API tools faq
paste
Advertisement
magubuntu

iptables

magubuntu
Mar 30th, 2011
490
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.41 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # Este script pode ser usado em outras distribuições Linux que utilizam o Kernel 2.4 em diante
  3.  
  4. firewall_start(){
  5.  
  6. # Abre para uma faixa de endereços da rede local
  7. iptables -A INPUT -p tcp --syn -s 192.168.15.0/255.255.255.0 -j ACCEPT
  8.  
  9.  
  10. # Abre uma porta (inclusive para a Internet)
  11. #iptables -A INPUT -p tcp --destination-port 21 -j ACCEPT
  12. #iptables -A INPUT -p tcp --destination-port 25 -j ACCEPT
  13. #iptables -A INPUT -p tcp --destination-port 110 -j ACCEPT
  14. iptables -A INPUT -p tcp --destination-port 2401 -j ACCEPT
  15. #iptables -A INPUT -p tcp --destination-port 443 -j ACCEPT
  16. iptables -A INPUT -p tcp --destination-port 4662 -j DROP
  17. iptables -A INPUT -p udp --destination-port 4672 -j DROP
  18. iptables -A INPUT -p tcp --destination-port 2535 -j DROP
  19. iptables -A INPUT -p tcp --destination-port 5703 -j DROP
  20. iptables -A OUTPUT -p tcp --destination-port 5703 -j DROP
  21. iptables -A INPUT -p tcp --destination-port 9666 -j DROP
  22. iptables -A INPUT -p udp --destination-port 9666 -j DROP
  23. iptables -A OUTPUT -p tcp --destination-port 9666 -j DROP
  24. iptables -A OUTPUT -p udp --destination-port 9666 -j DROP
  25. iptables -A INPUT -p tcp --destination-port 50243 -j DROP
  26. iptables -A INPUT -p udp --destination-port 51239 -j DROP
  27. iptables -A INPUT -p udp --destination-port 37410 -j DROP
  28. iptables -A FORWARD -p tcp --destination-port 6570 -j DROP
  29. iptables -A FORWARD -p udp --destination-port 37410 -j DROP
  30. iptables -A FORWARD -p tcp --destination-port 6570 -j DROP
  31. iptables -A FORWARD -p tcp --dport 4661:4711 -j DROP
  32. iptables -A FORWARD -p udp --dport 4661:4711 -j DROP
  33. #iptables -I FORWARD -p tcp -m layer7 --l7proto bittorrent -j DROP
  34. #iptables -I FORWARD -p tcp -m layer7 --l7proto directconnect -j DROP
  35. #iptables -I FORWARD -p tcp -m layer7 --l7proto gnutella -j DROP
  36. #iptables -I FORWARD -p tcp -m layer7 --l7proto edonkey -j DROP
  37. #iptables -I FORWARD -p tcp -m layer7 --l7proto bearshare -j DROP
  38. #iptables -I FORWARD -p tcp -m layer7 --l7proto winmx -j DROP
  39.  
  40.  
  41. #BLOQUEIOS
  42.  
  43. #---Castigo---
  44. #iptables -I INPUT -s 192.168.0.4 -j DROP
  45. #iptables -I INPUT -s 192.168.0.5 -j DROP
  46. #iptables -I INPUT -s 192.168.0.6 -j DROP
  47. #iptables -I INPUT -s 192.168.0.7 -j DROP
  48. #iptables -I INPUT -s 192.168.0.8 -j DROP
  49. #iptables -I INPUT -s 192.168.0.9 -j DROP
  50. #iptables -I INPUT -s 192.168.0.168 -j DROP
  51. #iptables -I INPUT -s 192.168.0.10 -j DROP
  52. #iptables -I INPUT -s 192.168.0.11 -j DROP
  53. #iptables -I INPUT -s 192.168.0.12 -j DROP
  54. #iptables -I INPUT -s 192.168.0.13 -j DROP
  55. #iptables -I INPUT -s 192.168.0.14 -j DROP
  56. #iptables -I INPUT -s 192.168.0.15 -j DROP
  57. #iptables -I INPUT -s 192.168.0.16 -j DROP
  58. #iptables -I INPUT -s 192.168.0.17 -j DROP
  59. #iptables -I INPUT -s 192.168.0.18 -j DROP
  60. #iptables -I INPUT -s 192.168.0.19 -j DROP
  61. #---Castigo labs----##
  62. #iptables -I INPUT -s 192.168.0.251 -j DROP
  63. #iptables -I INPUT -s 192.168.0.187 -j DROP
  64. #iptables -I INPUT -s 192.168.0.28 -j DROP
  65. #iptables -I INPUT -s 192.168.0.194 -j DROP
  66. #iptables -I INPUT -s 192.168.0.232 -j DROP
  67. #iptables -I INPUT -m iprange --src-range 192.168.0.20-192.168.0.254 -j DROP
  68.  
  69. #--ORKUT--
  70. #iptables -A FORWARD -d www.orkut.com -p tcp --dport 443 -m iprange --src-range 192.168.15.19-192.168.15.254 -j DROP
  71. #iptables -A INPUT -d www.orkut.com -p tcp --dport 443 -m iprange --src-range 192.168.15.19-192.168.15.254 -j DROP
  72. #iptables -A FORWARD -d orkut.com -p tcp --dport 443 -m iprange --src-range 192.168.15.19-192.168.15.254 -j DROP
  73. #iptables -A INPUT -d orkut.com -p tcp --dport 443 -m iprange --src-range 192.168.15.19-192.168.0.254 -j DROP
  74. #iptables -A FORWARD -d www.orkut.com.br -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  75. #iptables -A INPUT -d www.orkut.com.br -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  76. #iptables -A FORWARD -d orkut.com.br -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  77. #iptables -A INPUT -d orkut.com.br -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  78.  
  79. #--SUREPROXY--
  80. #iptables -A FORWARD -d www.sureproxy.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  81. #iptables -A INPUT -d www.sureproxy.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  82. #iptables -A FORWARD -d sureproxy.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  83. #iptables -A INPUT -d sureproxy.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  84. #--MEEBO--
  85. #iptables -A FORWARD -d www.meebo.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  86. #iptables -A INPUT -d www.meebo.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  87. #iptables -A FORWARD -d meebo.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  88. #iptables -A INPUT -d meebo.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  89. #--WEBMESSENGER--
  90. #iptables -A FORWARD -d sc.webmessenger.msn.com -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  91. #iptables -A INPUT -d sc.webmessenger.msn.com -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  92. #iptables -A INPUT -d sc.webmessenger.msn.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  93. #iptables -A FORWARD -d webmessenger.msn.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  94. #iptables -A INPUT -d webmessenger.msn.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  95. #iptables -A FORWARD -d www.webmessenger.msn.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  96. #iptables -A INPUT -d www.webmessenger.msn.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  97. #iptables -A FORWARD -d sc.webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  98. #iptables -A INPUT -d sc.webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  99. #iptables -A FORWARD -d webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  100. #iptables -A INPUT -d webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  101. #iptables -A FORWARD -d www.webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  102. #iptables -A INPUT -d www.webmessenger.msn.com -p tcp --dport 1863 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  103.  
  104. #--Outros--
  105. #iptables -A INPUT -d sch.nikkei.co.jp -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  106. #iptables -A INPUT -d imo.im -p tcp --dport 443 -m iprange --src-range 192.168.0.20-192.168.0.254 -j DROP
  107. #iptables -A INPUT -d easy-share.com -p tcp --dport 443 -m iprange --src-range 192.168.0.20-192.168.0.254 -j DROP
  108. #iptables -A INPUT -d ebuddy.com.br -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  109. #iptables -A INPUT -d ebuddy.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  110. #iptables -A INPUT -d 75.101.244.44 -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  111. #iptables -A FORWARD -d 75.101.244.44 -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  112.  
  113. #---Donwloads----
  114. #iptables -A INPUT -d megaupload.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  115. #iptables -A INPUT -d 4shared.com -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  116. #iptables -A INPUT -d easy-share.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  117. #iptables -A INPUT -d badongo.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  118. #iptables -A INPUT -d rapidshare.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  119. #iptables -A INPUT -d filefactory.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  120. #iptables -A INPUT -d mediafire.com -p tcp --dport 443 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  121. #iptables -A INPUT -d superdownloads.com.br -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  122. #iptables -A INPUT -d turboupload.com -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  123. #iptables -A INPUT -d baixaki.com.br -p tcp --dport 80 -m iprange --src-range 192.168.0.19-192.168.0.254 -j DROP
  124.  
  125.  
  126. # Fechando as portas do SSH/SAMBA/WEBADMIM pra fora
  127. iptables -A INPUT -p tcp --dport 22 -m iprange --src-range 192.168.15.2-192.168.15.6 -j ACCEPT
  128. iptables -A INPUT -p tcp --dport 22 -j DROP
  129. iptables -A INPUT -p tcp --dport 139 -m iprange --src-range 192.168.15.2-192.168.15.19 -j ACCEPT
  130. iptables -A INPUT -p tcp --dport 139 -j DROP
  131. iptables -A INPUT -p tcp --dport 445 -m iprange --src-range 192.168.15.2-192.168.15.19 -j ACCEPT
  132. iptables -A INPUT -p tcp --dport 445 -j DROP
  133. iptables -A INPUT -p tcp --dport 10000 -m iprange --src-range 192.168.15.2-192.168.15.19 -j ACCEPT
  134. iptables -A INPUT -p tcp --dport 10000 -j DROP
  135. iptables -A INPUT -p tcp --dport 10050 -m iprange --src-range 192.168.15.1-192.168.15.19 -j ACCEPT
  136. iptables -A INPUT -p tcp --dport 10050 -s 127.0.0.1/255.0.0.0 -j ACCEPT
  137. iptables -A INPUT -p tcp --dport 10050 -j DROP
  138. iptables -A INPUT -p tcp --dport 53 -m iprange --src-range 192.168.15.1-192.168.15.254 -j ACCEPT
  139. iptables -A INPUT -p tcp --dport 53 -j DROP
  140.  
  141. #============================LIBERACOES POR CAUSA DO BLOQUEIO DO ULTRASURF=====================
  142.  
  143. # ================================== LIBERA O GMAIL ===========================================
  144. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d www.google.com --dport 443 -j ACCEPT
  145. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d google.com --dport 443 -j ACCEPT
  146. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d www.gmail.com --dport 443 -j ACCEPT
  147. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d ssl.google-analytics.com --dport 443 -j ACCEPT
  148. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.115.97 --dport 443 -j ACCEPT
  149. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.229.80 --dport 443 -j ACCEPT
  150. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.229.81 --dport 443 -j ACCEPT
  151. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.157.95 --dport 443 -j ACCEPT
  152. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.157.97 --dport 443 -j ACCEPT
  153. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.229.21 --dport 443 -j ACCEPT
  154. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.229.19 --dport 443 -j ACCEPT
  155. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.45.0/24 --dport 443 -j ACCEPT
  156. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.14.204.19 --dport 443 -j ACCEPT
  157. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.45.97 --dport 443 -j ACCEPT
  158. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.65.83 --dport 443 -j ACCEPT
  159. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.65.105 --dport 443 -j ACCEPT
  160. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.67.105 --dport 443 -j ACCEPT
  161. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.67.83 --dport 443 -j ACCEPT
  162.  
  163.  
  164. # ====================== LIBERA O YAHOO ===================================================
  165. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d login.yahoo.com --dport 443 -j ACCEPT
  166. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d edit.yahoo.com --dport 443 -j ACCEPT
  167. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d br.yahoo.com --dport 443 -j ACCEPT
  168. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d www.yahoo.com.br --dport 443 -j ACCEPT
  169. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 200.152.161.132 --dport 443 -j ACCEPT
  170. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 200.152.168.167 --dport 443 -j ACCEPT
  171. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 67.195.182.28 --dport 443 -j ACCEPT
  172. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 209.191.92.114 --dport 443 -j ACCEPT
  173. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 205.128.71.113 --dport 443 -j ACCEPT
  174. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d br.mc1135.mail.yahoo.com --dport 443 -j ACCEPT
  175. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d yahoo.com --dport 443 -j ACCEPT
  176. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d br.adserver.yahoo.com --dport 443 -j ACCEPT
  177. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d br.mg5.yahoo.com --dport 443 -j ACCEPT
  178. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d br.mg5.mail.yahoo.com --dport 443 -j ACCEPT
  179. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d s.yimg.com --dport 443 -j ACCEPT
  180. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 201.156.15.42 --dport 443 -j ACCEPT
  181.  
  182. # ====================================== LIBERA O HOTMAIL =========================================
  183. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.179 --dport 443 -j ACCEPT
  184. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 23.1.53.186 --dport 443 -j ACCEPT
  185. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 23.1.56.124 --dport 443 -j ACCEPT
  186. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 63.245.209.93 --dport 443 -j ACCEPT
  187. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.31.56.124 --dport 443 -j ACCEPT
  188. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.213.186 --dport 443 -j ACCEPT
  189. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.191.45 --dport 443 -j ACCEPT
  190. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.141 --dport 443 -j ACCEPT
  191. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.216.124 --dport 443 -j ACCEPT
  192. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.253.165 --dport 443 -j ACCEPT
  193. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.26.149.165 --dport 443 -j ACCEPT
  194. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.179 --dport 443 -j ACCEPT
  195. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 23.1.45.165 --dport 443 -j ACCEPT
  196. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.249.165 --dport 443 -j ACCEPT
  197. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 23.0.24.124 --dport 443 -j ACCEPT
  198. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.7.168.124 --dport 443 -j ACCEPT
  199. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.177 --dport 443 -j ACCEPT
  200. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.6.85.186 --dport 443 -j ACCEPT
  201. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.6.88.124 --dport 443 -j ACCEPT
  202. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.165.186 --dport 443 -j ACCEPT
  203. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.51.168.124 --dport 443 -j ACCEPT
  204. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.247.25.186 --dport 443 -j ACCEPT
  205. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.47 --dport 443 -j ACCEPT
  206. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.247.69.186 --dport 443 -j ACCEPT
  207. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.247.133.186 --dport 443 -j ACCEPT
  208. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.169 --dport 443 -j ACCEPT
  209. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.137 --dport 443 -j ACCEPT
  210. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.165.136 --dport 443 -j ACCEPT
  211. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.17.85.186 --dport 443 -j ACCEPT
  212. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.17.85.0/24 --dport 443 -j ACCEPT
  213. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.192.53.186 --dport 443 -j ACCEPT
  214. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.192.53.0/24 --dport 443 -j ACCEPT
  215. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.109 --dport 443 -j ACCEPT
  216. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.17 --dport 443 -j ACCEPT
  217. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.77 --dport 443 -j ACCEPT
  218. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.49 --dport 443 -j ACCEPT
  219. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.58.181.71 --dport 443 -j ACCEPT
  220. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.58.181.0/24 --dport 443 -j ACCEPT
  221. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.50.165.186 --dport 443 -j ACCEPT
  222. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.50.168.124 --dport 443 -j ACCEPT
  223. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.50.168.0/24 --dport 443 -j ACCEPT
  224. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 201.49.208.59 --dport 443 -j ACCEPT
  225. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 201.49.208.0/24 --dport 443 -j ACCEPT
  226. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.6.165.186 --dport 443 -j ACCEPT
  227. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.6.21.186 --dport 443 -j ACCEPT
  228. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.6.21.0/24 --dport 443 -j ACCEPT
  229. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.191.0/24 --dport 443 -j ACCEPT
  230. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.191.45 --dport 443 -j ACCEPT
  231. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 74.125.91.0/24 --dport 443 -j ACCEPT
  232. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d hotmail.com --dport 443 -j ACCEPT
  233. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d login.live.com --dport 443 -j ACCEPT
  234. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d messenger.hotmail.com --dport 443 -j ACCEPT
  235. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d messenger.hotmail.com --dport 1863 -j ACCEPT
  236. iptables -A FORWARD -s 192.168.15.0/24 -p tcp --dport 1863 -j ACCEPT
  237. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 64.4.13.0/24 --dport 1863 -j ACCEPT
  238. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 64.4.13.0/24 -j ACCEPT
  239. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 64.4.13.0/24 --dport 443 -j ACCEPT
  240. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d loginnet.passport.com --dport 443 -j ACCEPT
  241. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d login.passport.com --dport 443 -j ACCEPT
  242. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d gateway.messenger.hotmail.com --dport 443 -j ACCEPT
  243. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d mail.live.com --dport 443 -j ACCEPT
  244. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d sn116w.snt116.mail.live.com --dport 443 -j ACCEPT
  245. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d origin.mail.live.com --dport 443 -j ACCEPT
  246. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d live.com --dport 443 -j ACCEPT
  247. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d secure.shared.live.com --dport 443 -j ACCEPT
  248. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 209.87.152.149 --dport 443 -j ACCEPT
  249. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 209.87.152.0/24 --dport 443 -j ACCEPT
  250. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.43.160.197 --dport 443 -j ACCEPT
  251. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 69.43.160.0/24 --dport 443 -j ACCEPT
  252. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 173.223.117.186 --dport 443 -j ACCEPT
  253. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 96.17.88.124 --dport 443 -j ACCEPT
  254. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.186.107 --dport 443 -j ACCEPT
  255. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.31.56.124 --dport 443 -j ACCEPT
  256. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 184.85.255.165 --dport 443 -j ACCEPT
  257. #======================================LIBERA MSN==============================================
  258. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.120.172 --dport 443 -j ACCEPT
  259. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.118.185 --dport 443 -j ACCEPT
  260. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.113.78 --dport 443 -j ACCEPT
  261. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.120.0/24 --dport 443 -j ACCEPT
  262. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.124.113 --dport 443 -j ACCEPT
  263. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 207.46.124.0/24 --dport 443 -j ACCEPT
  264. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.48.173 --dport 1863 -j ACCEPT
  265. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.48.95 --dport 1863 -j ACCEPT
  266. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.54.52.254 --dport 1863 -j ACCEPT
  267. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.55.64.254 --dport 1863 -j ACCEPT
  268. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.55.71.162 --dport 1863 -j ACCEPT
  269.  
  270. #===================================LIBERA UOL========================================
  271. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d acesso.uol.com.br --dport 443 -j ACCEPT
  272. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 200.221.2.137 --dport 443 -j ACCEPT
  273. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 200.221.2.0/24 --dport 443 -j ACCEPT
  274.  
  275. #===================================WEBMAIL CONTAX========================================
  276. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d webmail.contax.com.br --dport 443 -j ACCEPT
  277.  
  278.  
  279. #===================================LIBERA UPDATE WIN XP========================================
  280.  
  281. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d update.microsoft.com --dport 443 -j ACCEPT
  282. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d www.update.microsoft.com --dport 443 -j ACCEPT
  283. # iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.55.0.0/16 --dport 443 -j ACCEPT
  284. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 65.55.184.0/24 --dport 443 -j ACCEPT
  285.  
  286. #====================================LIBERA ZIPMAIL==============================================
  287. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d visitante.acesso.uol.com.br --dport 443 -j ACCEPT
  288.  
  289.  
  290. #====================================LIBERA IG==============================================
  291. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d authmail.ig.com.br --dport 443 -j ACCEPT
  292.  
  293. #====================================LIMAO WEBMAIL==============================================
  294. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.14.214.83 --dport 443 -j ACCEPT
  295. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.14.214.103 --dport 443 -j ACCEPT
  296. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d mail.google.com --dport 443 -j ACCEPT
  297.  
  298. #====================================GLOBO MAIL==============================================
  299. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d login.globo.com --dport 443 -j ACCEPT
  300. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 72.125.229.30 --dport 443 -j ACCEPT
  301. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d 201.7.176.103 --dport 443 -j ACCEPT
  302.  
  303. #========================================ALUNOS============================================
  304. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d cnpq.br --dport 443 -j ACCEPT
  305. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d www.cnpq.br --dport 443 -j ACCEPT
  306. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d wwws.cnpq.br --dport 443 -j ACCEPT
  307. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d protegido.anhembi.br --dport 443 -j ACCEPT
  308. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d portal.anhembi.br --dport 443 -j ACCEPT
  309. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d seguro.anhembi.br --dport 443 -j ACCEPT
  310. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d siteseguro.caixaseguros.com.br --dport 443 -j ACCEPT
  311. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d ps.natura.net --dport 443 -j ACCEPT
  312. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d wix.com --dport 443 -j ACCEPT
  313. iptables -A FORWARD -s 192.168.15.0/24 -p tcp -d dpc.mar.mil.br --dport 443 -j ACCEPT
  314.  
  315. # ================================== LIBERA TEMPORARIAMENTE O LAB 07 ================================
  316. # ipables -A FORWARD -p tcp --dport 443 -m iprange --src-range 192.168.15.20-192.168.15.50 -j ACCEPT
  317.  
  318.  
  319.  
  320. # ============================= BLOQUEIO PARA ULTRASURF ===========================================
  321. iptables -A FORWARD -p tcp --dport 443 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  322. iptables -A FORWARD -p tcp --dport 34387 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  323. iptables -A FORWARD -p tcp --dport 54539 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  324. iptables -A FORWARD -p tcp --dport 25101 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  325. iptables -A FORWARD -p tcp --dport 59879 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  326. iptables -A FORWARD -p tcp --dport 54296 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  327. iptables -A FORWARD -p tcp --dport 20255 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  328. iptables -A FORWARD -p tcp --dport 30603 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  329. iptables -A FORWARD -p tcp --dport 53877 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  330. iptables -A FORWARD -p tcp --dport 15440 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  331. iptables -A FORWARD -p tcp --dport 49287 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  332. iptables -A FORWARD -p tcp --dport 37940 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  333. iptables -A FORWARD -p tcp --dport 11106 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  334. iptables -A FORWARD -p tcp --dport 20031 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  335. iptables -A FORWARD -p tcp --dport 31547 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  336. iptables -A FORWARD -p tcp --dport 56610 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  337. iptables -A FORWARD -p tcp --dport 30640 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  338. iptables -A FORWARD -p tcp --dport 28878 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  339. iptables -A FORWARD -p tcp --dport 41473 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  340. iptables -A FORWARD -p tcp --dport 60613 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  341. iptables -A FORWARD -p tcp --dport 12217 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  342. iptables -A FORWARD -p tcp --dport 61914 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  343. iptables -A FORWARD -p tcp --dport 39361 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  344. iptables -A FORWARD -p tcp --dport 45807 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  345. iptables -A FORWARD -p tcp --dport 8080 -m iprange --src-range 192.168.15.20-192.168.15.254 -j DROP
  346.  
  347. ## inspetor
  348.  
  349. # Ignora pings
  350. echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
  351.  
  352. # Protege contra synflood
  353. echo "1" > /proc/sys/net/ipv4/tcp_syncookies
  354.  
  355. # Desabilita o suporte a source routed packets
  356. # Esta recurso funciona como um NAT ao contrário, que em certas circunstancias pode permitir que alguem de fora envie pacotes para micros dentro da rede local.
  357. echo "0" > /proc/sys/net/ipv4/conf/eth1/accept_source_route
  358. echo "0" > /proc/sys/net/ipv4/conf/eth0/accept_source_route
  359.  
  360. # Proteção contra ICMP Broadcasting
  361. echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  362.  
  363. # Proteções diversas contra portscanners, ping of death, ataques DoS, etc.
  364. iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
  365. iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
  366. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  367. iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
  368. iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
  369. iptables -A FORWARD -m unclean -j DROP
  370. iptables -A INPUT -m state --state INVALID -j DROP
  371. iptables -N VALID_CHECK
  372. iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
  373. iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
  374. iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
  375. iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
  376. iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
  377. iptables -A VALID_CHECK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
  378. iptables -A VALID_CHECK -p tcp --tcp-flags ALL NONE -j DROP
  379.  
  380.  
  381. # Abre para a interface de loopback.
  382.  
  383. # Esta regra é essencial para o KDE e outros programas gráficos funcionarem adequadamente.
  384. iptables -A INPUT -p tcp --syn -s 127.0.0.1/255.0.0.0 -j ACCEPT
  385. iptables -A INPUT -i lo -j ACCEPT
  386.  
  387. # Esta regra é o coração do firewall
  388. # ela bloqueia qualquer conexão que não tenha sido permitida acima, justamente por isso ela é a última da cadeia.
  389.  
  390. iptables -A INPUT -p tcp --syn -j DROP
  391. #iptables -A INPUT -j DROP
  392.  
  393. }
  394. firewall_stop(){
  395. iptables -F
  396. iptables -X
  397. iptables -P INPUT ACCEPT
  398. iptables -P FORWARD ACCEPT
  399. iptables -P OUTPUT ACCEPT
  400. }
  401. case "$1" in
  402. "start")
  403. firewall_start
  404. ;;
  405. "stop")
  406. firewall_stop
  407. echo "O firewall está sendo desativado"
  408. sleep 2
  409. echo "ok."
  410. ;;
  411. "restart")
  412. echo "O firewall está sendo desativado"
  413. sleep 1
  414. echo "ok."
  415. firewall_stop; firewall_start
  416. ;;
  417. *)
  418. iptables -L -n
  419. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!