#!/bin/bash
# IPs e MAC-Address
# Viny-note
ADDR[1]=192.168.200.140
MAC[1]="00:13:CE:29:57:79"
# Servidor - ETH0
ADDR[2]=192.168.200.254
MAC[2]="00:83:08:00:ED:68"
# Servidor - ETH1
SERVER_ETH1="192.168.0.1"
SERVER_MAC1="00:15:F2:D6:A4:DE"
# Total de IPs - Menos o IP do "Servidor - ETH1"
IPS=2
case "$1" in
start)
echo "Iniciando o filtro";
sleep 1
iptables -t filter -F
echo "Alterando regras padroes";
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
echo "Ativando regras para o servidor";
# Server lo
iptables -t filter -A FORWARD -i lo -j ACCEPT
iptables -t filter -A FORWARD -i -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
# Server eth1 - Coloquei aqui pois a eth1 não vai utilizar a regra do POSTROUTING
iptables -t filter -A FORWARD -i eth1 -s $SERVER_ETH1 -m mac --mac-source $SERVER_MAC1 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -d $SERVER_ETH1 -j ACCEPT
iptables -t filter -A INPUT -i eth1 -s $SERVER_ETH1 -m mac --mac-source $SERVER_MAC1 -j ACCEPT
sleep 1
echo "Ativando regras para usuarios";
for ((i=1;i<=$IPS;i++))
do
{
iptables -t filter -A FORWARD -i eth0 -s ${ADDR[i]} -m mac --mac-source ${MAC[i]} -j ACCEPT
iptables -t filter -A FORWARD -d ${ADDR[i]} -j ACCEPT
iptables -t filter -A INPUT -i eth0 -s ${ADDR[i]} -m mac --mac-source ${MAC[i]} -j ACCEPT
iptables -t nat -A POSTROUTING -s ${ADDR[i]} -o eth1 -j MASQUERADE
echo "Regras de filtro ativadas com sucesso!";
}
done
;;
stop)
echo "Parando o filtro";
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -F
for ((i=1;1<=$IPS;i++))
do
{
iptables -t nat -D POSTROUTING -s ${ADDR[i]} -o eth1 -j MASQUERADE
}
done
;;
restart)
$0 stop
sleep 2
$0 start
;;
*)
echo "Opcao incorreta!";
echo "Utilize (start) (stop) ou (restart)";
;;
esac
Script para filtro - amarrando IP e Mac.
Citação