[Ubuntu-BR] Firewall Ubuntu 10.04
Wilson Bom
wilson_bom em yahoo.com.br
Terça Março 20 14:58:13 UTC 2012
Bom dia Jeferson,
sim, ja fiz um teste colocando em /etc/init.d
Me parece que esta funcionando legal, mas não sei fazer testes de
ataques para verificar a funcionalidade.
[]s
> Bom dia Wilson,
>
> Você vai colocar no /etc/init.d/ o script?
>
> Abraços
>
> Em 20 de março de 2012 11:18, Wilson Bom<wilson_bom em yahoo.com.br> escreveu:
>
>> Bom dia Pessoal,
>>
>> Estou tentando instalar firewall e gostaria da opinião dos senhores a
>> respeito do script abaixo.
>>
>> ------------------------------**--------
>>
>>
>> #! /bin/bash
>>
>> case "$1" in
>> start)
>>
>> ###############
>> # TITULO ABRE #
>> ###############
>> echo "Iniciando a Configuração do Firewall"
>>
>> ########################
>> # Zera todas as Regras #
>> ########################
>> echo "Regras Zeradas"
>> iptables -F
>>
>> ##############################**##########
>> # Bloqueia tudo, nada entra e nada sai #
>> ##############################**##########
>> echo "Fechando tudo"
>> iptables -P INPUT DROP
>> iptables -P FORWARD DROP
>> iptables -P OUTPUT DROP
>>
>> ##############################**##############################**
>> ################
>> # Impede ataques DoS a maquina limitando a quantidade de respostas do
>> ping #
>> ##############################**##############################**
>> ################
>> #echo "Previne ataques DoS"
>> # iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit
>> 1/s -j ACCEPT
>>
>> ##############################**###
>> # Bloqieia completamente o ping #
>> ##############################**###
>> echo "Bloqueia o pings"
>> iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
>>
>> ##########################
>> # Politicas de segurança #
>> ##########################
>> echo "Implementação de politicas de segurança"
>> echo 0> /proc/sys/net/ipv4/conf/all/**accept_source_route # Impede
>> falsear pacote
>> echo 0> /proc/sys/net/ipv4/conf/all/**accept_redirects # Perigo de
>> descobrimento de rotas de roteamento (desativar em roteador)
>> echo 1> /proc/sys/net/ipv4/icmp_echo_**ignore_broadcasts # Risco de
>> DoS
>> echo 1> /proc/sys/net/ipv4/tcp_**syncookies # Só inicia a conexão
>> quando recebe a confirmação, diminuindo a banda gasta
>> echo 1> /proc/sys/net/ipv4/conf/**default/rp_filter # Faz o
>> firewall responder apenas a placa de rede que recebeu o pacote
>> iptables -A INPUT -m state --state INVALID -j DROP # Elimina os
>> pacotes invalidos
>>
>> ##############################**###
>> # Libera conexoes estabelecidas #
>> ##############################**###
>> echo "Liberando conexões estabelecidas"
>> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> iptables -A FORWARD -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
>> iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
>> iptables -A INPUT -i lo -j ACCEPT
>>
>> ##############################**##############################**
>> ###########################
>> # Libera o acesso via SSH e Limita o número de tentativas de acesso a 4
>> a cada minuto #
>> ##############################**##############################**
>> ###########################
>> echo "Liberando o SSH"
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
>> recent --update --seconds 60 --hitcount 4 -j DROP
>> iptables -A INPUT -p tcp --dport 22 -j ACCEPT
>> iptables -A INPUT -p udp --dport 22 -j ACCEPT
>>
>> ##################
>> # Libera o Samba #
>> ##################
>> echo "Liberando o Samba"
>> iptables -A INPUT -p tcp --dport 137:139 -j ACCEPT
>> iptables -A INPUT -p udp --dport 137:139 -j ACCEPT
>>
>> ###################
>> # Libera o Apache #
>> ###################
>> echo "Liberando o Apache"
>> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>>
>> ################
>> # TITULO FECHA #
>> ################
>> echo "Configuração do Firewall Concluida."
>>
>> ;;
>>
>> stop)
>> echo "Finalizando o Firewall"
>> rm -rf /var/lock/subsys/firewall
>>
>> # ------------------------------**------------------------------**
>> -----
>> # Remove todas as regras existentes
>> # ------------------------------**------------------------------**
>> -----
>> iptables -F
>> iptables -X
>> iptables -t mangle -F
>> # ------------------------------**------------------------------**
>> -----
>> # Reseta as politicas padrões, aceitar tudo
>> # ------------------------------**------------------------------**
>> -----
>> iptables -P INPUT ACCEPT
>> iptables -P OUTPUT ACCEPT
>> iptables -P FORWARD ACCEPT
>>
>> ;;
>>
>> restart|reload)
>> $0 stop
>> $0 start
>> ;;
>>
>> *)
>> echo "Selecione uma opção valida {start|stop|status|restart|**reload}"
>> exit 1
>>
>> esac
>>
>> exit 0
>>
>>
>> --
>>
>> Wilson Bom
>>
>>
>> Serprodata Informática Ltda.
>> Av. Marcelino Pires, 1405 - Sala 216
>> 79800-004 - Dourados - MS
>> (067) 3421-3343 - 8407-4808 - 8407-8808
>>
>> Messenger: serprodata em hotmail.com
>>
>> E-mail...: serprodata em hotmail.com
>> wilson_bom em hotmail.com
>> wilson_bom em yahoo.com.br
>> wilson.bom em gmail.com
>>
>>
>>
>> Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
>> Linux Counter: 292553
>> Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
>>
>>
>>
>>
>>
>> --
>> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/**comece<http://www.ubuntu-br.org/comece>
>>
>> Lista de discussão Ubuntu Brasil
>> Histórico, descadastramento e outras opções:
>> https://lists.ubuntu.com/**mailman/listinfo/ubuntu-br<https://lists.ubuntu.com/mailman/listinfo/ubuntu-br>
>>
--
Wilson Bom
Serprodata Informática Ltda.
Av. Marcelino Pires, 1405 - Sala 216
79800-004 - Dourados - MS
(067) 3421-3343 - 8407-4808 - 8407-8808
Messenger: serprodata em hotmail.com
E-mail...: serprodata em hotmail.com
wilson_bom em hotmail.com
wilson_bom em yahoo.com.br
wilson.bom em gmail.com
Ubuntu Lucid Lynx 10.04 - 2.6.32-25 #44
Linux Counter: 292553
Dataflex 3.2 Linux - Dataflex 3.2 MS-Dos
More information about the ubuntu-br
mailing list