Configuração do Firewall

De MediaWiki do Campus São José
Ir para: navegação, pesquisa

ATL&L Telecom

Criando um arquivo para conter o firewall:

   touch /etc/firewall.sh

Editando-o:

   #!/bin/bash
   fw_start(){
   # NAT
   modprobe iptable_nat
   # para acesso FTP
   modprobe ip_conntrack
   modprobe ip_conntrack_ftp
   # ativando o encaminhamendo
   echo 1 > /proc/sys/net/ipv4/ip_forward
   iptables -t nat -F
   iptables -F
   iptables -P FORWARD ACCEPT
   iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   iptables -P INPUT DROP
   iptables -A INPUT -s 0/0 -p tcp --dport 80 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 23 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 21 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 24 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 25 -j ACCEPT
   iptables -A INPUT -s 0/0 -p tcp --dport 10000 -j ACCEPT
   }
   fw_usage(){
   echo
   echo "$0 (start | stop | restart )"
   echo
   echo "start   - Ativa o firewall"
   echo "stop    - Desativa o firewall"
   echo "restart - Reativa o firewall"
   }
   fw_stop(){
   iptables -t nat -F
   iptables -F
   iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   iptables -A FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24   -j ACCEPT
   iptables -A FORWARD -s 192.168.2.0/24 -d 200.135.37.0/26  -j ACCEPT
   iptables -A FORWARD -s 192.168.2.0/24 -d 172.16.0.0/16    -j ACCEPT
   iptables -A FORWARD -s 192.168.2.0/24 -d 172.18.0.0/16    -j ACCEPT
   iptables -P FORWARD DROP
   }
   case $1 in
   start)
   fw_start;
   ;;
   stop)
   fw_stop;
   ;;
   restart)
   fw_stop;
   fw_start;
   ;;
   *)
   fw_usage;
   exit;
   ;;
   esac

O arquivo firewall.sh será inicializado juntamento com o sistema operacional, visto que será adicionado ao rc.local