#!/bin/bash
# Write by Vinicius Costa Carvalho
# Ips e Mac Address
# cliente - joao
ADDR[1]=192.168.200.12
MAC[1]="00:16:EC:21:B5:1E"
# Servidor - ETH0
SERVER_ETH0=192.168.200.254
SERVER_MAC0="00:83:08:00:ED:68"
# Servidor - ETH1
SERVER_ETH1="192.168.0.1"
SERVER_MAC1="00:15:F2:D6:A4:DE"
IPS=1
case "$1" in
start)
echo "Iniciando o filtro";
sleep 1
iptables -t filter -F
echo "Alterando regras padroes";
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
echo "Ativando regras para o servidor";
# Server lo
iptables -t filter -A FORWARD -i lo -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
# Server eth0
iptables -t filter -A FORWARD -i eth0 -s $SERVER_ETH0 -m mac --mac-source $SERVER_MAC0 -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -d $SERVER_ETH0 -j ACCEPT
iptables -t filter -A INPUT -i eth0 -s $SERVER_ETH0 -m mac --mac-source $SERVER_MAC0 -j ACCEPT
sleep 1
# Server eth1
iptables -t filter -A FORWARD -i eth1 -s $SERVER_ETH1 -m mac --mac-source $SERVER_MAC1 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -d $SERVER_ETH1 -j ACCEPT
iptables -t filter -A INPUT -i eth1 -s $SERVER_ETH1 -m mac --mac-source $SERVER_MAC1 -j ACCEPT
sleep 1
echo "Ativando regras para usuarios";
for ((i=1;i<=$IPS;i++))
do
{
iptables -t filter -A FORWARD -i eth0 -s ${ADDR[i]} -m mac --mac-source ${MAC[i]} -j ACCEPT
iptables -t filter -A FORWARD -d ${ADDR[i]} -j ACCEPT
iptables -t filter -A INPUT -i eth0 -s ${ADDR[i]} -m mac --mac-source ${MAC[i]} -j ACCEPT
iptables -t nat -A POSTROUTING -s ${ADDR[i]} -o eth1 -j MASQUERADE
echo "Regras de filtro ativadas!";
}
done
;;
stop)
echo "Parando o filtro";
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
# Se voce usa alguma outra regra na table filter cuidado com esta regra abaixo.
iptables -t filter -F
for ((i=1;i<=$IPS;i++))
do
{
iptables -t nat -D POSTROUTING -s ${ADDR[i]} -o eth1 -j MASQUERADE
}
done
;;
restart)
$0 stop
sleep 2
$0 start
;;
*)
echo "Opcao incorreta!";
;;
esac