#Variaveis
LAN=192.168.0.0/24
#Ativar modulos
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_nat_ftp
#Zerar regras
iptables -F
iptables -t nat -F
#Alterar policiamento
iptables -P INPUT DROP
iptables -P FORWARD DROP
#Compartilhar a conexao
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
#Proteger contra syn flood
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#Proxy transparente
iptables -t nat -A PREROUTING -i eth1 -s $LAN -p tcp --dport 80 -j REDIRECT --to-port 3128
#### Regras de INPUT
#Entrar somente o que deve
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#SSH interno
iptables -A INPUT -i eth1 -s $LAN -p tcp --syn --dport 22 -j ACCEPT
#SQUID interno
iptables -A INPUT -i eth1 -s $LAN -p tcp --dport 3128 -j ACCEPT
#WEB interno
iptables -A INPUT -i eth1 -s $LAN -p tcp --dport 80 -j ACCEPT
#Tomcat interno
iptables -A INPUT -i eth1 -s $LAN -p tcp --dport 8080 -j ACCEPT
#PING interno
iptables -A INPUT -i eth1 -s $LAN -p icmp -j ACCEPT
#### Regras de FORWARD
#Passar somente o que precisa
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#DNS
iptables -A FORWARD -o eth0 -s $LAN -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -o eth0 -s $LAN -p udp --dport 53 -j ACCEPT
#WEB
iptables -A FORWARD -o eth0 -s $LAN -p tcp --dport 80 -j ACCEPT
#HTTPS
iptables -A FORWARD -o eth0 -s $LAN -p tcp --dport 443 -j ACCEPT
#FTP
iptables -A FORWARD -o eth0 -s $LAN -p tcp --dport 21 -j ACCEPT
#SSH
iptables -A FORWARD -o eth0 -s $LAN -p tcp --syn --dport 22 -j ACCEPT
#Mensagens Claro
iptables -A FORWARD -o eth0 -s $LAN -p tcp --dport 5005 -j ACCEPT
#MSN
iptables -A FORWARD -o eth0 -s 192.168.0.129 -p tcp --dport 1863 -j ACCEPT
#Ping pra fora
iptables -A FORWARD -o eth0 -s $LAN -p icmp -j ACCEPT
echo "Regras aplicadas com sucesso!"