynrst $IPTABLES -A logsynrst -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logsynrst -j DROP ######################################################################################## # Regras para dropar e logar scanners que ativam o bit FIN sem estabelecer uma conexao: ######################################################################################## $IPTABLES -N logfin $IPTABLES -A logfin -j LOG --log-level WARN --log-prefix "[FIN scanners] " $IPTABLES -A logfin -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo que ativam todas as flags TCP: ############################################################################# $IPTABLES -N logalltcp $IPTABLES -A logalltcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logalltcp -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo nao ativam nenhuma flag TCP: ############################################################################# $IPTABLES -N lognonetcp $IPTABLES -A lognonetcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A lognonetcp -j DROP ######################################################################### # Rule allowed - for TCP connections # # This chain will be utilised if someone tries to connect to an allowed # port from the internet. If they are opening the connection, or if it's # already established we ACCEPT the packages, if not we fuck them. This is # where the state matching is performed also, we allow ESTABLISHED and # RELATED packets. $IPTABLES -N allowed #$IPTABLES -A allowed -p TCP --syn -m limit --limit 1/s -j ACCEPT $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j logdrop ######################################################################### # Watch - loga pacotes suspeitos $IPTABLES -N watch #$IPTABLES -A watch -s 192.168.0.2 -j ACCEPT $IPTABLES -A watch -j LOG --log-level WARN --log-prefix "[watch] " $IPTABLES -A watch -j ACCEPT ######################################################################### # Scanners - loga tentativas de scanners na rede # Loga e bloqueia scanners do tipo Xmas Portscanner: $IPTABLES -N xmas_scanner $IPTABLES -A xmas_scanner -p TCP --tcp-flags ALL FIN,URG,PSH -m limit --limit 7/s --limit-burst 3 -j logxmas # Loga e bloqueia scanners do tipo que ativa os bits SYN e FIN: $IPTABLES -N synfin_scanner $IPTABLES -A synfin_scanner -p TCP --tcp-flags ALL SYN,FIN -m limit --limit 7/s --limit-burst 3 -j logsynfin # Loga e bloqueia scanners do tipo que ativa os bits SYN e RST: $IPTABLES -N synrst_scanner $IPTABLES -A synrst_scanner -p TCP --tcp-flags SYN,RST SYN,RST -m limit --limit 7/s --limit-burst 3 -j logsynrst # Loga e bloqueia scanners do tipo que ativa o bit FIN sem estabelecer uma conexao: $IPTABLES -N fin_scanner $IPTABLES -A fin_scanner -p TCP --tcp-flags ALL FIN -m limit --limit 7/s --limit-burst 3 -m state --state ! ESTABLISHED -j logfin # Loga e bloqueia scanners do tipo que ativa todas flags TCP: $IPTABLES -N alltcp_scanner $IPTABLES -A alltcp_scanner -p TCP --tcp-flags ALL ALL -m limit --limit 7/s --limit-burst 3 -j logalltcp # Loga e bloqueia scanners do tipo que nao ativa nenhuma flag TCP: $IPTABLES -N nonetcp_scanner $IPTABLES -A nonetcp_scanner -p TCP --tcp-flags ALL NONE -m limit --limit 7/s --limit-burst 3 -j lognonetcp ######################################################################### # icmptrap - para pacotes ICMP: $IPTABLES -N icmptrap $IPTABLES -A icmptrap -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmptrap -p icmp --icmp-type destination-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type protocol-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type port-unreachable -j DROP $IPTABLES -A icmptrap -p icmp --icmp-type fragmentation-needed -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-route-failed -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type communication-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-precedence-violation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type precedence-cutoff -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-quench -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type echo-request -j watch $IPTABLES -A icmptrap -p icmp --icmp-type router-advertisement -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type router-solicitation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type time-exceeded -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-transit -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-reassembly -j watch $IPTABLES -A icmptrap -p icmp --icmp-type parameter-problem -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ip-header-bad -j watch $IPTABLES -A icmptrap -p icmp --icmp-type required-option-missing -j watch $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-reply -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-reply -j logdrop ######################################################################### # dropiana - dropa IP's nao liberados pela IANA(RFC1918,RFC3330) e redes reservadas $IPTABLES -N dropiana $IPTABLES -A dropiana -s 0.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 1.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 2.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 5.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 10.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 23.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 27.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 31.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 36.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 37.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 39.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 41.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 42.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 58.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 59.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 60.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 71.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 88.0.0.0/5 -j logdrop $IPTABLES -A dropiana -s 96.0.0.0/3 -j logdrop $IPTABLES -A dropiana -s 128.0.0.0/16 -j logdrop $IPTABLES -A dropiana -s 172.16.0.0/12 -j logdrop $IPTABLES -A dropiana -s 191.255.0.0/16 -j logdrop $IPTABLES -A dropiana -s 192.31.196.0/24 -j logdrop $IPTABLES -A dropiana -s 192.52.193.0/24 -j logdrop $IPTABLES -A dropiana -s 192.67.23.0/24 -j logdrop $IPTABLES -A dropiana -s 192.68.185.0/24 -j logdrop $IPTABLES -A dropiana -s 192.70.192.0/21 -j logdrop $IPTABLES -A dropiana -s 192.70.201.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.77.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.78.0/24 -j logdrop $IPTABLES -A dropiana -s 192.97.38.0/24 -j logdrop $IPTABLES -A dropiana -s 192.168.0.0/16 -j logdrop $IPTABLES -A dropiana -s 197.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 221.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 222.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 223.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 224.0.0.0/4 -j logdrop $IPTABLES -A dropiana -s 240.0.0.0/4 -j logdrop ######################################################################### # Rule safe - apenas para chamar a dropiana e a icmptrap # Create safe rule $IPTABLES -N safe # Call todas regras de scanners $IPTABLES -A safe -j xmas_scanner $IPTABLES -A safe -j synfin_scanner $IPTABLES -A safe -j synrst_scanner $IPTABLES -A safe -j fin_scanner $IPTABLES -A safe -j alltcp_scanner $IPTABLES -A safe -j nonetcp_scanner # ICMP packets $IPTABLES -A safe -p ICMP -j icmptrap # Call dropiana $IPTABLES -A safe -j dropiana # Call INPUT Safe $IPTABLES -A INPUT -j safe ######################################################################### # Regras especificas para Rede Interna # Pacotes que entram na rede $IPTABLES -N main-in # Pacotes que saem da rede $IPTABLES -N main-out ################################ # REGRAS GERAIS P/ REDE INTERNA ################################ ############################# # Libera DNS p/ rede interna ############################# $IPTABLES -A main-in -p UDP -i $IFACE_EXTERNA -s 0/0--sport 53 -j ACCEPT $IPTABLES -A main-out -p UDP -o $IFACE_EXTERNA -d 0/0 --dport 53 -j ACCEPT ################################ # Regra p/ Bloqueio da internet ################################ $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 110 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 110 -j logdrop ######################## # SSH P/ outro usuario ######################## $IPTABLES -A main-in -p TCP -s 000.00.00.000 --dport 22 -j allowed $IPTABLES -A main-out -p TCP -d 000.00.000.000 --sport 22 -j allowed $IPTABLES -A INPUT -p TCP -s 0/0 --dport 22 -j logdrop ########################## # Libera NTP p/ servidor ########################## $IPTABLES -A INPUT -p UDP -i $IFACE_EXTERNA -s 200.144.121.33 --dport 123 -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $IFACE_EXTERNA -d 200.144.121.33 --sport 123 -j ACCEPT ################################################################ # Bloqueia qualquer servico conhecido para IPs da Rede Interna ################################################################ #1025/tcp listen $IPTABLES -A main-in -p TCP -s 0/0 --dport 1025 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1025 -j logdrop #1026 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1026 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1026 -j logdrop #1027 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1027 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1027 -j logdrop #1028 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1028 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1028 -j logdrop # KDEinit $IPTABLES -A main-in -p TCP -s 0/0 --dport 1029 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1029 -j logdrop #1030 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1030 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1030 -j logdrop #1031/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1031 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1031 -j logdrop #1032/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1032 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1032 -j logdrop #1033/tcp netinfo $IPTABLES -A main-in -p TCP -s 0/0 --dport 1033 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1033 -j logdrop #1050/tcp java-or-OTGfileshare $IPTABLES -A main-in -p TCP -s 0/0 --dport 1050 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1050 -j logdrop #1059/tcp nimreg $IPTABLES -A main-in -p TCP -s 0/0 --dport 1059 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1059 -j logdrop # instl_boots $IPTABLES -A main-in -p TCP -s 0/0 --dport 1067 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1067 -j logdrop # SOCKS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1080 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1080 -j logdrop # MSSQL $IPTABLES -A main-in -p TCP -s 0/0 --dport 1433 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1433 -j logdrop # MSSQL-Monitor $IPTABLES -A main-in -p TCP -s 0/0 --dport 1434 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1434 -j logdrop # VPN $IPTABLES -A main-in -p TCP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 1083 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1083 -j logdrop #1812/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1812 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1812 -j logdrop #1813/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1813 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1813 -j logdrop #2105/eklogin $IPTABLES -A main-in -p TCP -s 0/0 --dport 2105 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 2105 -j logdrop # Squid $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3128 -j logdrop # 3268 globalcatLDAP $IPTABLES -A main-in -p TCP -s 0/0 --dport 3268 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3268 -j logdrop # 3269 globalcatLDAPssl $IPTABLES -A main-in -p TCP -s 0/0 --dport 3269 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3269 -j logdrop # MySQL $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3306 -j logdrop # Msdtc $IPTABLES -A main-in -p TCP -s 0/0 --dport 3372 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3372 -j logdrop # IISrpc-or-vat $IPTABLES -A main-in -p TCP -s 0/0 --dport 3456 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3456 -j logdrop # Terminal Server $IPTABLES -A main-in -p TCP -s 0/0 --dport 3389 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3389 -j logdrop # RPC $IPTABLES -A main-in -p TCP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p TCP -d 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -d 0/0 --dport 4444 -j logdrop # Sae-Urn $IPTABLES -A main-in -p TCP -s 0/0 --dport 4500 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4500 -j logdrop # VNC $IPTABLES -A main-in -p TCP -s 0/0 --dport 5900 -j logdrop # X $IPTABLES -A main-in -p TCP -s 0/0 --dport 6000 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 6000 -j logdrop # BACULA $IPTABLES -A main-in -p TCP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9103 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9103 -j logdrop ############################################################## # REGRAS PARA REDIRECIONAMENTO DE PACOTES - FORWARD ############################################################## # Libera acesso da Rede Interna para as outras redes: $IPTABLES -A FORWARD -i $IFACE_INTERNA -s $REDE_INTERNA -d 0/0 -j ACCEPT # Permite trafego de entrada de forma segura $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j main-in # Permite trafego de saida de forma segura $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j main-out ################# # Portas >= 1024 ################# $IPTABLES -A main-in -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A main-in -p UDP -s 0/0 --dport 1024: -j ACCEPT $IPTABLES -A INPUT -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A INPUT -p UDP -s 0/0 --dport 1024: -j ACCEPT ############################################################# # Redireciona o trafego internet da rede interna p/ o squid ############################################################# $IPTABLES -t nat -A PREROUTING -p TCP -i $IFACE_INTERNA -d ! 192.168.0.1 -s $REDE_INTERNA --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A POSTROUTING -o $IFACE_EXTERNA -j MASQUERADE ################################### # Libera pacotes ICMP p/ o Gateway ################################### $IPTABLES -A INPUT -i $IFACE_EXTERNA -s 0/0 -p ICMP -m limit --limit 1/s -j icmptrap ######################### # CONFIGURACOES FINAIS: ######################### # Habilita o IP Forward: echo 1 > /proc/sys/net/ipv4/ip_forward # Enable TCP SYN Cookie Protection echo 1 >/proc/sys/net/ipv4/tcp_syncookies # Enable broadcast echo protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Enable IP spoofing protection, turn on Source Address Verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done ##################################### # Dropa e loga todos outros pacotes ##################################### $IPTABLES -A INPUT -j logdrop $IPTABLES -A FORWARD -j logdrop echo "Firewall Started!"
Scripts recomendados
KDu2 - Script de correção do VMware
Fazer backup de todas base de dados no PostgreSQL
Montando sua máquina virtual para engenharia reversa em Linux
Comentários
[1] Comentário enviado por y2h4ck em 18/10/2006 - 13:12h
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
O arquivo do codigo fonte e o arquivo do download são diferentes.
Baixem e olhem o fonte verão a diferença.
Obrigado.
[2] Comentário enviado por sequelinha em 18/10/2006 - 18:15h
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Respondendo a resposta acima
Obrigado por ter verificado isso (o script verdadeiro que eu publiquei e o que esta no codigo fonte )o outro eu fiz o dowloand e dei uma olha naum foi eu que fiz
Obrigado
sequelinha
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Como gerar qualquer emoji ou símbolo unicode a partir do seu teclado
Instalar e Configurar o Slackware Linux em 2025
Como configurar os repositórios do apt no Debian 12 em 2025
Passkeys: A Evolução da Autenticação Digital
Instalação de distro Linux em computadores, netbooks, etc, em rede com o Clonezilla
Dicas
Configurando o Conky para iniciar corretamente no sistema
3 configurações básicas que podem melhorar muito a sua edição pelo editor nano
Como colorir os logs do terminal com ccze
Instalação Microsoft Edge no Linux Mint 22
Como configurar posicionamento e movimento de janelas no Lubuntu (Openbox) com atalhos de teclado
Tópicos
firefox nao guarda meus logins nos sites (1)
Instalar debian testing (13) "por cima" do debian 12 (2)
Erro de segmentação «Segmentation fault (core dumped)» ao retornar obj... (1)
Top 10 do mês
-
Xerxes
1° lugar - 83.817 pts -
Fábio Berbert de Paula
2° lugar - 60.425 pts -
Buckminster
3° lugar - 20.056 pts -
Mauricio Ferrari
4° lugar - 19.568 pts -
Daniel Lara Souza
5° lugar - 16.922 pts -
Alberto Federman Neto.
6° lugar - 16.784 pts -
Diego Mendes Rodrigues
7° lugar - 15.955 pts -
edps
8° lugar - 15.374 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
9° lugar - 13.980 pts -
Andre (pinduvoz)
10° lugar - 12.904 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
