Enviado em 26/08/2013 - 16:44h
Boa tarde prezados
#!/bin/bash
### Variaveis ###
IPT="iptables"
### Limpando as regras anteriores ###
$IPT -F
$IPT -t nat -F
echo -n "Iniciando Firewall: "
### Carregando Modulos ###
modprobe ip_tables
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
modprobe ipt_state
modprobe ipt_multiport
modprobe iptable_mangle
modprobe ipt_tos
modprobe ipt_limit
modprobe ipt_mark
modprobe tun
modprobe ipt_MARK
### Politica de Seguranca ###
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
### Compartilhando Conexao ###
$IPT -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#Servidor aplicacao
$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I INPUT -p udp -s IP-INTERNET --dport 3051 -j ACCEPT
$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I INPUT -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I FORWARD -p tcp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I INPUT -p udp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -I FORWARD -p udp -s IP-INTERNET --dport 3049 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 21 -i eth1 -j DNAT --to 192.168.0.5:21
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 21 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 21 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3051 -i eth1 -j DNAT --to 192.168.0.5:3051
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3051 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3051 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3049 -i eth1 -j DNAT --to 192.168.0.5:3049
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3049 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3049 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3050 -i eth1 -j DNAT --to 192.168.0.5:3050
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3050 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3050 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3389 -i eth1 -j DNAT --to 192.168.0.5:3389
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 3389 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 3389 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 4899 -i eth1 -j DNAT --to 192.168.0.5:4899
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 4899 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 4899 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 63101 -i eth1 -j DNAT --to 192.168.0.5:63101
$IPT -A FORWARD -d 192.168.0.5 -p tcp --dport 63101 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 63101 -j ACCEPT
####bloquear IP da rede
#iptables -A INPUT -s 192.168.1.149 -j REJECT
#iptables -A FORWARD -s 192.168.1.149 -j REJECT
### Navegacao ###
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o eth0 -s 192.168.0.0/24 -j ACCEPT
$IPT -A FORWARD -s 192.168.0.0/24 -o eth0 -j ACCEPT
$IPT -A INPUT -s 192.168.0.0/24 -j ACCEPT
### Pingar e ser Pingado ####
$IPT -A INPUT -p icmp -j ACCEPT
$IPT -A FORWARD -p icmp -j ACCEPT
### Navegar ###
$IPT -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
#liberando ssh e porta 80 pra rede interna
$IPT -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --dport 2222 -j ACCEPT
$IPT -A INPUT -i eth0 -p tcp --sport 2222 -j ACCEPT
### Outlook ###
$IPT -A FORWARD -p udp -s 192.168.0.0/24 -d 72.29.70.41 --dport 53 -j ACCEPT
$IPT -A FORWARD -p udp -s 72.29.70.41 --sport 53 -d 192.168.0.0/24 -j ACCEPT
$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 34249 -j ACCEPT
$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 26 -j ACCEPT
$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 25 -j ACCEPT
$IPT -A FORWARD -p TCP -s 192.168.0.0/24 --dport 110 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 26 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 25 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 110 -j ACCEPT
$IPT -A INPUT -p tcp --dport 63101 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 63101 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3051 -j ACCEPT
$IPT -A FORWARD -p tcp --sport 3051 -j ACCEPT
$IPT -t nat -A POSTROUTING -j MASQUERADE
#________________________________________________________________________________________________
#Portas liberadas
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 110 -j ACCEPT
$IPT -A INPUT -p tcp --dport 26 -j ACCEPT
$IPT -A INPUT -p tcp --dport 25 -j ACCEPT
$IPT -A INPUT -p tcp --dport 5900 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3389 -j ACCEPT
$IPT -A INPUT -p tcp --dport 20 -j ACCEPT
$IPT -A INPUT -p tcp --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp --dport 5900 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3389 -j ACCEPT
$IPT -A INPUT -p tcp --dport 4899 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3080 -j ACCEPT
$IPT -A INPUT -p tcp --dport 63101 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3049 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3050 -j ACCEPT
$IPT -A INPUT -p tcp --dport 3051 -j ACCEPT
#banco santander
$IPT -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to 192.168.0.142:80
$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 80 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.5 --dport 80 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 443 -i eth1 -j DNAT --to 192.168.0.142:443
$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 443 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 443 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 3080 -i eth1 -j DNAT --to 192.168.0.142:3080
$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 3080 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 3080 -j ACCEPT
$IPT -t nat -A PREROUTING -p tcp --dport 5001 -i eth1 -j DNAT --to 192.168.0.142:5001
$IPT -A FORWARD -d 192.168.0.142 -p tcp --dport 5001 -j ACCEPT
$IPT -A FORWARD -p tcp -i eth1 -d 192.168.0.142 --dport 5001 -j ACCEPT
### Redirecionamento de portas para o squid ###
$IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo "Firewall inicializado"
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (11)