Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -i lo -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A INPUT -m state --state INVALID -j DROP
- -A INPUT -p icmp -m icmp --icmp-type 0 -m length --length 30:1100 -m limit --limit 4/sec -j ACCEPT
- -A INPUT -p icmp -m icmp --icmp-type 0 -j DROP
- -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length 30:1100 -m limit --limit 4/sec -j ACCEPT
- -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -p tcp --dport 2250 -j ACCEPT
- -A INPUT -p tcp -m multiport --dports 53,67,80,3128,953,443 -j ACCEPT
- -A INPUT -p udp -m multiport --dports 53,67,80,3128,953,443 -j ACCEPT
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp --dport 22 -j ACCEPT
- -N ALTECNOLOGIC
- -A FORWARD -j ALTECNOLOGIC
- -A ALTECNOLOGIC -s 186.202.119.188 -j ACCEPT
- -A ALTECNOLOGIC -d 186.202.119.188 -j ACCEPT
- -A ALTECNOLOGIC -j DROP
- COMMIT
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A POSTROUTING -o eth0 -j MASQUERADE
- -N ALTECNOLOGIC
- -A PREROUTING -i eth1 -j ALTECNOLOGIC
- -A ALTECNOLOGIC -d 186.202.119.188 -j ACCEPT
- # Captura pacotes DNS e HTTP
- -A ALTECNOLOGIC -p tcp -m multiport --dports 53,80,443 -j REDIRECT
- -A ALTECNOLOGIC -p udp -m multiport --dports 53,80,443 -j REDIRECT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement