# Variáveis
# -------------------------------------------------------
IF_EXTERNA=eth0
IF_INTERNA=eth1
IF_WIFI=eth2
# Carregar modulos
# -------------------------------------------------------
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_CLASSIFY
echo "Carregar modulos ..................... [ OK ]"
# Flush (limpeza)
# -------------------------------------------------------
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t filter
iptables -X -t filter
iptables -F -t mangle
iptables -X -t mangle
echo "Apagar as regras todas ............... [ OK ]"
# Proteção contra IP spoofing
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "Protecção contra IP spoofing ......... [ OK ]"
# Enable TCP SYN cookie protection from SYN floods
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "Protecção contra SYN Floods .......... [ OK ]"
# Log packets with impossible source addresses
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
echo "LOGar pacotes com end. impossiveis ... [ OK ]"
# Drop all incoming ping requests
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "DROP todos os pings vindos de fora ... [ OK ]"
echo " "
echo "TABELA DE FILTROS .................... [ LOADING ]"
echo " "
# Aceita os pacotes que realmente devem entrar
# -------------------------------------------------------
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A OUTPUT -o eth1 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A INPUT -i eth2 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A OUTPUT -o eth2 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
echo " "
echo "TABELA NAT ........................... [ LOADING ]"
echo " "
# turn on NAT (IP masquerading for outgoing packets)
# -------------------------------------------------------
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
echo "LIGAR NAT ............................ [ OK ]"
# enable IP forwarding (of incoming packets)
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "LIGAR IP FORWARDING .................. [ OK ]"