Script de Firewall

Publicado por Perfil removido 21/01/2005

[ Hits: 5.471 ]

Download rc.firewall




Script básico bom pra filtrar umas lanzinhas por ae!! ;-)

  



Esconder código-fonte

#!/bin/sh
#
#
# Todo: Setup loggin, allow access to ssh/smtp/web to internal box
#       test to make sure instant messengers can send/receive files
#       test to make sure irc dcc chats/sends work
#       block certain ads from displaying
#
#

IPTABLES="/sbin/iptables"   ## location to iptables binary file

EXTDEV="eth0"               ## external device that connects to modem
INTDEV="eth1"               ## internal device that connects to lan

EXTIP=`ifconfig $EXTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## external ip address
INTIP=`ifconfig $INTDEV | grep inet | cut -f2 -d: | cut -f1 -d" "` ## internal ip address

case "$1" in
  start)

#
## First we want to enable ip forwarding
#
echo -n "Enabling IP Forwarding ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Secondly we want to enable dynamic ips
#
echo -n "Enabling Dynamic Ips ... "
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "done."

#
## Now lets clear all the tables incase they were improperly shutdown
#

echo -n "Flushing tables, Setting default policies to DROP ... "
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
echo "done."

#
## Its time to start setting up our rules and policies
#

echo -n "Setting up the firewall now ... "
## First we want to allow only incoming connections that we establish first
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Next we want to allow ssh incoming connections as well
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT

#
## Now we are going to allow our lan with access to the external network
#

## First we allow all established connections to be forwarded internally
$IPTABLES -A FORWARD -i $EXTDEV -m state --state RELATED,ESTABLISHED -j ACCEPT

## Second we allow all connections from the lan to the external network
$IPTABLES -A FORWARD -i $INTDEV -o $EXTDEV -j ACCEPT

## Masquerade from Internal Net to External Net
$IPTABLES -A POSTROUTING -t nat -o $EXTDEV -j MASQUERADE

#
## And last thing we need to worry about is what the internal network has access to do externally
#

$IPTABLES -P OUTPUT ACCEPT


echo "Firewall has been fully installed"

;;
stop)

echo -n "Flushin all rules ... "
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t nat -F OUTPUT
echo "done."
;;
restart)
$0 stop
$0 start
;;
status)
$IPTABLES -L
;;
*)
echo "usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0

## EOF ##

Scripts recomendados

Instalando docker

Monitoração do CBQ

Enviar via FTP todos as pastas / sub-pastas e arquivos, a partir do diretorio de origem inclusive

Expect-Bash

registra quais as máquinas da sala estão ligadas


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário