saulobdkrt
(usa Debian)
Enviado em 25/03/2015 - 13:36h
Minha regra de tempo para bloqueio do Whatsapp não funciona. Ocorre seguinte:
Quando a regra está com intervalo de tempo não bloqueia o whatsapp mais quando tiro o timestart ai bloqueia o whatsapp ou seja não funciona o intervalo de tempo. Alguém já passou por isso ? Segue meu firewall abaixo.
##################################################
## Carregando Modulos IPTABLES ##
##################################################
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_LOG
/sbin/modprobe xt_time
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
### Zera os contadores das cadeias
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
iptables -t filter -F
iptables -t nat -Z
iptables -t mangle -Z
iptables -t filter -Z
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
##################### CORRECAO DO FURO DO NAT ###############################
iptables -A OUTPUT -m state -p icmp --state INVALID -j DROP
#############################################################################
#LIBERAR CONEXAOES ESTABELECIDAS
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Volta de pacotes em porta alta
iptables -A INPUT -p tcp -i ppp0 --dport 1022:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
## Liberando postas ##
iptables -A INPUT -p tcp --dport 222 -j ACCEPT
iptables -A INPUT -p tcp --dport 22222 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#Redirecionamneto de postar para ip
#iptables -t nat -A PREROUTING -i $INTF -p tcp --dport 34800 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.0.169
## Testes
#iptables -A INPUT -p tcp -s 192.168.1.30 -m time --timestart 21:00 --timestop 21:55 -j DROP
#iptables -A INPUT -p tcp -s 192.168.1.30 -m time --timestart 21:56 --timestop 23:45 -j ACCEPT
#iptables -A INPUT -s 192.168.1.30 -p tcp --dport 10000 -m time --timestart 22:00 --timestop 22:11 -j DROP
## Portas FTP Conao Passivas
iptables -A INPUT -p tcp -m multiport --dport 1024:2048 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 192.168.1.0/255.255.255.0 -j ACCEPT
## Bloqueio do Whatsapp por periodo de tempo
iptables -N LISTAIPS
iptables -I FORWARD -s 192.168.1.0/24 -j LISTAIPS
iptables -I INPUT -s 192.168.1.0/24 -j LISTAIPS
for list in `cat /root/ips.txt`;do
iptables -A LISTAIPS -d $list -m time --timestart 12:00 --timestop 12:10 -j REJECT
done
## Nega o resto
iptables -A INPUT -p tcp --syn -j DROP
## Regras que permitem fazer consultas a algum nameserver
iptables -A INPUT -p udp -i ppp0 --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -i ppp0 -m multiport --dport 7071,7073,50720 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#Regra contra ping
iptables -A INPUT -p icmp -j DROP
#Regra contra virus
iptables -A FORWARD -p udp --dport 137 -j DROP
# Compartilha conexão internet
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward