# * eth0: rede externa (internet) *
# * eth1: rede interna (nvfra.net) *
IPTABLES="/sbin/iptables"
INTERNAL_INTERFACE="eth1"
EXTERNAL_INTERFACE_1="eth0"
EXTERNAL_INTERFACE_2="eth1"
LAN="192.168.2.1/24"
echo "1" > /proc/sys/net/ipv4/ip_forward
# -=- [ Carrega o Modulos ] -=-
modprobe ip_tables
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe iptable_nat
modprobe iptable_filter
modprobe ip_conntrack
modprobe ipt_LOG
modprobe ipt_state
modprobe ipt_MASQUERADE
# -=- [ Apaga todas as resgras do Firewall ] -=-
$IPTABLES -F
$IPTABLES -Z
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
# -=- [ Regras Gerais do Firewall ] -=-
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -i $INTERNAL_INTERFACE -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE_1 -s 192.168.2.1/24 -j MASQUERADE
$IPTABLES -A FORWARD -p tcp -s 192.168.2.1/24 --dport 25 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s 192.168.2.1/24 --dport 110 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT