start)
echo 1 > /proc/sys/net/ipv4/ip_forward
#Filtragem de pacotes (0=desabilita 1 =habilita)
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done
#LIMPAR AS REGRAS
iptables -F
iptables -F -t nat
#Iniciando os modulos
modprobe ip_tables
modprobe iptable_filter
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe iptable_nat
modprobe ipt_limit
modprobe ipt_REJECT
################## CHAIN INPUT PACOTES COM DESTINO AO FIREWALL#######
#########################BEGIN INPUT#################################
iptables -P INPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -mstate --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3580 -j ACCEPT
#iptables -A INPUT -p tcp -m multiport --dports 22345,5900,3580 -j ACCEPT
#iptables -A INPUT -i eth0 -f -j DROP
##################### END INPUT#####################################
########CHAIN OUTPUT - Pacotes originados na maquina firewall######
###########################BEGIN OUTPUT############################
iptables -P OUTPUT ACCEPT
###########################END OUTPUT##############################
########Chain FORWARD - Pacotes que atravessao a maquina firewall##
########################### BEGIN FORWARD #########################
iptables -P FORWARD ACCEPT
# Habilitando comunicacao entre as placas de redes
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
iptables -A FORWARD -p tcp -m multiport --dports 22345 -j ACCEPT
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.102.0/24 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#SRV1
iptables -t nat -A PREROUTING -d 200.200.200.3 -j DNAT --to 192.168.102.15
;;
stop)
echo "Shutting down %s: " "iptables"
#LIMPAR AS REGRAS
iptables -F
iptables -F -t nat
iptables -F FORWARD
iptables -P INPUT ACCEPT
echo
;;
status)
iptables -L -n -v|less
;;
*)
echo "Usar: $0 {start|stop|status}"
exit 1
esac
exit 0