Olá Terminei o script de firewal, o problema é que agora os uploads ficaram muito lentos, mesmo definindo o TOS no OUTPUT da mangle. Aqui fica o script....
#!/bin/bash PATH=/sbin:$PATH #Inicialização: clear # Tabela filter iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # Tabela nat iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t nat -P POSTROUTING DROP # Tabela mangle iptables -t mangle -P INPUT ACCEPT iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P FORWARD ACCEPT iptables -t mangle -P POSTROUTING ACCEPT iptables -t mangle -P OUTPUT ACCEPT echo "Cria nova cadeia" #cria uma nova cadeia athinput iptables -N athinput echo "inicia filter" ##########################Cadeia Filter############################# #Aceita loopback iptables -A INPUT -i lo -j ACCEPT #Cria uma cadeia para as conexões da interenet chamada athinput iptables -A INPUT -i ath+ -j athinput #Tudo o resto é rejeitado e rejistado #iptables -A INPUT -j LOG iptables -A INPUT -j DROP echo "inicia athinput" ##########################Cadeia athinput############################# #Aceitas respostas de destino inatingível e ping com um limite de 2 por segundo iptables -A athinput -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT iptables -A athinput -p icmp --icmp-type 3 -m limit --limit 2/s -j ACCEPT #Serviço de MSN iptables -A athinput -p tcp --sport 1863 --dport 1024: -j ACCEPT #Nao aceita conecções para o apache iptables -A athinput -p tcp --dport 80 -j ACCEPT #Aceita serviço de HTML iptables -A athinput -p tcp --sport 80 --dport 1024: -j ACCEPT #Aceita HTTPs iptables -A athinput -p tcp --sport 443 --dport 1024: -j ACCEPT #Serviço de FTP, apenas upload iptables -A athinput -p tcp --sport 21 --dport 1024: -j ACCEPT iptables -A athinput -p tcp --sport 20 --dport 1024: -j ACCEPT #Aceita respostas udp dos servidores de DNS iptables -A athinput -p udp -s 195.22.0.136 --sport 53 --dport 1024: -j ACCEPT iptables -A athinput -p tcp -s 195.22.0.136 --sport 53 --dport 1024: -j ACCEPT ##########################Cadeia mangle############################# iptables -t mangle -A OUTPUT -o ath+ -p tcp --dport 21 -j TOS --set-tos 0x10 iptables -t mangle -A OUTPUT -o ath+ -p tcp --dport 23 -j TOS --set-tos 0x10 iptables -t mangle -A OUTPUT -o ath+ -p tcp --sport 80 -j TOS --set-tos 0x10 #tudo o resto é rejeitado iptables -A athinput -j DROP exit 0