firewall [Shell Script]

firewall

Publicado por Perfil removido 17/02/2006

[ Hits: 5.444 ]

Download firewall

0 0

Denuncie Favoritos Indicar

Esse é um script de um firewall simples, tendo como base esse script fica facil fazer um firewall :D !!

#!/bin/bash
                                                                                                                             
echo #########################################################
echo Criador  Matheus Anderson
echo email=matheusanderson@gmail.com
echo #########################################################
                                                                                                                             
#Variaveis
REDELOCAL="192.168.0.0/24"
TODOS="0/0"
                                                                                                                             
#Liberar Portas (NAT) Portas
PORTAS="21 1433 80"
for PORT in `echo $PORTAS`
do
iptables -t nat -A POSTROUTING -s $REDELOCAL -p tcp -d $TODOS --dport $PORT -o eth1 -j MASQUERADE
iptables -I FORWARD -p tcp -d $TODOS --dport $PORT -s $REDELOCAL -j ACCEPT
iptables -I OUTPUT -p tcp -d $TODOS --dport $PORT -j ACCEPT
done
                                                                                                                             
# Ignora pings
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
                                                                                                                             
                                                                                                                             
# Proteções diversas contra portscanners, ping of death, ataques DoS, etc.
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A FORWARD -m unclean -j DROP
                                                                                                                             
                                                                                                                             
# Abre para a interface de loopback.
# Esta regra é essencial para o KDE e outros programas gráficos funcionarem
#adequadamente.
iptables -A INPUT -p tcp --syn -s 127.0.0.1/255.0.0.0 -j ACCEPT
                                                                                                                             
# Redireciona uma faixa de portas para um micro da rede local
REDIRECT="1433:1433-192.168.0.1 1434:1434-192.168.0.1"
 
for REDI in `echo $REDIRECT`
do
        PORT=`echo "$REDI" | cut -d"-" -f1`
        IPDEST=`echo "$REDI" | cut -d"-" -f2`
 
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p tcp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $PORT -j DNAT --to-dest $IPDEST
iptables -A FORWARD -p udp -i eth0 --dport $PORT -d $IPDEST -j ACCEPT
done
 
#Bloqueia todas as portas que não foram liberados nas regras acima !!
iptables -A INPUT -p tcp --syn -j DROP
 
#Visualisando as regras
iptables -L -n
 
echo #####################################
echo Visualisando Regras com "-t nat"
echo #####################################
 
iptables -t nat -L

Scripts recomendados

Script de Ping

port scan

check_mem.sh - Plugin para o Nagios

Utilitário para redes

logs

Comentários

Nenhum comentário foi encontrado.