#!/bin/sh
# Firewall
# Limpa regras
iptables -F
# Apaga CHAINs
iptables -X
# Zera contadores
iptables -Z
# Altera policiamento padrao
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Protecao contra port scanners
iptables -N SCANNER
iptables -A SCANNER -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL NONE -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL ALL -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i eth1 -j SCANNER
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i eth1 -j SCANNER
# Protecao contra spoofed adreess
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -j DROP
iptables -A INPUT -s 224.0.0.0/4 -j DROP
iptables -A INPUT -s 240.0.0.0/5 -j DROP
# Libera conexoes ja estabelecidas
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Libera Loopback
iptables -A INPUT -i lo -j ACCEPT
# Bloqueia Ping
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# Libera ICQ
iptables -A INPUT -p tcp --sport 5190 -j ACCEPT
# Libera Navegacao
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
# Libera FTP
iptables -A INPUT -p tcp --sport 20 -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -j ACCEPT
# Libera SSL
iptables -A INPUT -p tcp --sport 443 -j ACCEPT
# Libera aMule
iptables -A INPUT -p tcp --sport 4661 -j ACCEPT
iptables -A INPUT -p tcp --dport 4662 --syn -j ACCEPT
iptables -A INPUT -p tcp --sport 4711 -j ACCEPT
iptables -A INPUT -p udp --dport 4672 -j ACCEPT
iptables -A INPUT -p udp --sport 4665 -j ACCEPT
# Libera IRC e DCC
iptables -A INPUT -p tcp --sport 6665:7000 -j ACCEPT
iptables -A INPUT -p tcp --dport 5000:5010 -j ACCEPT
# Libera DNS
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
# Libera POP e SMTP
iptables -A INPUT -p tcp --sport 110 -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -j ACCEPT
# Libera Radios
iptables -A INPUT -p tcp --sport 8000 -j ACCEPT
iptables -A INPUT -p tcp --sport 8004 -j ACCEPT
iptables -A INPUT -p tcp --sport 8300 -j ACCEPT
# Loga chain INPUT
iptables -A INPUT -j LOG --log-prefix "Firewall: "
# FIM