+ Responder ao Tópico



  1. #1
    silvy
    O meu script e este


    #!/bin/bash

    # (1) Policies (default)
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    #Carrega módulos
    modprobe ip_tables
    modprobe iptables_nat

    # (2) User-defined chain for ACCEPTed TCP packets
    iptables -N okay
    iptables -A okay -p TCP --syn -j ACCEPT
    iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A okay -p TCP -j DROP

    # (3) INPUT chain rules

    # Rules for incoming packets from LAN
    iptables -A INPUT -p ALL -i eth1 -s 192.163.1.0/8 -j ACCEPT
    iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
    iptables -A INPUT -p ALL -i lo -s 192.163.1.3 -j ACCEPT
    iptables -A INPUT -p ALL -i lo -s 10.0.0.1 -j ACCEPT
    iptables -A INPUT -p ALL -i eth1 -d 192.163.1.255 -j ACCEPT

    # Rules for incoming packets from the Internet


    # Packets for established connections
    iptables -A INPUT -p ALL -d 10.0.0.1 -m state --state ESTABLISHED,RELATED -j ACCEPT

    # TCP rules
    iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 21 -j okay
    iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 22 -j okay
    iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 80 -j okay
    iptables -A INPUT -p TCP -i eth1 -s 0/0 --destination-port 113 -j okay

    # UDP rules
    iptables -A INPUT -p UDP -i eth1 -s 0/0 --destination-port 53 -j ACCEPT
    iptables -A INPUT -p UDP -i eth1 -s 0/0 --destination-port 2074 -j ACCEPT
    iptables -A INPUT -p UDP -i eth1 -s 0/0 --destination-port 4000 -j ACCEPT

    # ICMP rules
    iptables -A INPUT -p ICMP -i eth1 -s 0/0 --icmp-type 8 -j ACCEPT
    iptables -A INPUT -p ICMP -i eth1 -s 0/0 --icmp-type 11 -j ACCEPT

    # (4) FORWARD chain rules
    # Accept the packets we want to forward
    iptables -A FORWARD -i eth0 -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    # (5) OUTPUT chain rules
    # Only output packets with local addresses (no spoofing)
    iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
    iptables -A OUTPUT -p ALL -s 192.163.1.3 -j ACCEPT
    iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCEPT

    # (6) POSTROUTING chain rules
    iptables -t nat -F
    modprobe iptable_nat
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.0.0.1
    echo 1 > /proc/sys/net/ipv4/ip_forward

    mais uma vez obrigado silvia

  2. #2
    felco
    Me parece que esse script foi copiado de algum lugar...

    Faz o seguinte roda esse script:

    Código :
    #!/bin/sh
     
    $iptables -F INPUT
    $iptables -F OUTPUT
    $iptables -P INPUT DROP
    $iptables -P OUTPUT ACCEPT
    $iptables -t nat -F PREROUTING
    $iptables -t nat -F POSTROUTING
     
    $iptables -A INPUT -i lo -j ACCEPT
    $iptables -A OUTPUT -o lo -j ACCEPT
     
    $iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
     
    $iptables -A INPUT -p tcp --dport 22 -j ACCEPT
     
    $iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

    Olha so... vc tem que alter aonde esta eth0 para sua interface que esta recebendo o link Internet






Tópicos Similares

  1. script bash
    Por 1c3m4n no fórum Linguagens de Programação
    Respostas: 1
    Último Post: 14-11-2002, 08:29
  2. script de logon
    Por 1c3m4n no fórum Servidores de Rede
    Respostas: 8
    Último Post: 05-11-2002, 18:34
  3. Vejam esse script firewall/nat, aonde tá o erro?
    Por no fórum Servidores de Rede
    Respostas: 5
    Último Post: 02-11-2002, 21:47
  4. Script de conexão para o Samba
    Por ebonder no fórum Servidores de Rede
    Respostas: 4
    Último Post: 30-09-2002, 15:24
  5. scripts para logs do Radius
    Por dboom no fórum Servidores de Rede
    Respostas: 1
    Último Post: 15-09-2002, 15:00

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L