Enviado em 30/09/2020 - 14:23h
Boa tarde galera, criei este tópico pois já pesquisei muito mas ainda não consegui encontrar uma solução para o meu problema, além de conhecer pouco sobre o assunto.wget 10.5.5.2:8123
#!/bin/bash
# first cleanup everything
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
# default drop
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -P OUTPUT ACCEPT
# allow loopback device
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# allow ssh over eth0 from outside to system
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT
# allow webserver
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -j ACCEPT
# Allow masquerade
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# System
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
# Forwards
iptables -A FORWARD -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
# OpenVPN
iptables -A INPUT -p udp --dport 1194 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.27.224.0/20 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.5.5.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -i as0t0 -j ACCEPT
iptables -A FORWARD -i as0t0 -j ACCEPT
iptables -A OUTPUT -o as0t0 -j ACCEPT
iptables -A FORWARD -i as0t0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o as0t0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i as0t0 -s 172.27.224.0/20 -d 0.0.0.0/0 -j ACCEPT
iptables -A FORWARD -i as0t0 -s 10.5.5.0/24 -d 0.0.0.0/0 -j ACCEPT
# Ports
iptables -A FORWARD -i eth0 -p tcp --dport 8123 -d 10.5.5.2 -j ACCEPT
iptables -A INPUT -i as0t0 -p tcp -s 10.5.5.2 --dport 8123 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8123 -j DNAT --to-destination 10.5.5.2:8123
# Logging
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
Chain INPUT (policy DROP)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_ACCEPT all -- anywhere anywhere
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_ACCEPT udp -- anywhere vps1234.publiccloud.com.br state NEW udp dpt:openvpn
AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_WEBACCEPT tcp -- anywhere vps1234.publiccloud.com.br state NEW tcp dpt:943
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:9090
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:openvpn state NEW
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:9987
ACCEPT tcp -- anywhere anywhere tcp dpt:10011
ACCEPT tcp -- anywhere anywhere tcp dpt:30033
ACCEPT tcp -- 10.5.5.2 anywhere tcp dpt:8123
LOGGING all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
AS0_OUT_S2C all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 172.27.224.0/20 anywhere
ACCEPT all -- 10.5.5.0/24 anywhere
ACCEPT tcp -- anywhere 10.5.5.2 tcp dpt:8123
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AS0_OUT_LOCAL all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp spt:9090
ACCEPT tcp -- anywhere anywhere tcp spt:webmin
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:9987
ACCEPT tcp -- anywhere anywhere tcp spt:10011
ACCEPT tcp -- anywhere anywhere tcp spt:30033
Chain AS0_ACCEPT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_DNS (2 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.5.1
RETURN all -- anywhere anywhere
Chain AS0_IN (5 references)
target prot opt source destination
ACCEPT all -- anywhere 10.0.5.1
AS0_U_INTERNAL_IN all -- 10.5.5.2 anywhere
AS0_IN_POST all -- anywhere anywhere
Chain AS0_IN_NAT (2 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x8000000
ACCEPT all -- anywhere anywhere
Chain AS0_IN_POST (2 references)
target prot opt source destination
ACCEPT all -- anywhere 10.5.5.0/24
AS0_OUT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain AS0_IN_PRE (2 references)
target prot opt source destination
AS0_DNS tcp -- anywhere anywhere state NEW tcp dpt:domain
AS0_DNS udp -- anywhere anywhere state NEW udp dpt:domain
AS0_IN all -- anywhere 191.212.53.0/24
AS0_IN all -- anywhere link-local/16
AS0_IN all -- anywhere 192.168.0.0/16
AS0_IN all -- anywhere 172.16.0.0/12
AS0_IN all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere anywhere
Chain AS0_IN_ROUTE (0 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK or 0x4000000
ACCEPT all -- anywhere anywhere
Chain AS0_OUT (2 references)
target prot opt source destination
AS0_U_INTERNAL_OUT all -- anywhere 10.5.5.2
AS0_OUT_POST all -- anywhere anywhere
Chain AS0_OUT_LOCAL (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp redirect
ACCEPT all -- anywhere anywhere
Chain AS0_OUT_POST (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere mark match 0x2000000/0x2000000
DROP all -- anywhere anywhere
Chain AS0_OUT_S2C (1 references)
target prot opt source destination
AS0_OUT all -- anywhere anywhere
Chain AS0_U_INTERNAL_IN (1 references)
target prot opt source destination
AS0_IN_NAT all -- anywhere 10.0.5.0/24
AS0_IN_NAT all -- anywhere 191.212.53.0/24
AS0_IN_POST all -- anywhere anywhere
Chain AS0_U_INTERNAL_OUT (1 references)
target prot opt source destination
ACCEPT all -- 10.5.5.0/24 anywhere
ACCEPT all -- 10.0.5.0/24 anywhere
ACCEPT all -- 10.5.5.0/24 anywhere
AS0_OUT_POST all -- anywhere anywhere
Chain AS0_WEBACCEPT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain LOGGING (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "IPTables-Dropped: "
DROP all -- anywhere anywhere
as0t0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.0.5.1 netmask 255.255.255.0 destination 10.0.5.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 200 (UNSPEC)
RX packets 33 bytes 4102 (4.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 8027 (7.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 191.212.53.47 netmask 255.255.255.0 broadcast 191.212.53..255
ether 22:4f:cc:27:d2:59 txqueuelen 1000 (Ethernet)
RX packets 17463562 bytes 2335444365 (2.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6311788 bytes 1425763570 (1.3 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1 (Local Loopback)
RX packets 123046 bytes 98937342 (94.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 123046 bytes 98937342 (94.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0f2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.70 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::c051:8794:97c4:7ac3 prefixlen 64 scopeid 0x20<link>
inet6 2804:d55:52e2:b800:8914:d08e:4895:4988 prefixlen 64 scopeid 0x0<global>
ether 80:ee:73:7d:7d:83 txqueuelen 1000 (Ethernet)
RX packets 2468025 bytes 216533800 (206.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13162807 bytes 1984356517 (1.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 21451249 bytes 2170560228 (2.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21451249 bytes 2170560228 (2.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.5.5.2 netmask 255.255.255.0 destination 10.5.5.2
inet6 fe80::cb53:8c05:d238:3cee prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 24 bytes 8027 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 4150 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp1s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 6c:71:d9:d2:1b:52 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Criando uma VPC na AWS via CLI
Multifuncional HP imprime mas não digitaliza
Dica básica para escrever um Artigo.
Como Exibir Imagens Aleatórias no Neofetch para Personalizar seu Terminal
Partição e erro fatal do disco (16)
A impressora não imprimi no win10 (5)
não sei o que tá havendo aqui! (3)
Função que recebe 20 números inteiros e retorna o 6° maior elemento do... (3)