Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # !/bin/bash
- ###################
- ##### Funcoes #####
- ###################
- Configuracoes()
- {
- # Analisar
- clear
- echo ""
- echo -e "\033[01;36m --------------- DATA --------------- \033[01;37m"
- echo -e "\033[01;31m * Num: $(date +%d) \033[01;37m"
- echo -e "\033[01;32m * Dia: $(date +%a) \033[01;37m"
- echo -e "\033[01;33m * Mes: $(date +%b) \033[01;37m"
- echo -e "\033[01;34m * Ano: $(date +%Y) \033[01;37m"
- echo -e "\033[01;36m ------------------------------------ \033[01;37m"
- echo ""
- # Rede
- ip=172.16.1.150
- ip_rede=172.16.1.150/24
- # Portas & Outros
- interface=enp0s3
- portas_altas=1024:65535
- porta_redirecionada=2200
- }
- Ativar()
- {
- # Apresentacao
- clear
- echo ""
- echo -e "\033[01;37m ----------------------------- \033[01;37m"
- echo -e "\033[01;36m * Firewall Ativado \033[01;37m"
- echo -e "\033[01;36m * Politicas padroes [DROP] \033[01;37m"
- echo -e "\033[01;37m ----------------------------- \033[01;37m"
- echo ""
- # Mensagem [Ativando Firewall (limpando regras)]
- echo -e "\n\033[01;35m - Apagando regras existentes \033[01;37m"
- iptables -t filter -P INPUT DROP
- iptables -t filter -P OUTPUT DROP
- iptables -t filter -P FORWARD DROP
- iptables -t filter -F
- iptables -t nat -F
- # Mensagem: Interface de rede [enp0s3]
- echo -e "\033[01;34m - Internet Compartilhada em interface enp0s3... \033[01;37m"
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -o $interface -j MASQUERADE
- # Mensagem [redirecionamento de portas]
- echo -e "\033[01;33m - Redirecionamento da porta 22 ativa... \033[01;37m"
- iptables -t nat -A PREROUTING -d $ip -p TCP --dport $porta_redirecionada -j DNAT --to $ip:22
- # Mensagem [loopback]
- echo -e "\033[01;32m - Permitir LoopBack \033[01;37m"
- iptables -t filter -A INPUT -i lo -j ACCEPT
- iptables -t filter -A OUTPUT -o lo -j ACCEPT
- # Mensagem [StateFull]
- echo -e "\033[01;31m - Regras StateFull Genericas ativada \033[01;37m"
- iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- echo -e "\n\033[01;37m *** Cliente \033[01;37m"
- echo -e "\033[01;36m - Permitir DNS [cliente] \033[01;37m"
- iptables -t filter -A OUTPUT -p UDP --sport $portas_altas --dport 53 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Permitir HTTP [cliente] \033[01;37m"
- iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 80 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Permitir HTTPS [cliente] \033[01;37m"
- iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 443 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Permitir SSH [cliente] \033[01;37m"
- iptables -t filter -A OUTPUT -p TCP --sport $portas_altas --dport 22 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Bloquear SSH de redes diferentes da LAN \033[01;37m"
- iptables -t filter -A INPUT -p TCP ! -s $ip_rede --dport 22 -m state --state NEW -j ACCEPT
- echo -e "\n\033[01;37m *** Servidor \033[01;37m"
- echo -e "\033[01;36m - Permitir SSH [servidor] \033[01;37m"
- iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 22 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Permitir FTP [servidor] \033[01;37m"
- iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 21 -m state --state NEW -j ACCEPT
- echo -e "\033[01;36m - Permitir MYSQL [servidor] \033[01;37m"
- iptables -t filter -A INPUT -p TCP --sport $portas_altas --dport 3306 -m state --state NEW -j ACCEPT
- }
- Desativar()
- {
- # Tabela
- iptables -t filter -P INPUT ACCEPT
- iptables -t filter -P OUTPUT ACCEPT
- iptables -t filter -P FORWARD ACCEPT
- # Tabela: Filter e Nat
- iptables -t filter -F
- iptables -t filter -X
- iptables -t nat -F
- iptables -t nat -X
- echo -e "\n\033[01;36m - Firewall desativado \033[01;37m"
- echo ""
- }
- Reiniciar()
- {
- $0 stop
- $0 start
- }
- Regras()
- {
- echo "
- # Tabela Filter
- --------------------------------------------------------------------------------
- $(iptables -t filter -nL)
- # Tabela Nat
- --------------------------------------------------------------------------------
- $(iptables -t nat -nL )
- # Tabela Mangle
- --------------------------------------------------------------------------------
- $(iptables -t mangle -nL)" > table.txt
- cat table.txt | less
- rm -rf table.txt
- }
- Aviso()
- {
- # Comando: Erro de comando
- echo -e "\033[01;35m - Erro $0 (start | stop | restart | table) \033[01;37m"
- }
- ####################
- ##### PROGRAMA #####
- ####################
- # Configuracoes de rede
- Configuracoes
- # Estrutura em escolha
- case $1 in
- start)
- Ativar;;
- stop)
- Desativar;;
- table)
- Regras;;
- restart)
- Reiniciar;;
- *)
- Aviso;;
- esac
- echo ""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement