volcom
(usa Debian)
Enviado em 23/04/2010 - 11:31h
Quando eu libero tudo para Forward vai numa boa senão dá que a página não pode ser exibida, tempo limite atingido.
Segue minhas regras de firewall:
# IP Externo
IP_EXT=`ifconfig eth0| grep -i inet| cut -d ":" -f 2| cut -b 2-| sed 's/ /\n/g'| head -n 1`
# IP Interno
IP_INT=`ifconfig eth1| grep -i inet| cut -d ":" -f 2| cut -b 2-| sed 's/ /\n/g'| head -n 1`
# IP para direcionamento de acesso remoto
IP_REMOTO=`cat /root/var.txt | grep -i Remote | cut -d ":" -f2`
# Host para direcionamento de acesso remoto
HOST_REMOTO=`cat /root/var.txt | grep -i Host | cut -d ":" -f2`
#echo $IP_EXT $IP_INT $IP_REMOTO $HOST_REMOTO
########## Ativa roteamento
echo 1 > /proc/sys/net/ipv4/ip_forward
########## Limpa Regras nas tabelas Filters e NAT
iptables -F
iptables -F -t nat
########## Bloqueia Todas as Entradas e Saidas
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
########## Permite ssh para o firewall
iptables -A INPUT -p tcp -i eth1 -s 192.168.1.0/24 --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -o eth1 -d 192.168.1.0/24 --sport 22 -j ACCEPT
iptables -A FORWARD -p tcp -i eth1 -s 192.168.1.0/24 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -o eth1 -d 192.168.1.0/24 --sport 22 -j ACCEPT
########## Cria mascaramento da rede interna com a Internet - IP Dinamico
iptables -A INPUT -d $IP_INT -p tcp --dport 3128 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
########## Cria mascaramento da rede interna com a Internet - IP Fixo
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 201.87.127.223
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $IP_EXT
######### Regras e Modulos para permitir uso de FTP
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 20:21 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth0 --sport 20:21 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
modprobe ip_nat_ftp
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
########## Permite comunicacao com servidores DNS
iptables -A FORWARD -p udp -s 192.168.1.0/24 --sport 1024: -d 0/0 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 --sport 53 -d 192.168.1.0/24 --dport 1024: -j ACCEPT
########## Permite comunicacao com protocolo HTTP
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 80 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com protocolo HTTPS
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 443 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com protocolo DynDNS
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 8245 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 8245 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com protocolos 3DES, SHA1
iptables -A FORWARD -p udp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 40002 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth0 --sport 40002 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 40003 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth0 --sport 40003 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 40004 -j ACCEPT
iptables -A FORWARD -p udp -s 0/0 -i eth0 --sport 40004 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com SERASA Porta 3006
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3006 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 3006 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com Terminal Server
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 3389 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite a Rede Local pingar na Internet
iptables -A FORWARD -p icmp --icmp-type ping -s 192.168.1.0/24 -i eth1 -d 0/0 -o eth0 -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type ping -s 0/0 -i eth0 -d 192.168.1.0/24 -o eth1 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -s 192.168.1.0/24 -j ACCEPT
######### Permite Ping com rede Externa
iptables -A INPUT -p icmp --icmp-type 8 -i eth0 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 0/0 -j ACCEPT
########## Permite a Rede Local acessar um servidor POP3 na Internet
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 110 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite a Rede Local acessar um servidor SMTP na Internet - India
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 201.20.13.196 -o eth0 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 201.20.13.196 -i eth0 --sport 25 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite a Rede Local acessar um servidor SMTP na Internet - Omega
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 201.20.13.197 -o eth0 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 201.20.13.197 -i eth0 --sport 25 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite a Rede Local acessar um servidor SMTP na Internet - Intelig Polifemi
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 201.12.41.142 -o eth0 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 201.12.41.142 -i eth0 --sport 25 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
# LIBERA TUDO MARCIO PARA FIREWALL
iptables -A INPUT -s 192.168.1.20 -d 192.168.1.232 -j ACCEPT
iptables -A INPUT -s 192.168.1.232 -d 192.168.1.20 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.20 -d 192.168.1.232 -j ACCEPT
iptables -A OUTPUT -s 192.168.1.232 -d 192.168.1.20 -j ACCEPT
iptables -A FORWARD -s 192.168.1.20 -d 192.168.1.232 -j ACCEPT
iptables -A FORWARD -s 192.168.1.232 -d 192.168.1.20 -j ACCEPT
########## Permite comunicacao completa para HOSTMEDIA
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -d 74.54.98.20 -o eth0 -j ACCEPT
iptables -A FORWARD -s 74.54.98.20 -i eth0 -d 192.168.1.0/24 -o eth1 -j ACCEPT
########## Permite comunicacao completa para OPUS
########## Marcio
iptables -A FORWARD -s 192.168.1.152 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.152 -o eth1 -j ACCEPT
########## DANIEL
iptables -A FORWARD -s 192.168.1.21 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.21 -o eth1 -j ACCEPT
########## WILLIAM
iptables -A FORWARD -s 192.168.1.22 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.22 -o eth1 -j ACCEPT
########## PITA
iptables -A FORWARD -s 192.168.1.25 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.25 -o eth1 -j ACCEPT
########## Helder
iptables -A FORWARD -s 192.168.1.24 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.24 -o eth1 -j ACCEPT
########## LILIAN LOLA
iptables -A FORWARD -s 192.168.1.36 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.36 -o eth1 -j ACCEPT
########## MARCIO CASTILHEIRO
iptables -A FORWARD -s 192.168.1.20 -i eth1 -d 201.6.107.15 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.6.107.15 -i eth0 -d 192.168.1.20 -o eth1 -j ACCEPT
########## Permite comunicacao completa para OPUS NOVO
########## Marcio
iptables -A FORWARD -s 192.168.1.152 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.152 -o eth1 -j ACCEPT
########## DANIEL
iptables -A FORWARD -s 192.168.1.21 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.21 -o eth1 -j ACCEPT
########## WILLIAM
iptables -A FORWARD -s 192.168.1.22 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.22 -o eth1 -j ACCEPT
########## PITA
iptables -A FORWARD -s 192.168.1.25 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.25 -o eth1 -j ACCEPT
########## Helder
iptables -A FORWARD -s 192.168.1.24 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.24 -o eth1 -j ACCEPT
########## LILIAN LOLA
iptables -A FORWARD -s 192.168.1.36 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.36 -o eth1 -j ACCEPT
########## MARCIO CASTILHEIRO
iptables -A FORWARD -s 192.168.1.20 -i eth1 -d 201.27.14.113 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.27.14.113 -i eth0 -d 192.168.1.20 -o eth1 -j ACCEPT
########## Permite comunicacao Nathalia e Nilda completa para Conectividade Social
iptables -A FORWARD -s 192.168.1.57 -i eth1 -d 0/0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.57 -o eth1 -j ACCEPT
######### Lair
iptables -A FORWARD -s 192.168.1.33 -i eth1 -d 0/0 -o eth0 -j ACCEPT
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.33 -o eth1 -j ACCEPT
########## Permite comunicacao com MySQL
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3306 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 3306 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com VNC
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 5900 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 5900 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
## Libera SQL do SYSBD para SYSWEB - ALOG
iptables -A FORWARD -p tcp --sport 1433 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1433 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1433 -j DNAT --to-destination 192.168.1.6
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1433 -j DNAT --to-destination 192.168.1.6
########## Permite cominicacao com Banco Indusval
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 1414 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 1414 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com Banco Rural na porta 8444
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 8444 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 8444 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com Sistema de Cameras
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 5400 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 5400 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
######### YAZIGI TRAVEL
########## Permite comunicacao com Empresa Externa - YET
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 8007 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 8007 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Rextur
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30030 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30030 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Rextur
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30031 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30031 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Rextur
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30032 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30032 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Rextur
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 30051 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 30051 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Rextur
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 6723 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 6723 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao com YET e sistema Cotacao
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 1818 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 1818 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
########## Permite comunicacao completa YET para Sabre
iptables -A FORWARD -s 192.168.1.78 -i eth1 -d 151.193.180.231 -o eth0 -j ACCEPT
iptables -A FORWARD -s 151.193.180.231 -i eth0 -d 192.168.1.78 -o eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.1.78 -i eth1 -d 151.193.180.227 -o eth0 -j ACCEPT
iptables -A FORWARD -s 151.193.180.227 -i eth0 -d 192.168.1.78 -o eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.1.78 -i eth1 -d 151.193.141.254 -o eth0 -j ACCEPT
iptables -A FORWARD -s 151.193.141.254 -i eth0 -d 192.168.1.78 -o eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.1.78 -i eth1 -d 201.53.42.140 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.53.42.140 -i eth0 -d 192.168.1.78 -o eth1 -j ACCEPT
########## Permite comunicacao completa do Kleber-YET para Sistema de Boleto
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -d 201.62.112.165 -o eth0 -j ACCEPT
iptables -A FORWARD -s 201.62.112.165 -i eth0 -d 192.168.1.0/24 -o eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -i eth1 -d 189.19.26.137 -o eth0 -j ACCEPT
iptables -A FORWARD -s 189.19.26.137 -i eth0 -d 192.168.1.0/24 -o eth1 -j ACCEPT
########## Permite comunicacao com porta 1007 YET
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1007 -j ACCEPT
########## Permite comunicacao com ReceitaNet 2006
iptables -A FORWARD -p tcp -s 192.168.1.0/24 -i eth1 --sport 1024: -d 0/0 -o eth0 --dport 3456 -j ACCEPT
iptables -A FORWARD -p tcp -s 0/0 -i eth0 --sport 3456 -d 192.168.1.0/24 -o eth1 --dport 1024: -j ACCEPT
######## Direciona o Acesso remoto pra IP interno - $HOST_REMOTO
iptables -A FORWARD -p tcp --sport 3389 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3389 -j DNAT --to-destination 192.168.1.87
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 3389 -j DNAT --to-destination 192.168.1.87
######## Direciona o Acesso remoto pra IP interno - CAMERAS
iptables -A FORWARD -p tcp --sport 5400 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5400 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5400 -j DNAT --to-destination 192.168.1.100
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5400 -j DNAT --to-destination 192.168.1.100
####################################################################################################################
########## Redireciona os pacotes para porta 80 para a 3128
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -i eth1 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
########## Redireciona os pacotes para porta 8080 para a 3128
########## iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -i eth1 -d 0/0 --dport 8080 -j REDIRECT --to-port 3128
########## Redireciona os pacotes para porta 443 para a 3128
########## iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -i eth1 -d 0/0 --dport 443 -j REDIRECT --to-port 3128
########## Permite a entrada de pacotes para a porta 3128
iptables -A INPUT -s 192.168.1.0/24 -i eth1 -p tcp --dport 3128 -j ACCEPT
########## Permite a Rede Local enviar pacotes para a porta 80 na Web
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
########## Permite a Rede Local enviar pacotes para a porta 443 na Web
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 443 -j ACCEPT
########## Libera o PROXY, que estáentro do firewall pesquisar na web
iptables -A OUTPUT -p tcp -o eth0 -d -0/0 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -s -0/0 --sport 80 -j ACCEPT
########## Libera o PROXY, que estáentro do firewall pesquisar na web
iptables -A OUTPUT -p tcp -o eth0 -d -0/0 --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -s -0/0 --sport 443 -j ACCEPT
########## Libera o PROXY, que estáentro do firewall pesquisar DNS
iptables -A OUTPUT -p udp -o eth0 -d -0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 -s -0/0 --sport 53 -j ACCEPT
########## Libera o retorno do pacotes do PROXY para a rede local
iptables -A OUTPUT -d 192.168.1.0/24 -o eth1 -p tcp --sport 3128 -j ACCEPT
########## Libera o trafico interno da loopback com ela mesma
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT