[Ubuntu-BR] Firewall Ubuntu 10.04

Wilson Bom wilson_bom em yahoo.com.br
Terça Março 20 14:18:12 UTC 2012 

Bom dia Pessoal,

Estou tentando instalar firewall e gostaria da opinião dos senhores a 
respeito do script abaixo.

--------------------------------------


#! /bin/bash

case "$1" in
start)

     ###############
     # TITULO ABRE #
     ###############
     echo "Iniciando a Configuração do Firewall"

     ########################
     # Zera todas as Regras #
     ########################
     echo "Regras Zeradas"
       iptables -F

     ########################################
     # Bloqueia tudo, nada entra e nada sai #
     ########################################
     echo "Fechando tudo"
       iptables -P INPUT DROP
       iptables -P FORWARD DROP
       iptables -P OUTPUT DROP

     
############################################################################
     # Impede ataques DoS a maquina limitando a quantidade de respostas 
do ping #
     
############################################################################
     #echo "Previne ataques DoS"
     #  iptables -A INPUT -p icmp --icmp-type echo-request -m limit 
--limit 1/s -j ACCEPT

     #################################
     # Bloqieia completamente o ping #
     #################################
     echo "Bloqueia o pings"
       iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

     ##########################
     # Politicas de segurança #
     ##########################
     echo "Implementação de politicas de segurança"
       echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Impede 
falsear pacote
       echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Perigo de 
descobrimento de rotas de roteamento (desativar em roteador)
       echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Risco 
de DoS
       echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Só inicia a conexão 
quando recebe a confirmação, diminuindo a banda gasta
       echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter # Faz o 
firewall responder apenas a placa de rede que recebeu o pacote
       iptables -A INPUT -m state --state INVALID -j DROP # Elimina os 
pacotes invalidos

     #################################
     # Libera conexoes estabelecidas #
     #################################
     echo "Liberando conexões estabelecidas"
       iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
       iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW -j 
ACCEPT
       iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
       iptables -A INPUT -i lo -j ACCEPT

     
#######################################################################################
     # Libera o acesso via SSH e Limita o número de tentativas de acesso 
a 4 a cada minuto #
     
#######################################################################################
     echo "Liberando o SSH"
       iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW 
-m recent --update --seconds 60 --hitcount 4 -j DROP
       iptables -A INPUT -p tcp --dport 22 -j ACCEPT
       iptables -A INPUT -p udp --dport 22 -j ACCEPT

     ##################
     # Libera o Samba #
     ##################
     echo "Liberando o Samba"
       iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
       iptables -A INPUT -p udp --dport 137:139 -j ACCEPT

     ###################
     # Libera o Apache #
     ###################
     echo "Liberando o Apache"
       iptables -A INPUT -p tcp --dport 80 -j ACCEPT

     ################
     # TITULO FECHA #
     ################
     echo "Configuração do Firewall Concluida."

;;

stop)
      echo "Finalizando o Firewall"
      rm -rf /var/lock/subsys/firewall

      # -----------------------------------------------------------------
      # Remove todas as regras existentes
      # -----------------------------------------------------------------
        iptables -F
        iptables -X
        iptables -t mangle -F
      # -----------------------------------------------------------------
      # Reseta as politicas padrões, aceitar tudo
      # -----------------------------------------------------------------
        iptables -P INPUT   ACCEPT
        iptables -P OUTPUT  ACCEPT
        iptables -P FORWARD ACCEPT

;;

restart|reload)
        $0 stop
        $0 start
      ;;

*)
    echo "Selecione uma opção valida {start|stop|status|restart|reload}"
    exit 1

esac

exit 0

-- 

Wilson Bom


  Serprodata Informática Ltda.
  Av. Marcelino Pires, 1405 - Sala 216
  79800-004 - Dourados - MS
  (067) 3421-3343 - 8407-4808 - 8407-8808

  Messenger: serprodata em hotmail.com

  E-mail...: serprodata em hotmail.com
             wilson_bom em hotmail.com
             wilson_bom em yahoo.com.br
             wilson.bom em gmail.com



  Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
  Linux Counter: 292553
  Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos

More information about the ubuntu-br mailing list