#chkconfig: 30 10 06
#
#description: Carregar regras do Firewall
#
#processname: firewall
#pidfile: /var/run/firewall.pid
#config: /etc/rc.d/init.d/firewall
#probe:true
#
#-----------------------------------------------------------------------------#

case "$1" in
start)
echo -e "\nIniciando o FIREWALL...\n"

iptables -t nat -F
iptables -t mangle -F
iptables -t filter -F
iptables -X
iptables -Z
echo "--> Limpeza de regras pre-existentes                             [ OK ]"

#-----------------------------Definindo Policies------------------------------#

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
echo "--> Definicao das policies                                       [ OK ]"

#----------------------------Definindo roteamento-----------------------------#

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "--> Definicao de roteamento entre redes                          [ OK ]"

#-------------------------Habilita Modulos do Kernel--------------------------#

modprobe iptable_nat
modprobe iptable_filter
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_MASQUERADE
modprobe ipt_LOG
echo "--> Carga dos modulos do Kernel                                  [ OK ]"

#----------------------------- Tabela FILTER ---------------------------------#

## CHAIN INPUT
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -i eth1 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT
echo "--> Carga das regras da Tabela FILTER:INPUT                      [ OK ]"

#---------------------------------Tabela NAT----------------------------------#

# Bloqueia Acesso a sites proibidos que utilizam a porta 443
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d www.orkut.com -p tcp -m tcp --dport 443 -j DROP
# Proxy Transparente
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# Nega tentativas de conexao na porta 80
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp -m tcp --dport 80 -j DROP

# Ativa o mascaramento
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

echo "--> Carga das regras da Tabela NAT                               [ OK ]"

#-----------------------------Atualizando status------------------------------#

$IPTSAVE > /var/firewall/last-state/firewall
echo

#-----------------------------------------------------------------------------#
;;
stop)
  echo -e "\nDescarregando FIREWALL e configurando Chains para ACCEPT\n"
  echo "1" > /proc/sys/net/ipv4/ip_forward

#-----------------------------Limpando as Tabelas-----------------------------#

iptables -t mangle -F
iptables -t filter -F
iptables -X
iptables -Z

#-----------------------------Definindo Policies------------------------------#

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#-----------------------------Atualizando status------------------------------#

iptables-save > /var/firewall/last-state/firewall

;;
restart)
  $0 stop
  $0 start
;;
status)
#iptables -L |less
iptables-save > /var/firewall/last-state/firewall
cat /var/firewall/last-state/firewall |less
;;
*)
  echo "Sintaxe: firewall {start|stop|status}"
  exit 1
esac
exit 0

Nenhum coment�rio foi encontrado.