[Ubuntu-BR] Firewall Ubuntu 10.04

Jeferson Rodrigues jeferod83 em gmail.com
Terça Março 20 14:39:15 UTC 2012 

Bom dia Wilson,

Você vai colocar no /etc/init.d/ o script?

Abraços

Em 20 de março de 2012 11:18, Wilson Bom <wilson_bom em yahoo.com.br> escreveu:

> Bom dia Pessoal,
>
> Estou tentando instalar firewall e gostaria da opinião dos senhores a
> respeito do script abaixo.
>
> ------------------------------**--------
>
>
> #! /bin/bash
>
> case "$1" in
> start)
>
>    ###############
>    # TITULO ABRE #
>    ###############
>    echo "Iniciando a Configuração do Firewall"
>
>    ########################
>    # Zera todas as Regras #
>    ########################
>    echo "Regras Zeradas"
>      iptables -F
>
>    ##############################**##########
>    # Bloqueia tudo, nada entra e nada sai #
>    ##############################**##########
>    echo "Fechando tudo"
>      iptables -P INPUT DROP
>      iptables -P FORWARD DROP
>      iptables -P OUTPUT DROP
>
>    ##############################**##############################**
> ################
>    # Impede ataques DoS a maquina limitando a quantidade de respostas do
> ping #
>    ##############################**##############################**
> ################
>    #echo "Previne ataques DoS"
>    #  iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit
> 1/s -j ACCEPT
>
>    ##############################**###
>    # Bloqieia completamente o ping #
>    ##############################**###
>    echo "Bloqueia o pings"
>      iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
>
>    ##########################
>    # Politicas de segurança #
>    ##########################
>    echo "Implementação de politicas de segurança"
>      echo 0 > /proc/sys/net/ipv4/conf/all/**accept_source_route # Impede
> falsear pacote
>      echo 0 > /proc/sys/net/ipv4/conf/all/**accept_redirects # Perigo de
> descobrimento de rotas de roteamento (desativar em roteador)
>      echo 1 > /proc/sys/net/ipv4/icmp_echo_**ignore_broadcasts # Risco de
> DoS
>      echo 1 > /proc/sys/net/ipv4/tcp_**syncookies # Só inicia a conexão
> quando recebe a confirmação, diminuindo a banda gasta
>      echo 1 > /proc/sys/net/ipv4/conf/**default/rp_filter # Faz o
> firewall responder apenas a placa de rede que recebeu o pacote
>      iptables -A INPUT -m state --state INVALID -j DROP # Elimina os
> pacotes invalidos
>
>    ##############################**###
>    # Libera conexoes estabelecidas #
>    ##############################**###
>    echo "Liberando conexões estabelecidas"
>      iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>      iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
>      iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
>      iptables -A INPUT -i lo -j ACCEPT
>
>    ##############################**##############################**
> ###########################
>    # Libera o acesso via SSH e Limita o número de tentativas de acesso a 4
> a cada minuto #
>    ##############################**##############################**
> ###########################
>    echo "Liberando o SSH"
>      iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
> recent --update --seconds 60 --hitcount 4 -j DROP
>      iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>      iptables -A INPUT -p udp --dport 22 -j ACCEPT
>
>    ##################
>    # Libera o Samba #
>    ##################
>    echo "Liberando o Samba"
>      iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
>      iptables -A INPUT -p udp --dport 137:139 -j ACCEPT
>
>    ###################
>    # Libera o Apache #
>    ###################
>    echo "Liberando o Apache"
>      iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>
>    ################
>    # TITULO FECHA #
>    ################
>    echo "Configuração do Firewall Concluida."
>
> ;;
>
> stop)
>     echo "Finalizando o Firewall"
>     rm -rf /var/lock/subsys/firewall
>
>     # ------------------------------**------------------------------**
> -----
>     # Remove todas as regras existentes
>     # ------------------------------**------------------------------**
> -----
>       iptables -F
>       iptables -X
>       iptables -t mangle -F
>     # ------------------------------**------------------------------**
> -----
>     # Reseta as politicas padrões, aceitar tudo
>     # ------------------------------**------------------------------**
> -----
>       iptables -P INPUT   ACCEPT
>       iptables -P OUTPUT  ACCEPT
>       iptables -P FORWARD ACCEPT
>
> ;;
>
> restart|reload)
>       $0 stop
>       $0 start
>     ;;
>
> *)
>   echo "Selecione uma opção valida {start|stop|status|restart|**reload}"
>   exit 1
>
> esac
>
> exit 0
>
>
> --
>
> Wilson Bom
>
>
>  Serprodata Informática Ltda.
>  Av. Marcelino Pires, 1405 - Sala 216
>  79800-004 - Dourados - MS
>  (067) 3421-3343 - 8407-4808 - 8407-8808
>
>  Messenger: serprodata em hotmail.com
>
>  E-mail...: serprodata em hotmail.com
>            wilson_bom em hotmail.com
>            wilson_bom em yahoo.com.br
>            wilson.bom em gmail.com
>
>
>
>  Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
>  Linux Counter: 292553
>  Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
>
>
>
>
>
> --
> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/**comece<http://www.ubuntu-br.org/comece>
>
> Lista de discussão Ubuntu Brasil
> Histórico, descadastramento e outras opções:
> https://lists.ubuntu.com/**mailman/listinfo/ubuntu-br<https://lists.ubuntu.com/mailman/listinfo/ubuntu-br>
>

More information about the ubuntu-br mailing list