#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe iptables_nat
insmod ip_conntrack_ftp
insmod ip_nat_ftp
# Limpa tabela
#iptables -F
# Fecha tudo
iptables -P INPUT DROP
#iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Proteção contra ping suspeito
iptables -A FORWARD -m unclean -j DROP
# Contra ping
iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
# Contra ping of death
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# Contra syn-floods
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
# Contra port scanners
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST -m limit --limit 1/s -j ACCEPT
# Mascaramento
iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
# Liberando portas
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 22 -j ACCEPT