Re: [expert] Measurable Firewall Rules

Alexandre Jacarandá Wed, 27 Feb 2002 06:10:30 -0800

I've a single script for firewall that I
created with my friend Felipe:
echo "Inicando firewall ..."


INTRANET=eth1
INTERNET=eth2

iptables -F
iptables -X
iptables -Z
iptables -F -t nat

iptables -P INPUT DROP
iptables -P FORWARD DROP

#Aceita conexao SSH
iptables -A INPUT -i $INTERNET -p tcp --dport
22 -j ACCEPT
#Aceita conexao WEBMIN
iptables -A INPUT -i $INTERNET -p tcp --dport
10000 -j ACCEPT
#Nega a conexao da intranet para a internet nas
poras desejadas
#iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp --dport 21 -j DROP
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp --dport 80 -j DROP

# Aceita consulta DNS
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp --dport 53 -j ACCEPT

#Aceita  pop.profarma.com.br
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.189.97.245 --dport 110 -j ACCEPT
#Nega login.icq.com da intranet para a internet
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 64.12.162.57 -j DROP
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 205.188.179.233 -j DROP
#Aceita pop.gbl.com.br
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.185.56.68 --dport 110 -j ACCEPT
#Aceita pop3.uol.com.br
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.230.198.83 --dport 110 -j ACCEPT
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.230.198.94 --dport 110 -j ACCEPT
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.231.206.14 --dport 110 -j ACCEPT
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.231.206.19 --dport 110 -j ACCEPT
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp -d 200.246.5.85 --dport 110 -j ACCEPT
iptables -A FORWARD -i $INTRANET -o $INTERNET
-p tcp --dport 110 -j DROP
iptables -A FORWARD -i $INTRANET -o $INTERNET
-j ACCEPT

#Nega acesso direto ao login icq
iptables -A OUTPUT -o $INTERNET -p tcp -d
64.12.162.57 -j DROP
iptables -A OUTPUT -o $INTERNET -p tcp -d
205.188.179.233 -j DROP
iptables -A INPUT -i $INTRANET -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT

#Mascara o acesso a internet
#iptables -t nat -A POSTROUTING -o $INTERNET -j
MASQUERADE
iptables -t nat -A POSTROUTING -o $INTERNET -s
180.0.0.0/24 -j SNAT --to-source 200.196.49.138

echo "Firewall iniciado!"



-- 

_______________________________________________
Sign-up for your own FREE Personalized E-mail at Email.com
http://www.email.com/?sr=signup

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Measurable Firewall Rules

Reply via email to