Ol� pessoal, montei um pequeno servidor e um firewall no conectiva 9. Algu�m pode me ajudar a protejer mais o meu sistema usando esse firewall somente acresentando mais coisas?
Atenciosamente Dilceu #M ###############################################################M # Ativamos o redirecionamento de pacotes (requerido para NAT) #M ###############################################################M echo "1" >/proc/sys/net/ipv4/ip_forward echo "15000" > /proc/sys/net/ipv4/ip_conntrack_max # # /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_gre IPTABLES="/usr/sbin/iptables" #M # Definicoes das VariaveisM #M # Variavel das interfaces de redeM # IR0 Internet M # IR1 Rede internaM IR0="eth0" IR1="eth1" #M # Estes sao os enderecos da rede interna RINTERNA1="192.168.0.0/24" #M UP_PORTS="1024:" D_PORTS=":1024" #M $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F #M $IPTABLES -t filter -P INPUT ACCEPT $IPTABLES -t filter -P OUTPUT ACCEPT $IPTABLES -t filter -P FORWARD ACCEPT # $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT #M $IPTABLES -A INPUT -i $IR0 -p icmp -m limit --limit 2/s -j ACCEPT # $IPTABLES -A INPUT -i lo -j ACCEPT # $IPTABLES -A INPUT -s $RINTERNA1 -i $IR1 -j ACCEPT # $IPTABLES -A INPUT -i $IR0 -p udp --sport 53 -j ACCEPT $IPTABLES -A INPUT -i $IR0 -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -i $IR0 -p udp --dport $UP_PORTS -j ACCEPT $IPTABLES -A INPUT -i $IR0 -p tcp --dport $UP_PORTS -j ACCEPT $IPTABLES -A INPUT -i $IR0 -p tcp --dport 23 -j LOG --log-level 6 --log-prefix "FIREWALL: telnet" $IPTABLES -A INPUT -i $IR0 -p tcp --dport 22 -j LOG --log-level 6 --log-prefix "FIREWALL: ssh" $IPTABLES -A INPUT -i $IR0 -p tcp --dport 110 -j LOG --log-level 6 --log-prefix "FIREWALL: pop3 " $IPTABLES -A INPUT -i $IR0 -p tcp --dport 113 -j LOG --log-level 6 --log-prefix "FIREWALL: identd $IPTABLES -A INPUT -i $IR0 -p tcp --sport 21 -j LOG --log-level 6 --log-prefix "FIREWALL: ftp " $IPTABLES -A INPUT -i $IR0 -p udp --dport 111 -j LOG --log-level 6 --log-prefix "FIREWALL: rpc" $IPTABLES -A INPUT -i $IR0 -p tcp --dport 111 -j LOG --log-level 6 --log-prefix "FIREWALL: rpc" $IPTABLES -A INPUT -i $IR0 -p tcp --dport 137:139 -j LOG --log-level 6 --log-prefix "FIREWALL: sa $IPTABLES -A INPUT -i $IR0 -p udp --dport 138:139 -j LOG --log-level 6 --log-prefix "FIREWALL: sa $IPTABLES -A INPUT -i $IR0 -p tcp --sport 8022 -j LOG --log-level 6 --log-prefix "FIREWALL: ssh" $IPTABLES -A INPUT -i $IR0 -p tcp --sport 80 -j LOG --log-level 6 --log-prefix "FIREWALL: http " #M # Masquerade (NAT)M $IPTABLES -t nat -A POSTROUTING -o $IR0 -j MASQUERADE echo -e "\nCarregado.\n" ________________________________________________ Message sent using UebiMiau 2.7.2 --------------------------------------------------------------------------- Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utiliza��o da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
