- barrando o msn no FC4
+ Responder ao Tópico
-
barrando o msn no FC4
Antes eu usava o Red Hat 7.3 e barrava sem problemas o MSN mas agora com essa distro aee não barra o que tem que colocar mais pra ser barrado
Esse é meu firewall
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe iptable_nat
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
#Regra de NAT
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
#sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss -mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
# bloqueia os indesejaveis
/sbin/iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
# Protecao contra trinoo
/sbin/iptables -N TRINOO
/sbin/iptables -A TRINOO -j DROP
/sbin/iptables -A INPUT -p TCP -i eth1 --dport 27444 -j TRINOO
/sbin/iptables -A INPUT -p TCP -i eth1 --dport 27665 -j TRINOO
/sbin/iptables -A INPUT -p TCP -i eth1 --dport 31335 -j TRINOO
/sbin/iptables -A INPUT -p TCP -i eth1 --dport 34555 -j TRINOO
/sbin/iptables -A INPUT -p TCP -i eth1 --dport 35555 -j TRINOO
# Protecao contra worms
/sbin/iptables -A FORWARD -p tcp --dport 135 -i eth1 -j REJECT
# Protecao contra syn-flood
/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT
# Protecao contra ping da morte
/sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# Protecao contra port scanners
/sbin/iptables -N SCANNER
/sbin/iptables -A SCANNER -j DROP
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,SYN -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -i eth1 -j SCANNER
/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -i eth1 -j SCANNER
# Bloquear Napster
/sbin/iptables -A FORWARD -d 64.124.41.0/24 -j REJECT
# Bloquear Bearshare
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT
# Bloquear IMesh
/sbin/iptables -A FORWARD -d 216.35.208.0/24 -j REJECT
# Bloquear ToadNode
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT
# Bloquear WinMX
/sbin/iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
/sbin/iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
# Bloquear Napigator
/sbin/iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
# Bloquear Morpheus
/sbin/iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
/sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT
# Bloquear KaZaA
/sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
/sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT
# Bloquear Limewire
/sbin/iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#Bloquear Audiogalaxy
/sbin/iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
# Bloquear AIM
/sbin/iptables -A FORWARD --dport 5190 -j REJECT
# Bloquear ICQ
/sbin/iptables -A FORWARD -p TCP --dport 5190 -j REJECT
/sbin/iptables -A FORWARD -d login.icq.com -j REJECT
#Bloquear MSN Messenger
/sbin/iptables -A FORWARD -p TCP --dport 1863 -j DROP
/sbin/iptables -A FORWARD -d 64.4.13.0/24 -j REJECT
/sbin/iptables -A FORWARD -s 192.168.21.0/24 -p tcp --dport 1863 -j REJECT
/sbin/iptables -A FORWARD -s 192.168.21.0/24 -d loginnet.passport.com -j REJECT
#Bloquear Yahoo Messenger
/sbin/iptables -A FORWARD -d cs.yahoo.com -j REJECT
/sbin/iptables -A FORWARD -b scsa.yahoo.com -j REJECT
#Regras de entrada
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 1433 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
/sbin/iptables -A INPUT -s 192.168.21.0/24 -j ACCEPT
#Regras de passagem
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -s 192.168.21.0/24 -j ACCEPT
Então o MSN .. da uma demorada mas acessa alguem aee que usao FC4 pode me dar uma força ou que estava com o problema e ja achou onde tem a virgula que falta :clap:
-
Re: barrando o msn no FC4
Você tem proxy na rede?
Se tiver o msn conecta pelo proxy (porta 80).
[]s