Advertisement
LightProgrammer000

firewall [Linha de comando]

Mar 15th, 2019
381
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.81 KB | None | 0 0
  1. # !/bin/bash
  2.  
  3. ###################
  4. ##### Funcoes #####
  5. ###################
  6.  
  7. Configuracoes()
  8. {
  9.     # Analisar
  10.     clear
  11.     echo ""
  12.     echo -e "\033[01;36m --------------- DATA --------------- \033[01;37m"
  13.     echo -e "\033[01;31m * Num: $(date +%d)           \033[01;37m"
  14.     echo -e "\033[01;32m * Dia: $(date +%a)           \033[01;37m"
  15.     echo -e "\033[01;33m * Mes: $(date +%b)           \033[01;37m"
  16.     echo -e "\033[01;34m * Ano: $(date +%Y)           \033[01;37m"
  17.     echo -e "\033[01;36m ------------------------------------ \033[01;37m"
  18.     echo ""
  19.    
  20.     # Rede
  21.     ip=172.16.1.150
  22.     ip_rede=172.16.1.150/24
  23.  
  24.     # Portas & Outros
  25.     interface=enp0s3
  26.     portas_altas=1024:65535
  27.     porta_redirecionada=2200
  28. }
  29.  
  30. Ativar()
  31. {  
  32.     # Apresentacao
  33.     clear
  34.     echo ""
  35.     echo -e "\033[01;37m ----------------------------- \033[01;37m"
  36.     echo -e "\033[01;36m * Firewall Ativado            \033[01;37m"
  37.     echo -e "\033[01;36m * Politicas padroes [DROP]    \033[01;37m"
  38.     echo -e "\033[01;37m ----------------------------- \033[01;37m"
  39.     echo ""
  40.  
  41.     # Mensagem [Ativando Firewall (limpando regras)]
  42.     echo -e "\n\033[01;35m - Apagando regras existentes \033[01;37m"
  43.     iptables -t filter -P INPUT DROP
  44.     iptables -t filter -P OUTPUT DROP
  45.     iptables -t filter -P FORWARD DROP
  46.     iptables -t filter -F
  47.     iptables -t nat -F
  48.  
  49.     # Mensagem: Interface de rede [enp0s3]
  50.     echo -e "\033[01;34m - Internet Compartilhada em interface enp0s3... \033[01;37m"
  51.    
  52.     echo 1 > /proc/sys/net/ipv4/ip_forward
  53.     iptables -t nat -A POSTROUTING -o $interface -j MASQUERADE
  54.  
  55.     # Mensagem [redirecionamento de portas]
  56.     echo -e "\033[01;33m - Redirecionamento da porta 22 ativa... \033[01;37m"
  57.     iptables -t nat -A PREROUTING -d $ip -p TCP --dport $porta_redirecionada -j DNAT --to $ip:22
  58.  
  59.     # Mensagem [loopback]
  60.     echo -e "\033[01;32m - Permitir LoopBack \033[01;37m"
  61.     iptables -t filter -A INPUT -i lo -j ACCEPT
  62.     iptables -t filter -A OUTPUT -o lo -j ACCEPT
  63.    
  64.     # Mensagem [StateFull]
  65.     echo -e "\033[01;31m - Regras StateFull Genericas ativada \033[01;37m"
  66.     iptables -t filter  -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
  67.     iptables -t filter -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
  68.     iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  69.  
  70.     echo -e "\n\033[01;37m *** Cliente \033[01;37m"
  71.     echo -e "\033[01;36m - Permitir DNS [cliente] \033[01;37m"
  72.     iptables -t filter -A OUTPUT -p UDP --sport $portas_altas --dport 53 -m state --state NEW -j ACCEPT
  73.  
  74.     echo -e "\033[01;36m - Permitir HTTP [cliente] \033[01;37m"
  75.     iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 80 -m state --state NEW -j ACCEPT
  76.  
  77.     echo -e "\033[01;36m - Permitir HTTPS [cliente] \033[01;37m"
  78.     iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 443 -m state --state NEW -j ACCEPT
  79.  
  80.     echo -e "\033[01;36m - Permitir SSH [cliente] \033[01;37m"
  81.     iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 22 -m state --state NEW -j ACCEPT
  82.  
  83.     echo -e "\033[01;36m - Bloquear SSH de redes diferentes da LAN \033[01;37m"
  84.     iptables -t filter -A INPUT -p TCP ! -s $ip_rede --dport 22 -m state --state NEW -j ACCEPT
  85.    
  86.     echo -e "\n\033[01;37m *** Servidor \033[01;37m"
  87.     echo -e "\033[01;36m - Permitir SSH [servidor] \033[01;37m"
  88.     iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 22 -m state --state NEW -j ACCEPT
  89.  
  90.     echo -e "\033[01;36m - Permitir FTP [servidor] \033[01;37m"
  91.     iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 21 -m state --state NEW -j ACCEPT
  92.    
  93.     echo -e "\033[01;36m - Permitir MYSQL [servidor] \033[01;37m"
  94.     iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 3306 -m state --state NEW -j ACCEPT
  95. }
  96.  
  97. Desativar()
  98. {
  99.     # Tabela
  100.     iptables -t filter -P INPUT ACCEPT
  101.     iptables -t filter -P OUTPUT ACCEPT
  102.     iptables -t filter -P FORWARD ACCEPT
  103.  
  104.     # Tabela: Filter e Nat
  105.     iptables -t filter -F
  106.     iptables -t filter -X
  107.    
  108.     iptables -t nat -F
  109.     iptables -t nat -X
  110.    
  111.     echo -e "\n\033[01;36m - Firewall desativado \033[01;37m"
  112.     echo ""
  113. }
  114.  
  115. Reiniciar()
  116. {
  117.     $0 stop
  118.     $0 start
  119. }
  120.  
  121. Regras()
  122. {
  123.     echo "
  124.     # Tabela Filter
  125.     --------------------------------------------------------------------------------
  126.     $(iptables -t filter -nL)
  127.    
  128.     # Tabela Nat
  129.     --------------------------------------------------------------------------------
  130.     $(iptables -t nat -nL )
  131.  
  132.     # Tabela Mangle
  133.     --------------------------------------------------------------------------------
  134.     $(iptables -t mangle -nL)" > table.txt
  135.  
  136.     cat table.txt | less
  137.     rm -rf table.txt
  138. }
  139.  
  140. Aviso()
  141. {
  142.     # Comando: Erro de comando
  143.     echo -e "\033[01;35m - Erro $0 (start | stop | restart | table) \033[01;37m"
  144. }
  145.  
  146. ####################
  147. ##### PROGRAMA #####
  148. ####################
  149.  
  150. # Configuracoes de rede
  151. Configuracoes
  152.  
  153. # Estrutura em escolha
  154. case $1 in
  155.    
  156. start)
  157.     Ativar;;
  158.  
  159. stop)
  160.     Desativar;;
  161.  
  162. table)
  163.     Regras;;
  164.  
  165. restart)
  166.     Reiniciar;;
  167. *)
  168.     Aviso;;
  169. esac
  170. echo ""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement