Closed Julenho closed 4 years ago
FIREWALL=$(ip addr show | grep global | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]).){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' | sed -n '1p') SAMBA="172.16.4.5" NTP="172.16.4.8" BACKUP="172.16.4.7" ZABBIX="172.16.4.6"
function start() {
echo 1 > /proc/sys/net/ipv4/ip_forward ######LIMPANDO TODAS AS REGRAS iptables -F iptables -X ######REGRAS MAQUINA FIREWALL ######LOGANDO TENTATIVAS DE ACESSO SSH A REDE LOCAL iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "[TENTATIVA ACESSO SSH]" iptables -A INPUT -p tcp --dport 22 --syn -j DROP ######REGRAS MAQUINA FIREWALL - PERMITINDO ACESSO VIA SSH NA PORTA 7292 iptables -A INPUT -p tcp -d $FIREWALL --sport 513:65535 --dport 7292 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s $FIREWALL --sport 7292 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT ### HABILITANDO O NAT iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE ### PERMITINDO A CONTINUIDADE DAS CONEXOES ESTABELECIDAS iptables -A FORWARD -i enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT ### ACEITANDO AS CONEXoES PROVENIENTES DA REDE INTERNA iptables -A FORWARD -o enp0s3 -j ACCEPT ##SSH PARA O FIREWALL iptables -A INPUT -p tcp --dport 3012 --syn -j LOG --log-prefix "[ACESSO SSH FIREWALL]" iptables -t nat -I PREROUTING -p tcp -d $FIREWALL --dport 3012 -j DNAT --to $FIREWALL:3012 iptables -A FORWARD -p tcp -d $FIREWALL --dport 3012 -j ACCEPT ##SSH PARA O SAMBA iptables -A INPUT -p tcp --dport 3022 --syn -j LOG --log-prefix "[ACESSO SSH SAMBA]" iptables -t nat -I PREROUTING -p tcp -d $FIREWALL --dport 3022 -j DNAT --to $SAMBA:3022 iptables -A FORWARD -p tcp -d $SAMBA --dport 3022 -j ACCEPT ##SSH PARA O ZABBIX iptables -A INPUT -p tcp --dport 3032 --syn -j LOG --log-prefix "[ACESSO SSH ZABBIX]" iptables -t nat -I PREROUTING -p tcp -d $FIREWALL --dport 3032 -j DNAT --to $ZABBIX:3032 iptables -A FORWARD -p tcp -d $ZABBIX --dport 3032 -j ACCEPT ##SSH PARA O BACKUP iptables -A INPUT -p tcp --dport 3042 --syn -j LOG --log-prefix "[ACESSO SSH BACKUP]" iptables -t nat -I PREROUTING -p tcp -d $FIREWALL --dport 3042 -j DNAT --to $BACKUP:3042 iptables -A FORWARD -p tcp -d $BACKUP --dport 3042 -j ACCEPT ##SSH PARA O NTP iptables -A INPUT -p tcp --dport 3052 --syn -j LOG --log-prefix "[ACESSO SSH NTP]" iptables -t nat -I PREROUTING -p tcp -d $FIREWALL --dport 3052 -j DNAT --to $NTP:3052 iptables -A FORWARD -p tcp -d $NTP --dport 3052 -j ACCEPT
}
function stop(){ iptables -F iptables -X }
case $1 in "start" | "init") echo "Iniciando firewall" start ;; "stop" | "break") echo "Parando firewall" stop ;; "restart") stop start ;; "status") iptables -nL ;; *) echo "Opção inválida" ;; esac
!/bin/bash
ENDERECO IP DA INTERFACE EXTERNA DO FIREWALL
FIREWALL=$(ip addr show | grep global | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]).){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])' | sed -n '1p') SAMBA="172.16.4.5" NTP="172.16.4.8" BACKUP="172.16.4.7" ZABBIX="172.16.4.6"
function start() {
HABILITANDO O ENCAMINHAMENTO DE PACOTES NO KERNEL
}
function stop(){ iptables -F iptables -X }
case $1 in "start" | "init") echo "Iniciando firewall" start ;; "stop" | "break") echo "Parando firewall" stop ;; "restart") stop start ;; "status") iptables -nL ;; *) echo "Opção inválida" ;; esac