Enviado em 28/10/2015 - 10:58h
Olá pessoal,
######################################
# Compartilhamento da Internet #
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
########################################
# Variaveis #
IF_EXT=eth0
IF_IN=eth1
IP_EXT=221.54.182.4
IP_IN=192.168.50.1
IP_CASERVER=192.168.50.200
PORTAS_DE_SERVICOS_1=80,443,8080,53,8081,20,21,22,3389,5432,25,465,995,222
PORTAS_DE_SERVICOS_2=34567,161,162,10050,10051
case "$1" in
start)
echo "Firewall Ligado!"
########################################
# Definir politicas BLOQUEIO #
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
########################################
# REGRAS DE NAT #
#NAT - CAServer (Porta: 2020)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2020 -j DNAT --to 192.168.50.200:3389
# IMPUT ######################################################
#statefull
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#icmp (ping)
iptables -A INPUT -p icmp -j ACCEPT
#ntop
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -p udp --dport 3000 -j ACCEPT
#ssh
iptables -A INPUT -p tcp --dport 222 -j ACCEPT
#Zabbix
iptables -A INPUT -p tcp --dport 10050 -j ACCEPT
iptables -A INPUT -p tcp --dport 10051 -j ACCEPT
#
iptables -A INPUT -p tcp --dport 2020 -j ACCEPT
##############################################################
##############################################################
# OUTPUT #####################################################
#statefull
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#icmp (ping)
iptables -A OUTPUT -p icmp -j ACCEPT
#DNS
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
#NTP
iptables -A OUTPUT -p tcp --dport 123 -j ACCEPT
iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
#HTTP
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
#HTTPS
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
##############################################################
##############################################################
# FORWARD ####################################################
#statefull
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#HTTP,HTTPS e outros serviços tradicionais para navegacao.
iptables -A FORWARD -p tcp -m multiport --dport $PORTAS_DE_SERVICOS_1 -i $IF_IN -j ACCEPT
iptables -A FORWARD -p udp -m multiport --dport $PORTAS_DE_SERVICOS_1 -i $IF_IN -j ACCEPT
iptables -A FORWARD -p tcp -m multiport --dport $PORTAS_DE_SERVICOS_2 -i $IF_IN -j ACCEPT
iptables -A FORWARD -p udp -m multiport --dport $PORTAS_DE_SERVICOS_2 -i $IF_IN -j ACCEPT
#whois
iptables -A FORWARD -p tcp --dport 43 -j ACCEPT
#ping para fora
iptables -A FORWARD -p icmp -i $IF_IN -j ACCEPT
iptables -A FORWARD -p icmp -o $IF_IN -j ACCEPT
#NTP
iptables -A FORWARD -p udp --dport 123 -o $IF_EXT -j ACCEPT
;;
stop)
echo "Firewall Desligado!"
######################################
# Zerar Regras #
######################################
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
iptables -t nat -F
######################################
# Definir politicas ACEITA TUDO #
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
;;
restart)
/etc/init.d/firewall.sh stop
/etc/init.d/firewall.sh start
;;
*)
echo "Use: /etc/init.d/firewall.sh {start | stop | restart}"
exit 1
;;
esac
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Não to conseguindo resolver este problemas ao instalar o playonelinux (1)
Excluir banco de dados no xampp (1)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta