O meu samba, se nao coloco este argumento ele simplismente nao funciona, e colocando este argumento libera algumas portas muito indesejaveis.
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
Vou colocar o meu firewall, quem tiver uma sugestao, por favor, seja bem vindo.
echo
echo
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
echo "@@@ CONFIGURACAO DO FIREWALL @@@@@@@@@@"
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
echo
echo
echo " LIMPANDO AS REGRAS DO IPTABLES ------------------------ OK"
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
echo " DEFININDO POLITICA DE REGRAS DO IPTABLES -------------- OK"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
echo " REDEFININDO AS REGRAS --------------------------------- OK"
echo " LIBERANDO ACESSO AO SERVIDOR -------------------------- OK"
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 0/0 -p udp -m multiport --sport 53 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp -m multiport --sport 25,80,110,443 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp -m multiport --dport 25,80,110,443 -j ACCEPT
echo " LIBERANDO ACESSO A REDE LOCAL ------------------------- OK"
#### NESTE CASO A MINHA REDE INTERNA (LAN) PERTENCE A INTERFACE ETH2 E MINHA REDE EXTERNA (WAN) A INTERFACE ETH1 ###
iptables -A FORWARD -d www.orkut.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d orkut.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP
iptables -A FORWARD -d messenger.hotmail.com -j DROP
iptables -A FORWARD -d loginnet.passport.com -j DROP
iptables -A FORWARD -d login.passport.net -j DROP
iptables -A FORWARD -d login.icq.com -j DROP
iptables -A INPUT -i eth2 -p tcp -m multiport --dport 80,22,23,25,110,137,138,139,443,445,3128 -j ACCEPT
iptables -A INPUT -i eth2 -p tcp -m multiport --sport 80,22,23,25,110,137,138,139,443,445,3128 -j ACCEPT
#=========================================================================================
iptables -A FORWARD -d gateway.messenger.hotmail.com -j DROP
iptables -A FORWARD -d messenger.hotmail.com -j DROP
iptables -A FORWARD -d login.passport.net -j DROP
iptables -A FORWARD -d loginnet.passport.com -j DROP
iptables -A FORWARD -d login.icq.com -j DROP
iptables -A FORWARD -i eth2 -p tcp -m multiport --dport 80,22,23,25,110,137,138,139,443,445,3128 -j ACCEPT
iptables -A FORWARD -s 0/0 -p tcp -m multiport --sport 80,25,110,443,3128 -j ACCEPT
#=========================================================================================
iptables -A FORWARD -s 0/0 -p udp -m multiport --sport 53 -j ACCEPT
iptables -A FORWARD -i eth2 -p udp -m multiport --dport 53,137,138,139,445 -j ACCEPT
#### LIBERAÇÃO DE SOCKETS #####
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
#### DESCOMENTEM ESTA LINHA CASO SEJA NECESSARIO
##################################################################
##################################################################
##################################################################
echo " COMPARTILHAMENTO DA INTERNET, MASCARAMENTO ------------ OK"
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
#################################################
###### PROXY TRANSPARENTE #############
#################################################
echo " PERMITINDO PROXY TRANSPARENTE ------------------------- OK"
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
#################################################
#################################################
echo " PERMITINDO REDIRECIONAMENTO DE PACOTES ---------------- OK"
echo 1 >/proc/sys/net/ipv4/ip_forward
echo
echo
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo "@@@ TERMINO DA CONFIGURAÇÃO @@@"
echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
echo
echo