msn nao bloqueia

1. msn nao bloqueia

marcelo paglione
marcelopaglione

(usa Ubuntu)

Enviado em 21/11/2010 - 23:39h

Caros amigos nao consigo bloquear o MSN, segue o meu firewall. Se alguem pudef ajudar agradeço.

#! /bin/sh

#Compartilha a conexao:
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo "Compartilhamento ativado"

#Proxy transparente
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128
echo "Proxy transparente ativado"

# Módulos #
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

####################
### Função START ###
####################

firewall2_start() {
echo "Iniciando o Firewall.......................[ OK ]"

# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle

# Politicas padrao #
iptables -t filter -P INPUT DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

# Manter conexoes ja estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT

###############################
#         Proteções           #
###############################

# Protege contra port scanners avançados (Ex.: nmap)
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 20/m -j ACCEPT

# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth1 --dport 33435:33525 -j REJECT

# Protecoes contra ataques
iptables -A INPUT -m state --state INVALID -j REJECT

###############################
#       TABELA Input          #
###############################
### Destino Externo ###
#aceita conexoes na interface da rede local e na porta 22 e 2121
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -P tcp --dport 2121 -j ACCEPT

#Descarta pacotes mal formados, protegendo contra ataques diversos
iptables -A INPUT -m state --state INVALID -j DROP

### Destino Interno ###

# Liberando Porta 22 (SSH)
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT

# Liberando porta 3128 (Squid)
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 3128 -j ACCEPT

# Liberando Porta 80 (http)
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT

# Liberando Porta 2121 (ftp)
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT

# Liberando porta 3000 (NTOP)
iptables -A INPUT -d 192.168.1.0/24 -p tcp --dport 3000 -j ACCEPT

###############################
#       TABELA Forward        #
###############################

# Libera computador das regras do firewall
#iptables -A FORWARD -s 192.168.4.13 -p tcp  -j ACCEPT
#iptables -A FORWARD -s 192.168.4.13 -p udp  -j ACCEPT

### MSN ###
# Libera msn para o IP #
# nome
#iptables -A FORWARD -s 192.168.1.100 -p tcp --dport 1863 -j ACCEPT

# Bloqueio de MSN #

iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 1863 -j DROP
iptables -A FORWARD -s 192.168.1.0 -d loginnet.passport.com -j DROP
iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1863 -j DROP
iptables -A FORWARD -s 198.164.1.0/24 -d loginnet.passport.com -j DROP
iptables -A FORWARD -s 198.164.1.0/24 -d messenger.hotmail.com -j DROP
iptables -A FORWARD -s 198.164.1.0/24 -d webmessenger.msn.com -j DROP
iptables -A FORWARD -p tcp --dport 1080 -j DROP
iptables -A FORWARD -s 198.164.1.0/24 -p tcp --dport 1080 -j DROP
iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -t filter -A FORWARD -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -t filter -A INPUT -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -t filter -A FORWARD -d orkut.com -p tcp --dport 433 -j DROP
iptables -t filter -A INPUT -d orkut.com -p tcp --dport 443 -j DROP
iptables -t filter -A OUTPUT -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d meebo.com -p tcp --dport 443 -j DROP
iptables -A INPUT -d meebo.com -p tcp --dport 443 -j DROP

#bloquear o MSN
iptables -t filter -A INPUT -d 207.46.1.0/24 -j DROP
iptables -t filter -A FORWARD -d 207.46.1.0/24 -j DROP
iptables -t filter -A OUTPUT -d 207.46.1.0/24 -j DROP
iptables -t filter -A INPUT -d 200.46.110.0/24 -j DROP
iptables -t filter -A FORWARD -d 200.46.110.0/24 -j DROP
iptables -t filter -A OUTPUT -d 200.46.110.0/24 -j DROP
iptables -t filter -A FORWARD -d 192.168.1.0/24 loginnet.passport.com -j DROP
iptables -A OUTPUT -p tcp --dport 1863 -j REJECT

# Liberando Porta 22 (SSH)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 22 -j ACCEPT
# Liberando Porta 110 (pop-3)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 110 -j ACCEPT

# Liberando Porta 995 (spop-3)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 995 -j ACCEPT

# Liberando Porta 25 (smtp)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 25 -j ACCEPT

# Liberando Porta 465 (smtp-s)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 465 -j ACCEPT

# Liberando Porta 2121 (ftp)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 2121 -j ACCEPT

# Liberando Porta 21 (ftp)
iptables -A FORWARD -s 192.168.1.0 -p udp --dport 21 -j ACCEPT

# Liberando porta 53 (DNS)
iptables -A FORWARD -s 192.168.1.0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0 -p udp --dport 53 -j ACCEPT

# Regras forward para o funcionamento de redirecionamento de portas (NAT)
# Redirecionando porta 5900 (VNC)
iptables -A FORWARD -p tcp --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5800 -j ACCEPT

#Impede a abertura de novas conexoes , bloqueando o acesso externo ao seu servidor
#Com exceção das portas especificadas anteriormente
iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -A INPUT -p udp -j DROP

}

##################
### Função STOP ##
##################

firewall2_stop() {

echo "Parando firewall e funcionando apenas com mascaramento ........................[ OK ]"

# Limpa as regras #
iptables -X
iptables -Z
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F -t mangle

# Politicas padrao #
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

# Manter conexoes jah estabelecidas para nao parar
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Aceita todo o trafego vindo do loopback e indo pro loopback
iptables -t filter -A INPUT -i lo -j ACCEPT

echo "Regras Limpas e Firewall desabilitado ...........................................[ << ATENÇÂO >> FIREWALL DESATIVADO ]"

firewall2_restart() {

echo "Reiniciando Firewall.............................................................................[ OK ]"

  firewall2_stop
  sleep 3
  firewall2_start

echo "Firewall Reiniciado..............................................................................[ OK ]"

}

case "$1" in
'start')
  firewall2_start

echo "Firewall Iniciado................................................................................[ OK ]"

  ;;
'stop')
  firewall2_stop
  ;;
'restart')
  firewall2_restart
  ;;
*)
        echo "Opções possíveis:"
        echo "firewall start"
        echo "firewall stop"
        echo "firewall restart"
esac

echo "Regras de Firewall e compartilhamento ativados"

}

para(){
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
echo "Regras de firewall desativados"
}

case "$1" in
"start") iniciar ;;
"stop") parar ;;
"restart") parar; iniciar ;;
*) echo "Use os parametros start ou stop"
esac


  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts