+ Responder ao Tópico



  1. 10-11-2005, 14:26 #1
    silmar
    Visitante

    Padrão barrando o msn no FC4

    Antes eu usava o Red Hat 7.3 e barrava sem problemas o MSN mas agora com essa distro aee não barra o que tem que colocar mais pra ser barrado


    Esse é meu firewall

    /sbin/modprobe ip_nat_ftp
    /sbin/modprobe ip_conntrack_ftp
    /sbin/modprobe iptable_nat

    /sbin/iptables -F INPUT
    /sbin/iptables -F FORWARD
    /sbin/iptables -F OUTPUT
    /sbin/iptables -t nat -F POSTROUTING
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P FORWARD DROP

    #Regra de NAT
    /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
    #sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss -mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu

    # bloqueia os indesejaveis
    /sbin/iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP

    # Protecao contra trinoo
    /sbin/iptables -N TRINOO
    /sbin/iptables -A TRINOO -j DROP
    /sbin/iptables -A INPUT -p TCP -i eth1 --dport 27444 -j TRINOO
    /sbin/iptables -A INPUT -p TCP -i eth1 --dport 27665 -j TRINOO
    /sbin/iptables -A INPUT -p TCP -i eth1 --dport 31335 -j TRINOO
    /sbin/iptables -A INPUT -p TCP -i eth1 --dport 34555 -j TRINOO
    /sbin/iptables -A INPUT -p TCP -i eth1 --dport 35555 -j TRINOO

    # Protecao contra worms
    /sbin/iptables -A FORWARD -p tcp --dport 135 -i eth1 -j REJECT

    # Protecao contra syn-flood
    /sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT

    # Protecao contra ping da morte
    /sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT


    # Protecao contra port scanners
    /sbin/iptables -N SCANNER
    /sbin/iptables -A SCANNER -j DROP
    /sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i eth1 -j SCANNER
    /sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i eth1 -j SCANNER


    # Bloquear Napster
    /sbin/iptables -A FORWARD -d 64.124.41.0/24 -j REJECT

    # Bloquear Bearshare
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT

    # Bloquear IMesh
    /sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT

    # Bloquear ToadNode
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT

    # Bloquear WinMX
    /sbin/iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
    /sbin/iptables -A FORWARD -d 64.49.201.0/24 -j REJECT

    # Bloquear Napigator
    /sbin/iptables -A FORWARD -d 209.25.178.0/24 -j REJECT

    # Bloquear Morpheus
    /sbin/iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
    /sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT

    # Bloquear KaZaA
    /sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
    /sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT

    # Bloquear Limewire
    /sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT

    #Bloquear Audiogalaxy
    /sbin/iptables -A FORWARD -d 64.245.58.0/23 -j REJECT

    # Bloquear AIM
    /sbin/iptables -A FORWARD --dport 5190 -j REJECT


    # Bloquear ICQ
    /sbin/iptables -A FORWARD -p TCP --dport 5190 -j REJECT
    /sbin/iptables -A FORWARD -d login.icq.com -j REJECT

    #Bloquear MSN Messenger
    /sbin/iptables -A FORWARD -p TCP --dport 1863 -j DROP
    /sbin/iptables -A FORWARD -d 64.4.13.0/24 -j REJECT
    /sbin/iptables -A FORWARD -s 192.168.21.0/24 -p tcp --dport 1863 -j REJECT
    /sbin/iptables -A FORWARD -s 192.168.21.0/24 -d loginnet.passport.com -j REJECT

    #Bloquear Yahoo Messenger
    /sbin/iptables -A FORWARD -d cs.yahoo.com -j REJECT
    /sbin/iptables -A FORWARD -b scsa.yahoo.com -j REJECT


    #Regras de entrada
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 1433 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
    /sbin/iptables -A INPUT -s 192.168.21.0/24 -j ACCEPT

    #Regras de passagem
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A FORWARD -s 192.168.21.0/24 -j ACCEPT



    Então o MSN .. da uma demorada mas acessa alguem aee que usao FC4 pode me dar uma força ou que estava com o problema e ja achou onde tem a virgula que falta :clap:
    Citação Citação
  2. 07-08-2006, 13:21 #2
    cristianff
    cristianff está desconectado
    Avatar de cristianff
    Ingresso
    May 2003
    Posts
    314
    Posts de Blog
    1

    Padrão Re: barrando o msn no FC4

    Você tem proxy na rede?
    Se tiver o msn conecta pelo proxy (porta 80).

    []s
    Citação Citação



« Tópico Anterior | Próximo Tópico »