echo > "Iniciando o Script de Firewall"
# Binario do IPTABLES
iptables=/usr/sbin/iptables
#limpando tabelas
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# iptables -P FORWARD DROP
# Regra para Liberar Acesso ao SSH
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT
# Regra para liberar o compartilhamento da internet
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#Protecoes contra ataques
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
# Protecao contra port scanners ocultos
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j DROP
#Protecao contra Syn-floods
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#Protecoes contra ataques
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
# Protecao contra port scanners ocultos
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
# Bloqueando tracertroute
iptables -A INPUT -p udp -s 0/0 -i eth0 --dport 33435:33525 -j DROP
#Protecao contra Syn-floods
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#Protecao contra port scanners ocultos
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#Protecao contra ping da morte
# iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# Regras para abrir as portar utlilizadas no outlook
iptables -A INPUT -p tcp -s 200.x.x.x --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 200.x.x.x--dport 110 -j ACCEPT
# Regra de redirecionameto da porta 3389 - Terminal Server
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3389 -j DNAT --to 192.168.1.0:3389
iptables -t nat -A POSTROUTING -s 0/0 -p tcp --dport 3389 -d 192.168.1.0 -j ACCEPT
echo > "Firewall [OK]"