Bom dia Wilson, Você vai colocar no /etc/init.d/ o script?
Abraços Em 20 de março de 2012 11:18, Wilson Bom <[email protected]> escreveu: > Bom dia Pessoal, > > Estou tentando instalar firewall e gostaria da opinião dos senhores a > respeito do script abaixo. > > ------------------------------**-------- > > > #! /bin/bash > > case "$1" in > start) > > ############### > # TITULO ABRE # > ############### > echo "Iniciando a Configuração do Firewall" > > ######################## > # Zera todas as Regras # > ######################## > echo "Regras Zeradas" > iptables -F > > ##############################**########## > # Bloqueia tudo, nada entra e nada sai # > ##############################**########## > echo "Fechando tudo" > iptables -P INPUT DROP > iptables -P FORWARD DROP > iptables -P OUTPUT DROP > > ##############################**##############################** > ################ > # Impede ataques DoS a maquina limitando a quantidade de respostas do > ping # > ##############################**##############################** > ################ > #echo "Previne ataques DoS" > # iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit > 1/s -j ACCEPT > > ##############################**### > # Bloqieia completamente o ping # > ##############################**### > echo "Bloqueia o pings" > iptables -A INPUT -p icmp --icmp-type echo-request -j DROP > > ########################## > # Politicas de segurança # > ########################## > echo "Implementação de politicas de segurança" > echo 0 > /proc/sys/net/ipv4/conf/all/**accept_source_route # Impede > falsear pacote > echo 0 > /proc/sys/net/ipv4/conf/all/**accept_redirects # Perigo de > descobrimento de rotas de roteamento (desativar em roteador) > echo 1 > /proc/sys/net/ipv4/icmp_echo_**ignore_broadcasts # Risco de > DoS > echo 1 > /proc/sys/net/ipv4/tcp_**syncookies # Só inicia a conexão > quando recebe a confirmação, diminuindo a banda gasta > echo 1 > /proc/sys/net/ipv4/conf/**default/rp_filter # Faz o > firewall responder apenas a placa de rede que recebeu o pacote > iptables -A INPUT -m state --state INVALID -j DROP # Elimina os > pacotes invalidos > > ##############################**### > # Libera conexoes estabelecidas # > ##############################**### > echo "Liberando conexões estabelecidas" > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT > iptables -A INPUT -i lo -j ACCEPT > > ##############################**##############################** > ########################### > # Libera o acesso via SSH e Limita o número de tentativas de acesso a 4 > a cada minuto # > ##############################**##############################** > ########################### > echo "Liberando o SSH" > iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m > recent --update --seconds 60 --hitcount 4 -j DROP > iptables -A INPUT -p tcp --dport 22 -j ACCEPT > iptables -A INPUT -p udp --dport 22 -j ACCEPT > > ################## > # Libera o Samba # > ################## > echo "Liberando o Samba" > iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT > iptables -A INPUT -p udp --dport 137:139 -j ACCEPT > > ################### > # Libera o Apache # > ################### > echo "Liberando o Apache" > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > ################ > # TITULO FECHA # > ################ > echo "Configuração do Firewall Concluida." > > ;; > > stop) > echo "Finalizando o Firewall" > rm -rf /var/lock/subsys/firewall > > # ------------------------------**------------------------------** > ----- > # Remove todas as regras existentes > # ------------------------------**------------------------------** > ----- > iptables -F > iptables -X > iptables -t mangle -F > # ------------------------------**------------------------------** > ----- > # Reseta as politicas padrões, aceitar tudo > # ------------------------------**------------------------------** > ----- > iptables -P INPUT ACCEPT > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEPT > > ;; > > restart|reload) > $0 stop > $0 start > ;; > > *) > echo "Selecione uma opção valida {start|stop|status|restart|**reload}" > exit 1 > > esac > > exit 0 > > > -- > > Wilson Bom > > > Serprodata Informática Ltda. > Av. Marcelino Pires, 1405 - Sala 216 > 79800-004 - Dourados - MS > (067) 3421-3343 - 8407-4808 - 8407-8808 > > Messenger: [email protected] > > E-mail...: [email protected] > [email protected] > [email protected] > [email protected] > > > > Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44 > Linux Counter: 292553 > Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos > > > > > > -- > Mais sobre o Ubuntu em português: > http://www.ubuntu-br.org/**comece<http://www.ubuntu-br.org/comece> > > Lista de discussão Ubuntu Brasil > Histórico, descadastramento e outras opções: > https://lists.ubuntu.com/**mailman/listinfo/ubuntu-br<https://lists.ubuntu.com/mailman/listinfo/ubuntu-br> > -- Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece Lista de discussão Ubuntu Brasil Histórico, descadastramento e outras opções: https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
