#chkconfig: 30 10 06 # #description: Carregar regras do Firewall # #processname: firewall #pidfile: /var/run/firewall.pid #config: /etc/rc.d/init.d/firewall #probe:true # #-----------------------------------------------------------------------------# case "$1" in start) echo -e "\nIniciando o FIREWALL...\n" iptables -t nat -F iptables -t mangle -F iptables -t filter -F iptables -X iptables -Z echo "--> Limpeza de regras pre-existentes [ OK ]" #-----------------------------Definindo Policies------------------------------# iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT echo "--> Definicao das policies [ OK ]" #----------------------------Definindo roteamento-----------------------------# echo "1" > /proc/sys/net/ipv4/ip_forward echo "--> Definicao de roteamento entre redes [ OK ]" #-------------------------Habilita Modulos do Kernel--------------------------# modprobe iptable_nat modprobe iptable_filter modprobe ip_tables modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_nat_ftp modprobe ipt_MASQUERADE modprobe ipt_LOG echo "--> Carga dos modulos do Kernel [ OK ]" #----------------------------- Tabela FILTER ---------------------------------# ## CHAIN INPUT # iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT iptables -A INPUT -j REJECT echo "--> Carga das regras da Tabela FILTER:INPUT [ OK ]" #---------------------------------Tabela NAT----------------------------------# # Bloqueia Acesso a sites proibidos que utilizam a porta 443 iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d www.orkut.com -p tcp -m tcp --dport 443 -j DROP # Proxy Transparente iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 3128 # Nega tentativas de conexao na porta 80 iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DROP # Ativa o mascaramento iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE echo "--> Carga das regras da Tabela NAT [ OK ]" #-----------------------------Atualizando status------------------------------# $IPTSAVE > /var/firewall/last-state/firewall echo #-----------------------------------------------------------------------------# ;; stop) echo -e "\nDescarregando FIREWALL e configurando Chains para ACCEPT\n" echo "1" > /proc/sys/net/ipv4/ip_forward #-----------------------------Limpando as Tabelas-----------------------------# iptables -t mangle -F iptables -t filter -F iptables -X iptables -Z #-----------------------------Definindo Policies------------------------------# iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT #-----------------------------Atualizando status------------------------------# iptables-save > /var/firewall/last-state/firewall ;; restart) $0 stop $0 start ;; status) #iptables -L |less iptables-save > /var/firewall/last-state/firewall cat /var/firewall/last-state/firewall |less ;; *) echo "Sintaxe: firewall {start|stop|status}" exit 1 esac exit 0