I've a single script for firewall that I created with my friend Felipe: echo "Inicando firewall ..."
INTRANET=eth1 INTERNET=eth2 iptables -F iptables -X iptables -Z iptables -F -t nat iptables -P INPUT DROP iptables -P FORWARD DROP #Aceita conexao SSH iptables -A INPUT -i $INTERNET -p tcp --dport 22 -j ACCEPT #Aceita conexao WEBMIN iptables -A INPUT -i $INTERNET -p tcp --dport 10000 -j ACCEPT #Nega a conexao da intranet para a internet nas poras desejadas #iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp --dport 21 -j DROP iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp --dport 80 -j DROP # Aceita consulta DNS iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp --dport 53 -j ACCEPT #Aceita pop.profarma.com.br iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.189.97.245 --dport 110 -j ACCEPT #Nega login.icq.com da intranet para a internet iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 64.12.162.57 -j DROP iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 205.188.179.233 -j DROP #Aceita pop.gbl.com.br iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.185.56.68 --dport 110 -j ACCEPT #Aceita pop3.uol.com.br iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.230.198.83 --dport 110 -j ACCEPT iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.230.198.94 --dport 110 -j ACCEPT iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.231.206.14 --dport 110 -j ACCEPT iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.231.206.19 --dport 110 -j ACCEPT iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp -d 200.246.5.85 --dport 110 -j ACCEPT iptables -A FORWARD -i $INTRANET -o $INTERNET -p tcp --dport 110 -j DROP iptables -A FORWARD -i $INTRANET -o $INTERNET -j ACCEPT #Nega acesso direto ao login icq iptables -A OUTPUT -o $INTERNET -p tcp -d 64.12.162.57 -j DROP iptables -A OUTPUT -o $INTERNET -p tcp -d 205.188.179.233 -j DROP iptables -A INPUT -i $INTRANET -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #Mascara o acesso a internet #iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE iptables -t nat -A POSTROUTING -o $INTERNET -s 180.0.0.0/24 -j SNAT --to-source 200.196.49.138 echo "Firewall iniciado!" -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Email.com http://www.email.com/?sr=signup
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com