Script de Firewall

To: debian-user-portuguese@lists.debian.org
Subject: Script de Firewall
From: "Silvino Silva" <silvino.silva@gmail.com>
Date: Wed, 7 Feb 2007 05:05:34 +0000
Message-id: <[🔎] 3a3ff64e0702062105g716a97c7u525e6f236773a3a9@mail.gmail.com>
In-reply-to: <[🔎] 45C8F2AC.8090809@terra.com.br>
References: <[🔎] 3a3ff64e0702061110q302d0bf7m434383265ca98fe1@mail.gmail.com> <[🔎] 481b535f0702061117n162bc06bi5af2c457a3854fb4@mail.gmail.com> <[🔎] 3a3ff64e0702061145v2fae1666rec675206c576f907@mail.gmail.com> <ccf158630702061148v79cdd530ja1a0a4b566fa382f@mail.gmail.com> <[🔎] 3a3ff64e0702061231x1e9e4571v1ec1b4cc06497e83@mail.gmail.com> <[🔎] 3a3ff64e0702061239l15438289r2fe950283843335@mail.gmail.com> <[🔎] 45C8F2AC.8090809@terra.com.br>

Olá

Terminei o script de firewal, o problema é que agora os uploads ficaram muito lentos, mesmo definindo o TOS no OUTPUT da mangle. Aqui fica o script....

#!/bin/bash
PATH=/sbin:$PATH
#Inicialização:
clear
# Tabela filter
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Tabela nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING DROP
# Tabela mangle
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

echo "Cria nova cadeia"
#cria uma nova cadeia athinput
iptables -N athinput
echo "inicia filter"
##########################Cadeia Filter#############################
#Aceita loopback
iptables -A INPUT -i lo -j ACCEPT

#Cria uma cadeia para as conexões da interenet chamada athinput
iptables -A INPUT -i ath+ -j athinput

#Tudo o resto é rejeitado e rejistado
#iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

echo "inicia athinput"
##########################Cadeia athinput#############################
#Aceitas respostas de destino inatingível e ping com um limite de 2 por segundo
iptables -A athinput -p icmp --icmp-type 0 -m limit --limit 2/s -j ACCEPT
iptables -A athinput -p icmp --icmp-type 3 -m limit --limit 2/s -j ACCEPT

#Serviço de MSN
iptables -A athinput -p tcp --sport 1863 --dport 1024: -j ACCEPT

#Nao aceita conecções para o apache
iptables -A athinput -p tcp --dport 80 -j ACCEPT

#Aceita serviço de HTML
iptables -A athinput -p tcp --sport 80 --dport 1024: -j ACCEPT

#Aceita HTTPs
iptables -A athinput -p tcp --sport 443 --dport 1024: -j ACCEPT
#Serviço de FTP, apenas upload
iptables -A athinput -p tcp --sport 21 --dport 1024: -j ACCEPT
iptables -A athinput -p tcp --sport 20 --dport 1024: -j ACCEPT
#Aceita respostas udp dos servidores de DNS
iptables -A athinput -p udp -s 195.22.0.136 --sport 53 --dport 1024: -j ACCEPT
iptables -A athinput -p tcp -s 195.22.0.136 --sport 53 --dport 1024: -j ACCEPT

##########################Cadeia mangle#############################

iptables -t mangle -A OUTPUT -o ath+ -p tcp --dport 21 -j TOS --set-tos 0x10
iptables -t mangle -A OUTPUT -o ath+ -p tcp --dport 23 -j TOS --set-tos 0x10
iptables -t mangle -A OUTPUT -o ath+ -p tcp --sport 80 -j TOS --set-tos 0x10

#tudo o resto é rejeitado
iptables -A athinput -j DROP

exit 0

Reply to:

Follow-Ups:
- Fwd: Script de Firewall
  - From: "Silvino Silva" <silvino.silva@gmail.com>
- Re: Script de Firewall
  - From: hamacker <sirhamacker@gmail.com>

References:
- Script de Firewall
  - From: "Silvino Silva" <silvino.silva@gmail.com>
- Re: Script de Firewall
  - From: "Rúben Lício" <rubenlr@gmail.com>
- Fwd: Script de Firewall
  - From: "Silvino Silva" <silvino.silva@gmail.com>
- Fwd: Script de Firewall
  - From: "Silvino Silva" <silvino.silva@gmail.com>
- Fwd: Script de Firewall
  - From: "Silvino Silva" <silvino.silva@gmail.com>
- Re: Fwd: Script de Firewall
  - From: caio ferreira <idic@terra.com.br>

Prev by Date: Re: d-u-p e distros derivadas (era: Re: Problemas acentuação kde no Edgy)
Next by Date: Re: [OFF] Linux e telefone celular.
Previous by thread: Re: Fwd: Script de Firewall
Next by thread: Fwd: Script de Firewall
Index(es):
- Date
- Thread