Configuração do Firewall
Ir para navegação
Ir para pesquisar
ATL&L Telecom
Criando um arquivo para conter o firewall:
touch /etc/firewall.sh
Editando-o:
#!/bin/bash fw_start(){ # NAT modprobe iptable_nat # para acesso FTP modprobe ip_conntrack modprobe ip_conntrack_ftp # ativando o encaminhamendo echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -F iptables -F iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -P INPUT DROP iptables -A INPUT -s 0/0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 23 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 21 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 24 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 25 -j ACCEPT iptables -A INPUT -s 0/0 -p tcp --dport 10000 -j ACCEPT } fw_usage(){ echo echo "$0 (start | stop | restart )" echo echo "start - Ativa o firewall" echo "stop - Desativa o firewall" echo "restart - Reativa o firewall" } fw_stop(){ iptables -t nat -F iptables -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT iptables -A FORWARD -s 192.168.2.0/24 -d 200.135.37.0/26 -j ACCEPT iptables -A FORWARD -s 192.168.2.0/24 -d 172.16.0.0/16 -j ACCEPT iptables -A FORWARD -s 192.168.2.0/24 -d 172.18.0.0/16 -j ACCEPT iptables -P FORWARD DROP } case $1 in start) fw_start; ;; stop) fw_stop; ;; restart) fw_stop; fw_start; ;; *) fw_usage; exit; ;; esac
O arquivo firewall.sh será inicializado juntamento com o sistema operacional, visto que será adicionado ao rc.local