Aeh galera, vejam meu firewall, o que acontece é que o samba não funciona, alguém pode me dar uma luz
#Tabela filter
/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t filter -P FORWARD DROP
# Tabela nat
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
#Permite tráfego local
#/sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
#Limita pings a 1 por segundo, request and reply
/sbin/iptables -A block -p icmp -d 192.168.0.1 --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A block -p icmp -d 192.168.0.1 --icmp-type echo-reply -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A block -p icmp -d 127.0.0.1 --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A block -p icmp -d 127.0.0.1 --icmp-type echo-reply -m limit --limit 1/s -j ACCEPT
#Limita a um maximo de 6 conexões por segundo
/sbin/iptables -A block -p tcp --syn -m limit --limit 6/s
#Aceita conexões para http e dns
/sbin/iptables -A block -p tcp -d 192.168.0.1 --syn --destination-port 80 -j ACCEPT
/sbin/iptables -A block -p tcp -d 192.168.0.1 --syn --destination-port 53 -j ACCEPT
#Permite o samba funcionar
/sbin/iptables -A block -p tcp -s 192.168.0.0/24 -i eth0 --destination-port 137:139 -j ACCEPT
/sbin/iptables -A block -p tcp -s 192.168.0.0/24 -i eth0 --destination-port 445 -j ACCEPT
/sbin/iptables -A block -p udp -s 192.168.0.0/24 -i eth0 --destination-port 137:139 -j ACCEPT
/sbin/iptables -A block -p udp -s 192.168.0.0/24 -i eth0 --destination-port 445 -j ACCEPT
#Bloqueia acesso a todas as outras portas
/sbin/iptables -A block -p tcp -d 192.168.0.1 --destination-port 0:1024 -j DROP
/sbin/iptables -A block -p udp -d 192.168.0.1 --destination-port 0:1024 -j DROP
#Aceita conexões exceto as vindas de ppp0
/sbin/iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A block -j DROP
## Saltar das chains INPUT e FORWARD para a CHAIN block.
/sbin/iptables -t filter -A INPUT -j block
/sbin/iptables -t filter -A FORWARD -j block
e mais uma coisa, se eu colocar a regra
#Aceita conexões exceto as vindas de ppp0
/sbin/iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
/sbin/iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
depois das regras de policiamento padrão, eu consigo fazer o ssh para 192.168.0.1 memo temdo a regra
#Bloqueia acesso a todas as outras portas
/sbin/iptables -A block -p tcp -d 192.168.0.1 --destination-port 0:1024 -j DROP
no final do script por que isso? a regra --dport :1024 nao deveria bloquear o ssh?