Firewall
Publicado por Charles Silva 21/09/2006
[ Hits: 9.181 ]
Homepage: www.charlessilva.com.br
Esse firewall é super seguro. Algumas coisas coisas estão comentadas e as interfaces têm que ser modificadas para aquelas que você usa.
#!/bin/sh # ############################################ # # Script Firewall - Versao 1.0 # Atualizado 20/06/2006 - Charles Silva # ############################################# echo "Starting Firewall..." ################################# # DEFINICAO DE VARIAVEIS: ################################# IPTABLES="/usr/local/sbin/iptables" # Interfaces: #IFACE_EXTERNA="Whan0" #IFACE_INTERNA="eth1" LO_IFACE="lo" # Redes: REDE_INTERNA="192.168.0.0/24" #IP_PROVEDOR="192.168.0.1" ################################################# # LIMPANDO AS CHAINS E SETANDO A POLITICA PADRAO ################################################# # Seta a politica padrao da tabela filter: $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP # Seta a politica padrao na tabela NAT: $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT # Limpa as regras nas tabelas filter e nat: $IPTABLES -F $IPTABLES -t nat -F # Apaga qualquer chain fora do padrao nas tabelas filter e NAT: $IPTABLES -X $IPTABLES -t nat -X ################################################### # Permitindo trafego no loopback e nas interfaces: ################################################### $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -i $IFACE_INTERNA -s $REDE_INTERNA -j ACCEPT ########################################### # Logdrop - loga todos pacotes dropados: ########################################### $IPTABLES -N logdrop $IPTABLES -A logdrop -j LOG --log-level WARN --log-prefix "[logdrop] " $IPTABLES -A logdrop -j DROP ##################################################### # Regras para dropar e logar scanners do tipo xmas: ##################################################### $IPTABLES -N logxmas $IPTABLES -A logxmas -j LOG --log-level WARN --log-prefix "[xmas_scanners] " $IPTABLES -A logxmas -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,FIN ######################################################## $IPTABLES -N logsynfin $IPTABLES -A logsynfin -j LOG --log-level WARN --log-prefix "[SYN FIN scanners] " $IPTABLES -A logsynfin -j DROP ######################################################## # Regras para dropar e logar scanners do tipo SYN,RST ######################################################## $IPTABLES -N logsynrst $IPTABLES -A logsynrst -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logsynrst -j DROP ######################################################################################## # Regras para dropar e logar scanners que ativam o bit FIN sem estabelecer uma conexao: ######################################################################################## $IPTABLES -N logfin $IPTABLES -A logfin -j LOG --log-level WARN --log-prefix "[FIN scanners] " $IPTABLES -A logfin -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo que ativam todas as flags TCP: ############################################################################# $IPTABLES -N logalltcp $IPTABLES -A logalltcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A logalltcp -j DROP ############################################################################# # Regras para dropar e logar scanners do tipo nao ativam nenhuma flag TCP: ############################################################################# $IPTABLES -N lognonetcp $IPTABLES -A lognonetcp -j LOG --log-level WARN --log-prefix "[SYN RST scanners] " $IPTABLES -A lognonetcp -j DROP ######################################################################### # Rule allowed - for TCP connections # # This chain will be utilised if someone tries to connect to an allowed # port from the internet. If they are opening the connection, or if it's # already established we ACCEPT the packages, if not we fuck them. This is # where the state matching is performed also, we allow ESTABLISHED and # RELATED packets. $IPTABLES -N allowed #$IPTABLES -A allowed -p TCP --syn -m limit --limit 1/s -j ACCEPT $IPTABLES -A allowed -p TCP --syn -j ACCEPT $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A allowed -p TCP -j logdrop ######################################################################### # Watch - loga pacotes suspeitos $IPTABLES -N watch #$IPTABLES -A watch -s 192.168.0.2 -j ACCEPT $IPTABLES -A watch -j LOG --log-level WARN --log-prefix "[watch] " $IPTABLES -A watch -j ACCEPT ######################################################################### # Scanners - loga tentativas de scanners na rede # Loga e bloqueia scanners do tipo Xmas Portscanner: $IPTABLES -N xmas_scanner $IPTABLES -A xmas_scanner -p TCP --tcp-flags ALL FIN,URG,PSH -m limit --limit 7/s --limit-burst 3 -j logxmas # Loga e bloqueia scanners do tipo que ativa os bits SYN e FIN: $IPTABLES -N synfin_scanner $IPTABLES -A synfin_scanner -p TCP --tcp-flags ALL SYN,FIN -m limit --limit 7/s --limit-burst 3 -j logsynfin # Loga e bloqueia scanners do tipo que ativa os bits SYN e RST: $IPTABLES -N synrst_scanner $IPTABLES -A synrst_scanner -p TCP --tcp-flags SYN,RST SYN,RST -m limit --limit 7/s --limit-burst 3 -j logsynrst # Loga e bloqueia scanners do tipo que ativa o bit FIN sem estabelecer uma conexao: $IPTABLES -N fin_scanner $IPTABLES -A fin_scanner -p TCP --tcp-flags ALL FIN -m limit --limit 7/s --limit-burst 3 -m state --state ! ESTABLISHED -j logfin # Loga e bloqueia scanners do tipo que ativa todas flags TCP: $IPTABLES -N alltcp_scanner $IPTABLES -A alltcp_scanner -p TCP --tcp-flags ALL ALL -m limit --limit 7/s --limit-burst 3 -j logalltcp # Loga e bloqueia scanners do tipo que nao ativa nenhuma flag TCP: $IPTABLES -N nonetcp_scanner $IPTABLES -A nonetcp_scanner -p TCP --tcp-flags ALL NONE -m limit --limit 7/s --limit-burst 3 -j lognonetcp ######################################################################### # icmptrap - para pacotes ICMP: $IPTABLES -N icmptrap $IPTABLES -A icmptrap -p icmp --icmp-type echo-reply -j ACCEPT $IPTABLES -A icmptrap -p icmp --icmp-type destination-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type protocol-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type port-unreachable -j DROP $IPTABLES -A icmptrap -p icmp --icmp-type fragmentation-needed -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-route-failed -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-unknown -j watch $IPTABLES -A icmptrap -p icmp --icmp-type network-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-unreachable -j watch $IPTABLES -A icmptrap -p icmp --icmp-type communication-prohibited -j watch $IPTABLES -A icmptrap -p icmp --icmp-type host-precedence-violation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type precedence-cutoff -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type source-quench -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-network-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type TOS-host-redirect -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type echo-request -j watch $IPTABLES -A icmptrap -p icmp --icmp-type router-advertisement -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type router-solicitation -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type time-exceeded -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-transit -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ttl-zero-during-reassembly -j watch $IPTABLES -A icmptrap -p icmp --icmp-type parameter-problem -j watch $IPTABLES -A icmptrap -p icmp --icmp-type ip-header-bad -j watch $IPTABLES -A icmptrap -p icmp --icmp-type required-option-missing -j watch $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type timestamp-reply -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-request -j logdrop $IPTABLES -A icmptrap -p icmp --icmp-type address-mask-reply -j logdrop ######################################################################### # dropiana - dropa IP's nao liberados pela IANA(RFC1918,RFC3330) e redes reservadas $IPTABLES -N dropiana $IPTABLES -A dropiana -s 0.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 1.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 2.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 5.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 10.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 23.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 27.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 31.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 36.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 37.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 39.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 41.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 42.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 58.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 59.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 60.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 71.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 88.0.0.0/5 -j logdrop $IPTABLES -A dropiana -s 96.0.0.0/3 -j logdrop $IPTABLES -A dropiana -s 128.0.0.0/16 -j logdrop $IPTABLES -A dropiana -s 172.16.0.0/12 -j logdrop $IPTABLES -A dropiana -s 191.255.0.0/16 -j logdrop $IPTABLES -A dropiana -s 192.31.196.0/24 -j logdrop $IPTABLES -A dropiana -s 192.52.193.0/24 -j logdrop $IPTABLES -A dropiana -s 192.67.23.0/24 -j logdrop $IPTABLES -A dropiana -s 192.68.185.0/24 -j logdrop $IPTABLES -A dropiana -s 192.70.192.0/21 -j logdrop $IPTABLES -A dropiana -s 192.70.201.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.77.0/24 -j logdrop $IPTABLES -A dropiana -s 192.94.78.0/24 -j logdrop $IPTABLES -A dropiana -s 192.97.38.0/24 -j logdrop $IPTABLES -A dropiana -s 192.168.0.0/16 -j logdrop $IPTABLES -A dropiana -s 197.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 221.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 222.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 223.0.0.0/8 -j logdrop $IPTABLES -A dropiana -s 224.0.0.0/4 -j logdrop $IPTABLES -A dropiana -s 240.0.0.0/4 -j logdrop ######################################################################### # Rule safe - apenas para chamar a dropiana e a icmptrap # Create safe rule $IPTABLES -N safe # Call todas regras de scanners $IPTABLES -A safe -j xmas_scanner $IPTABLES -A safe -j synfin_scanner $IPTABLES -A safe -j synrst_scanner $IPTABLES -A safe -j fin_scanner $IPTABLES -A safe -j alltcp_scanner $IPTABLES -A safe -j nonetcp_scanner # ICMP packets $IPTABLES -A safe -p ICMP -j icmptrap # Call dropiana $IPTABLES -A safe -j dropiana # Call INPUT Safe $IPTABLES -A INPUT -j safe ######################################################################### # Regras especificas para Rede Interna # Pacotes que entram na rede $IPTABLES -N main-in # Pacotes que saem da rede $IPTABLES -N main-out ################################ # REGRAS GERAIS P/ REDE INTERNA ################################ ############################# # Libera DNS p/ rede interna ############################# $IPTABLES -A main-in -p UDP -i $IFACE_EXTERNA -s 0/0--sport 53 -j ACCEPT $IPTABLES -A main-out -p UDP -o $IFACE_EXTERNA -d 0/0 --dport 53 -j ACCEPT ################################ # Regra p/ Bloqueio da internet ################################ $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 80 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --dport 110 -j logdrop $IPTABLES -A main-in -p TCP -i $IFACE_INTERNA $REDE_INTERNA --sport 110 -j logdrop ######################## # SSH P/ outro usuario ######################## $IPTABLES -A main-in -p TCP -s 000.00.00.000 --dport 22 -j allowed $IPTABLES -A main-out -p TCP -d 000.00.000.000 --sport 22 -j allowed $IPTABLES -A INPUT -p TCP -s 0/0 --dport 22 -j logdrop ########################## # Libera NTP p/ servidor ########################## $IPTABLES -A INPUT -p UDP -i $IFACE_EXTERNA -s 200.144.121.33 --dport 123 -j ACCEPT $IPTABLES -A OUTPUT -p UDP -o $IFACE_EXTERNA -d 200.144.121.33 --sport 123 -j ACCEPT ################################################################ # Bloqueia qualquer servico conhecido para IPs da Rede Interna ################################################################ #1025/tcp listen $IPTABLES -A main-in -p TCP -s 0/0 --dport 1025 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1025 -j logdrop #1026 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1026 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1026 -j logdrop #1027 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1027 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1027 -j logdrop #1028 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1028 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1028 -j logdrop # KDEinit $IPTABLES -A main-in -p TCP -s 0/0 --dport 1029 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1029 -j logdrop #1030 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1030 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1030 -j logdrop #1031/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1031 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1031 -j logdrop #1032/udp iad1 $IPTABLES -A main-in -p TCP -s 0/0 --dport 1032 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1032 -j logdrop #1033/tcp netinfo $IPTABLES -A main-in -p TCP -s 0/0 --dport 1033 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1033 -j logdrop #1050/tcp java-or-OTGfileshare $IPTABLES -A main-in -p TCP -s 0/0 --dport 1050 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1050 -j logdrop #1059/tcp nimreg $IPTABLES -A main-in -p TCP -s 0/0 --dport 1059 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1059 -j logdrop # instl_boots $IPTABLES -A main-in -p TCP -s 0/0 --dport 1067 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1067 -j logdrop # SOCKS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1080 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1080 -j logdrop # MSSQL $IPTABLES -A main-in -p TCP -s 0/0 --dport 1433 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1433 -j logdrop # MSSQL-Monitor $IPTABLES -A main-in -p TCP -s 0/0 --dport 1434 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1434 -j logdrop # VPN $IPTABLES -A main-in -p TCP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --sport 1723 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 1083 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1083 -j logdrop #1812/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1812 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1812 -j logdrop #1813/RADIUS $IPTABLES -A main-in -p TCP -s 0/0 --dport 1813 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 1813 -j logdrop #2105/eklogin $IPTABLES -A main-in -p TCP -s 0/0 --dport 2105 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 2105 -j logdrop # Squid $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3128 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3128 -j logdrop # 3268 globalcatLDAP $IPTABLES -A main-in -p TCP -s 0/0 --dport 3268 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3268 -j logdrop # 3269 globalcatLDAPssl $IPTABLES -A main-in -p TCP -s 0/0 --dport 3269 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3269 -j logdrop # MySQL $IPTABLES -A INPUT -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A INPUT -p UDP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 3306 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3306 -j logdrop # Msdtc $IPTABLES -A main-in -p TCP -s 0/0 --dport 3372 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3372 -j logdrop # IISrpc-or-vat $IPTABLES -A main-in -p TCP -s 0/0 --dport 3456 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3456 -j logdrop # Terminal Server $IPTABLES -A main-in -p TCP -s 0/0 --dport 3389 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 3389 -j logdrop # RPC $IPTABLES -A main-in -p TCP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p TCP -d 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4444 -j logdrop $IPTABLES -A main-in -p UDP -d 0/0 --dport 4444 -j logdrop # Sae-Urn $IPTABLES -A main-in -p TCP -s 0/0 --dport 4500 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 4500 -j logdrop # VNC $IPTABLES -A main-in -p TCP -s 0/0 --dport 5900 -j logdrop # X $IPTABLES -A main-in -p TCP -s 0/0 --dport 6000 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 6000 -j logdrop # BACULA $IPTABLES -A main-in -p TCP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9101 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9102 -j logdrop $IPTABLES -A main-in -p TCP -s 0/0 --dport 9103 -j logdrop $IPTABLES -A main-in -p UDP -s 0/0 --dport 9103 -j logdrop ############################################################## # REGRAS PARA REDIRECIONAMENTO DE PACOTES - FORWARD ############################################################## # Libera acesso da Rede Interna para as outras redes: $IPTABLES -A FORWARD -i $IFACE_INTERNA -s $REDE_INTERNA -d 0/0 -j ACCEPT # Permite trafego de entrada de forma segura $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_EXTERNA -o $IFACE_INTERNA -j main-in # Permite trafego de saida de forma segura $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j safe $IPTABLES -A FORWARD -i $IFACE_INTERNA -o $IFACE_EXTERNA -j main-out ################# # Portas >= 1024 ################# $IPTABLES -A main-in -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A main-in -p UDP -s 0/0 --dport 1024: -j ACCEPT $IPTABLES -A INPUT -p TCP -s 0/0 --dport 1024: -j allowed $IPTABLES -A INPUT -p UDP -s 0/0 --dport 1024: -j ACCEPT ############################################################# # Redireciona o trafego internet da rede interna p/ o squid ############################################################# $IPTABLES -t nat -A PREROUTING -p TCP -i $IFACE_INTERNA -d ! 192.168.0.1 -s $REDE_INTERNA --dport 80 -j REDIRECT --to-port 3128 $IPTABLES -t nat -A POSTROUTING -o $IFACE_EXTERNA -j MASQUERADE ################################### # Libera pacotes ICMP p/ o Gateway ################################### $IPTABLES -A INPUT -i $IFACE_EXTERNA -s 0/0 -p ICMP -m limit --limit 1/s -j icmptrap ######################### # CONFIGURACOES FINAIS: ######################### # Habilita o IP Forward: echo 1 > /proc/sys/net/ipv4/ip_forward # Enable TCP SYN Cookie Protection echo 1 >/proc/sys/net/ipv4/tcp_syncookies # Enable broadcast echo protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Enable IP spoofing protection, turn on Source Address Verification for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done ##################################### # Dropa e loga todos outros pacotes ##################################### $IPTABLES -A INPUT -j logdrop $IPTABLES -A FORWARD -j logdrop echo "Firewall Started!"
Repasse de parâmetros de um script a outro
Instalador autônomo Zabbix 3.2.1 no CentOS 6
Script de instalação do Xorg 7.2 modificado para processadores AMD64
Compactar com senha usando 7Zip
Script gera uma chave md5 de todos os arquivos que forem especificados
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (15)
Tenho dois Link's ( IP VÁLIDOS ), estou tentando fazer o failover... (0)
Pendrive não formata de jeito nenhum (4)