Meu firewall me bloqueou.. não faço mais nada
Amigo,
eu uso o RH9 ... e meu script de firewall tah assim:
#######################
#!/bin/bash
# /etc/init.d/firewall
# chkconfig: 2345 100 20
# description: Inicializacao do iptables
# processname: iptables
# pidfile : /var/run/iptabless.pid
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
iptables=/sbin/iptables
modprobe=/sbin/modprobe
prog=firewall
LOG="iplog -i eth1 -w -d -l /var/log/iplogs"
case "$1" in
start)
echo -n $"Iniciando o serviço de $prog"
#gprintf "Iniciando o serviço de %s: " "IPtables"
$modprobe ip_tables
$modprobe iptable_filter
$modprobe iptable_nat
$modprobe ip_conntrack
$modprobe ip_conntrack_ftp
$modprobe ip_nat_ftp
$modprobe ipt_LOG
$modprobe ipt_state
$modprobe ipt_MASQUERADE
$iptables -F
$iptables -Z
$iptables -X
$iptables -t nat -F
$iptables -t nat -X
$iptables -t mangle -F
$iptables -t mangle -X
$iptables -P INPUT DROP
$iptables -P FORWARD DROP
$iptables -P OUTPUT ACCEPT
#echo "Ativando protecao de Entrada(Kernel)"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
for i in /proc/sys/net/ipv4/conf/*; do
echo 0 > $i/accept_redirects
echo 0 > $i/accept_source_route
echo 1 > $i/log_martians
echo 0 > $i/rp_filter
done
#echo "Ativando protecao de Entrada(INPUT)"
$iptables -I INPUT -i lo -j ACCEPT
$iptables -I OUTPUT -o lo -j ACCEPT
$iptables -I INPUT -i ! lo -s 127.0.0.0/255.0.0.0 -j DROP
$iptables -A INPUT -p tcp ! --syn -i eth1 -j ACCEPT
#printf "."
$iptables -A INPUT -s 10.0.0.0/8 -i eth1 -j DROP
$iptables -A INPUT -s 172.16.0.0/12 -i eth1 -j DROP
#$iptables -A INPUT -s 192.168.0.0/16 -i eth1 -j DROP
$iptables -A INPUT -s 224.0.0.0/4 -i eth1 -j DROP
$iptables -A INPUT -s 240.0.0.0/5 -i eth1 -j DROP
$iptables -A INPUT -p ALL -s 127.0.0.1 -i lo -j ACCEPT
$iptables -A INPUT -p ALL -s 192.168.1.5 -i lo -j ACCEPT
$iptables -A INPUT -p ALL -s 192.168.0.1 -i lo -j ACCEPT
$iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#echo "Liberando o acesso ao squid e outras portas"
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 3128 -j ACCEPT
$iptables -A INPUT -p udp -i eth0 -s 192.168.0.0/24 --dport 20000:30000 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 7002 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23000 -j ACCEPT
$iptables -A INPUT -p udp -i eth0 -s 192.168.0.0/24 --dport 5273 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 631 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 8080 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 8999 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23000 -j ACCEPT
$iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 137:139 -j ACCEPT
$iptables -A INPUT -p udp --dport 53 -j ACCEPT
$iptables -A INPUT -p tcp --dport 53 -j ACCEPT
$iptables -A INPUT -p tcp --dport 80 -j ACCEPT
$iptables -A INPUT -p tcp --dport 110 -j ACCEPT
$iptables -A INPUT -p tcp --dport 443 -j ACCEPT
$iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
#liberando respostas
$iptables -A INPUT -p tcp -i eth1 --dport 20 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 21 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 22 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 23 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 25 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 80 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 110 --syn -j ACCEPT
$iptables -A INPUT -p tcp -i eth1 --dport 443 --syn -j ACCEPT
$iptables -A INPUT -p icmp --icmp-type 8 -i eth0 -j ACCEPT
$iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$iptables -A INPUT -j LOG --log-prefix "Pacote input descartado:" --log-level 6
$iptables -A INPUT -j DROP
#echo "Liberando resposta DNS"
$iptables -A INPUT -p udp -s 200.196.99.2 --sport 53 -d 192.168.1.5 -j ACCEPT
$iptables -A INPUT -p udp -s 200.196.99.3 --sport 53 -d 192.168.1.5 -j ACCEPT
$iptables -A INPUT -i eth1 -f -j LOG --log-prefix "Pacote input fragmentado:" --log-level 6
$iptables -A INPUT -i eth1 -f -j DROP
#echo "Monitorando portas proibidas"
$iptables -A INPUT -p tcp -i eth1 --dport 31337 -j DROP
$iptables -A INPUT -p udp -i eth1 --dport 31337 -j DROP
$iptables -A INPUT -p tcp -i eth1 --dport 12345:12346 -j DROP
$iptables -A INPUT -p udp -i eth1 --dport 12345:12346 -j DROP
$iptables -A INPUT -p tcp -i eth1 --dport 1524 -j DROP
$iptables -A INPUT -p tcp -i eth1 --dport 27665 -j DROP
$iptables -A INPUT -p udp -i eth1 --dport 27444 -j DROP
$iptables -A INPUT -p udp -i eth1 --dport 31335 -j DROP
$iptables -A INPUT -p tcp -i eth1 --dport 113 -j REJECT
$iptables -A INPUT -p udp -i eth1 --dport 113 -j REJECT
$iptables -A INPUT -p tcp -i eth1 --dport 5999:6003 -j DROP
$iptables -A INPUT -p udp -i eth1 --dport 5999:6003 -j DROP
$iptables -A INPUT -p tcp -i eth1 --dport 7100 -j DROP
$iptables -A INPUT -p udp -s 0/0 -i eth1 --dport 33435:33525 -j DROP
#printf "."
#$LOG
#printf ".n"
#prontf "Your internet connection is up and running. IP logs can be #found in /va/log/iplogs.n"
$iptables -A INPUT -p tcp --dport 21 -j LOG --log-prefix "Porta FTP:" --log-level 6
$iptables -A INPUT -p tcp --dport 22 -j LOG --log-prefix "Porta SSH:" --log-level 6
$iptables -A INPUT -p tcp --dport 23 -j LOG --log-prefix "Porta TELNET:" --log-level 6
$iptables -A INPUT -p tcp --dport 137:139 -j LOG --log-prefix "Porta NETBUI:" --log-level 6
#echo "Monitorando BackDoors..."
$iptables -A INPUT -p tcp --dport 5042 -j LOG --log-prefix "Porta Wincrash:" --log-level 6
$iptables -A INPUT -p tcp --dport 12345 -j LOG --log-prefix "Porta BackOrifice:" --log-level 6
#Bloqueio a IP spoofing
$iptables -N syn-flood
$iptables -A INPUT -i eth1 -p tcp --syn -j syn-flood
$iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
$iptables -A syn-flood -j DROP
#echo "Configurando navegação..Repasse(FORWARD)"
$iptables -A FORWARD -m unclean -j DROP
$iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
$iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
$iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
$iptables -A FORWARD -m state --state INVALID -j DROP
$iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.196.99.2 --dport 53 -j ACCEPT
$iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.196.99.3 --dport 53 -j ACCEPT
$iptables -A FORWARD -p udp -s 200.196.99.2 --sport 53 -d 192.168.0.0/24 -j ACCEPT
$iptables -A FORWARD -p udp -s 200.196.99.3 --sport 53 -d 192.168.0.0/24 -j ACCEPT
$iptables -A FORWARD -p tcp --sport 53 -j ACCEPT
$iptables -A FORWARD -p udp --sport 53 -j ACCEPT
$iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 20 -j ACCEPT
$iptables -A FORWARD -p tcp --sport 20 -j ACCEPT
$iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 21 -j ACCEPT
$iptables -A FORWARD -p tcp --sport 21 -j ACCEPT
$iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT
$iptables -A FORWARD -p tcp --sport 22 -j ACCEPT
$iptables -A FORWARD -j LOG --log-prefix "Pacote forward descartado:" --log-level 6
$iptables -A FORWARD -j DROP
$iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#Diminuindo delay da rede para serviços essenciais
$iptables -t mangle -A INPUT -p tcp --dport 22 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A INPUT -p tcp --dport 25 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A INPUT -p tcp --dport 80 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A INPUT -p tcp --dport 110 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A INPUT -p tcp --dport 443 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A INPUT -p tcp --dport 3128 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p udp --sport 8999 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p udp --sport 23000 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p tcp -s 192.168.0.0/24 --dport 25 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p tcp -s 192.168.0.0/24 --dport 110 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p tcp --sport 25 -j TOS --set-to Minimize-Delay
$iptables -t mangle -A FORWARD -p tcp --sport 110 -j TOS --set-to Minimize-Delay
;;
stop)
echo -n $"Parando o serviço de $prog:"
#gprintf "Parando o serviço de %s: " "IPtables"
$iptables -F
$iptables -X
$iptables -F -t nat
$iptables -F -t mangle
echo
;;
restart)
echo -n $"Reiniciando o serviço de $prog:"
#gprintf "Reiniciando o serviço de %s: " "IPtables"
$0 stop
$0 start
echo
;;
status)
echo -n $"Status do serviço de $prog:"
#gprintf "Status do serviço de $prog"
$iptables -L
$iptables -L -t nat
$iptables -L -t mangle
echo
;;
*)
echo -n $"Uso: iptables (start|stop|restart|status)"
#gprintf "Uso: iptables {start|stop|restart|status}"
echo
;;
esac
exit 0
#############3
antes de copiar de uma olhada onde estão os seus módulos!!!!
tipo:
iptables=/sbin/iptables
modprobe=/sbin/modprobe
caso não saiba de o comando which iptables ou which modprobe
o meu iptables também é 1.2.7
um Abraço
Paulo Fernando Lamellas
Meu firewall me bloqueou.. não faço mais nada
Valeu, vou dar uma testada e ver se funciona.
Meu firewall me bloqueou.. não faço mais nada
Kra,
qual é sua distro???
Meu firewall me bloqueou.. não faço mais nada
me diz uma coisa porque vc nao bloquei as portas de backoriffice e wincrash em vem de so fazer logs?
[] dotta
Meu firewall me bloqueou.. não faço mais nada
Amigo,
pq eu preciso saber quais máquinas que são colocadas na rede e foram atacadas ou já possuiam as pragas