[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables

Cara o ping vai funcionar pois seu script (abaixo) quando você da um stop nele ele não "fecha" o forwarding ... tenta fazer assim: 

parar(){
    echo 0>  /proc/sys/net/ipv4/ip_forward
    iptables -F
    iptables -F -t nat
}
Veja se depois de executar o stop (parar) ele continua conseguindo "pingar" o terra. 

Até+

Em 25-04-2011 09:54, Diác. Moretti escreveu:

#!/bin/bash
>>>>>
>>>>>  # ... Interface da internet
>>>>>  ifinternet="eth0"
>>>>>
>>>>>  # ... Interface da rede local
>>>>>  iflocal="eth1"
>>>>>
>>>>>  iniciar(){
>>>>>      modprobe iptable_nat
>>>>>      echo 1>   /proc/sys/net/ipv4/ip_forward
>>>>>      iptables -t nat -A POSTROUTING -o $ifinternet -j MASQUERADE
>>>>>  #   iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
>>>>>      echo 1>   /proc/sys/net/ipv4/conf/default/rp_filter
>>>>>      iptables -A INPUT -m state --state INVALID -j DROP
>>>>>      iptables -A INPUT -i lo -j ACCEPT
>>>>>      iptables -A INPUT -i $iflocal -j ACCEPT
>>>>>      iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>>>>>      iptables -A INPUT -p tcp --syn -j DROP
>>>>>  }
>>>>>
>>>>>  parar(){
>>>>>      iptables -F
>>>>>      iptables -F -t nat
>>>>>  }
>>>>>
>>>>>  case "$1" in
>>>>>  "start") iniciar;;
>>>>>  "stop") parar;;
>>>>>  "restart") parar; iniciar;;
>>>>>  *) echo "Use os parametros start ou stop"
>>>>>  esac
>>>>>
>>>>>



--
Rafael Henrique da Silva Correia
http://abraseucodigo.blogspot.com

Administrador de Sistemas Linux
Certificado pela LPIC - 101
ID: LPI000160699
Reply to: