firewall [Shell Script]

firewall

Publicado por Perfil removido 17/02/2006

[ Hits: 5.472 ]

Download firewall

0 0

Denuncie Favoritos Indicar

Esse é um script de um firewall simples, tendo como base esse script fica facil fazer um firewall :D !!

#!/bin/bash
                                                                                                                             
echo #########################################################
echo Criador  Matheus Anderson
echo email=matheusanderson@gmail.com
echo #########################################################
                                                                                                                             
#Variaveis
REDELOCAL="192.168.0.0/24"
TODOS="0/0"
                                                                                                                             
#Liberar Portas (NAT) Portas
PORTAS="21 1433 80"
for PORT in `echo $PORTAS`
do
iptables -t nat -A POSTROUTING -s $REDELOCAL -p tcp -d $TODOS --dport $PORT -o eth1 -j MASQUERADE
iptables -I FORWARD -p tcp -d $TODOS --dport $PORT -s $REDELOCAL -j ACCEPT
iptables -I OUTPUT -p tcp -d $TODOS --dport $PORT -j ACCEPT
done
                                                                                                                             
# Ignora pings
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
                                                                                                                             
                                                                                                                             
# Proteções diversas contra portscanners, ping of death, ataques DoS, etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A FORWARD -m unclean -j DROP
                                                                                                                             
                                                                                                                             
# Abre para a interface de loopback.
# Esta regra é essencial para o KDE e outros programas gráficos funcionarem
#adequadamente.
iptables -A INPUT -p tcp --syn -s 127.0.0.1/255.0.0.0 -j ACCEPT
                                                                                                                             
# Redireciona uma faixa de portas para um micro da rede local
REDIRECT="1433:1433-192.168.0.1 1434:1434-192.168.0.1"
 
for REDI in `echo $REDIRECT`
do
        PORT=`echo "$REDI" | cut -d"-" -f1`
        IPDEST=`echo "$REDI" | cut -d"-" -f2`
 
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p tcp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p udp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
done
 
#Bloqueia todas as portas que não foram liberados nas regras acima !!
iptables -A INPUT -p tcp --syn -j DROP
 
#Visualisando as regras
iptables -L -n
 
echo #####################################
echo Visualisando Regras com "-t nat"
echo #####################################
 
iptables -t nat -L

Scripts recomendados

smbs

Criar lançadores de aplicativos no Unity

Agenda de telefone em Shell usando Dialog

Criar Script para apagar determinados arquivos

Agendamento de compromissos com avisos baseados no horário

Comentários

Nenhum comentário foi encontrado.