-
Nat
O NAT
chain=srcnat src-address=10.10.0.0/16 action=masquerade
chain=srcnat src-address=20.20.0.0/16 action=masquerade
chain=srcnat src-address=30.30.0.0/16 action=masquerade
chain=srcnat src-address=40.40.0.0/16 action=masquerade
chain=dstnat src-address=10.10.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=3126
chain=dstnat src-address=20.20.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=3126
chain=dstnat src-address=30.30.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=3126
chain=dstnat src-address=40.40.0.0/16 protocol=tcp dst-port=80
action=redirect to-ports=3126
-
Mangle
0 ;;; Ajuste de Bloqueio SSH e Telnet
chain=prerouting protocol=tcp dst-port=22-23
action=add-src-to-address-list address-list=drop_port_22_23
address-list-timeout=0s
1 ;;; MSN
chain=prerouting protocol=tcp src-port=1863 action=mark-packet
new-packet-mark=msn-out passthrough=yes
2 chain=prerouting protocol=tcp dst-port=1863 action=mark-packet
new-packet-mark=msn-in passthrough=yes
3 ;;; HTTP
chain=prerouting protocol=tcp dst-port=80 action=mark-connection
new-connection-mark=http_conn passthrough=yes
4 chain=prerouting connection-mark=http_conn action=mark-packet
new-packet-mark=http_down passthrough=yes
-
Address List
# LIST ADDRESS
0 not_in_internet 0.0.0.0/8
1 not_in_internet 169.254.0.0/16
2 not_in_internet 127.0.0.0/8
3 not_in_internet 224.0.0.0/3
4 drop_port_22_23 0.0.0.0
5 port scaners 0.0.0.0
Obrigado