Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #/bin/bash
- start(){
- #carrecando modulo no kernel
- #modprobe iptable_nat
- #Libera a interface de loopback (própria máquina)
- iptables -A INPUT -i lo -j ACCEPT
- #compartilhando conexão
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- echo "compartilhamento da rede ativo"
- #proxy transparente
- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 3128
- echo "proxy transparente ativo"
- #libera acesso porta 443
- iptables -A OUTPUT -p tcp -m tcp -m state --state NEW -j ACCEPT --dport 443
- #Protege contra synflood
- echo "1" > /proc/sys/net/ipv4/tcp_syncookies
- #Proteção contra ICMP Broadcasting
- echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
- #Protege pacotes mal formados protegendo contra ataques diversos
- iptables -A INPUT -m state --state INVALID -j DROP
- #Esta regra a + importante! Bloqueia tudo que não tenha sido liberado acima
- #iptables -A INPUT -p tcp --syn -j DROP
- echo "#######################################################"
- echo "Compartilhamento de Internet e Firewall carregados"
- echo "Firewall ativo e verificando!"
- }
- stop(){
- iptables -F
- iptables -t nat -F
- iptables -P INPUT ACCEPT
- iptables -P OUTPUT ACCEPT
- echo 0 > /proc/sys/net/ipv4/ip_forward
- echo "Stop Firewall..."
- }
- case "$1" in
- "start") start ;;
- "stop") stop ;;
- "restart") stop; start ;;
- *)
- echo "Use os parametros: start|stop|restart"
- esac
Advertisement
Add Comment
Please, Sign In to add comment
