Iptables

Disponível somente no TrabalhosFeitos
  • Páginas : 2 (307 palavras )
  • Download(s) : 0
  • Publicado : 17 de julho de 2012
Ler documento completo
Amostra do texto
#!/bin/bash IF_EXT="eth0" IF_LAN="eth1" IF_DMZ="eth2"

if [ "$1" = "-F" ];then iptables -F iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT exitfi # Limpar Regras iptables -F # Politicas Padroes iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Habilita o Encaminhamento echo 1 >/proc/sys/net/ipv4/ip_forward ################# # Regras Filter # # INPUT # Limita pacotes ICMP iptables -A INPUT -i $IF_EXT -p icmp --icmp-type echo-request \ -m limit --limit 1/min --limit-burst1 -j ACCEPT iptables -A INPUT -i $IF_EXT -s 10.7.14.53 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i $IF_EXT -p tcp --dport 80 -j ACCEPT

# Libera o Acesso ao SSH iptables-N SSH #iptables -A INPUT -i $IF_EXT -p tcp --dport 22 -m state --state NEW \ # -j SSH iptables -A SSH -j LOG --log-prefix "CONEXAO SSH_" iptables -A SSH -m recent --update--second 120 -j REJECT iptables -A SSH -m recent --set -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED,RELATED\ -j ACCEPT iptables -A INPUT -i $IF_LAN -p tcp--dport 22 -j ACCEPT

iptables -A INPUT -i $IF_LAN -p icmp -j ACCEPT # OUTPUT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o $IF_EXT-p tcp --sport 22 -j ACCEPT iptables -A OUTPUT -o eth1 -p icmp -j ACCEPT # FORWARD iptables -A FORWARD -i $IF_LAN -o $IF_EXT -p tcp -s 192.168.0.0/24 \ -m multiport--destination-ports 53,80,443 \ -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $IF_EXT -o $IF_LAN -p tcp -d 192.168.0.0/24 \ -m state --state ESTABLISHED,RELATED -j ACCEPT############## # Regras Nat # iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.0.2 # POSTROUTING # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

tracking img