File "rc.firewall-basico.sh"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/scripts/ORGANIZAR/xen/backups/rc.firewall-basico.sh
File size: 1.3 KiB (1336 bytes)
MIME-type: text/x-shellscript
Charset: 8 bit
#!/bin/bash
# Script de firewall basico apenas para navegacao
# Fabricio Vaccari Constanski
# fabriciovc@fabriciovc.eti.br
# Atualizado em 09/10/2007
# Definindo Variaveis
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
PSNI=/proc/sys/net/ipv4
REDEINTERNA=192.168.100.0/24
# Echos
echo 1 > $PSNI/ip_forward
echo 1 > $PSNI/tcp_syncookies
for RP in $PSNI/conf/*/rp_filter ; do echo 1 > $RP ; done
echo 0 > $PSNI/icmp_echo_ignore_all
echo 1 > $PSNI/icmp_echo_ignore_broadcasts
# Carregando Modulos
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_nat_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE ip_nat_irc
# Limpando regras
$IPTABLES -t filter -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -t filter -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
# Definindo politica padrao ACCEPT
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
# Configurando MSS para navegação com modem ADSL em modo Bridge
#$IPTABLES -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1168
#$IPTABLES -I OUTPUT 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1168
# Bloqueio da porta 80/Tcp para uso com Squid (Proxy)
#$IPTABLES -A FORWARD -p tcp -m multiport -s $REDEINTERNA --dports 80,443 -j DROP
# NAT para a rede interna
$IPTABLES -t nat -A POSTROUTING -s $REDEINTERNA -j MASQUERADE