Iptables Básico <ul><li>Eden Caldas </li></ul>
Tabelas <ul><li>FILTER
Tabela padrão, regras de entrada, saída.
NAT
Regras de SNAT, DNAT, MASQUERADE
MANGLE
QOS </li></ul>
FILTER <ul><li>INPUT
Regras para pacotes que entram no firewall.
Upcoming SlideShare
Loading in …5
×

Iptables básico

3,210 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,210
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
105
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Iptables básico

  1. 1. Iptables Básico <ul><li>Eden Caldas </li></ul>
  2. 2. Tabelas <ul><li>FILTER
  3. 3. Tabela padrão, regras de entrada, saída.
  4. 4. NAT
  5. 5. Regras de SNAT, DNAT, MASQUERADE
  6. 6. MANGLE
  7. 7. QOS </li></ul>
  8. 8. FILTER <ul><li>INPUT
  9. 9. Regras para pacotes que entram no firewall.
  10. 10. OUTPUT
  11. 11. Regras para pacotes que saem do firewall.
  12. 12. FORWARD
  13. 13. Regras para pacotes que atravessam o firewall. </li></ul>
  14. 14. NAT <ul><li>PREROUTING
  15. 15. Regras para pacotes que mudam o endereço antes de serem roteados. Ou seja, que usam DNAT.
  16. 16. POSTROUTING
  17. 17. Regras para pacotes que mudam o endereço depois da decisão de roteamento. Ou seja, SNAT. </li></ul>
  18. 18. NAT <ul>_____ _____ / / PREROUTING -->[Routing ]----------------->POSTROUTING-----> D-NAT/ [Decision] S-NAT/ | ^ | | | | | | | | | | | | --------> Local Process ------ </ul>
  19. 19. Início de um script iptables #!/bin/bash # Apagando regras anteriores iptables -F iptables -t nat -F # Política padrão iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Libera loopback - REGRA OBRIGATÓRIA iptables -A INPUT -i lo -j ACCEPT # Libera pacotes de retorno. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Habilita encaminhamento de pacotes echo &quot;1&quot; > /proc/sys/net/ipv4/ip_forward
  20. 20. Exemplos no chain INPUT <ul>iptables -A INPUT -p icmp -j DROP iptables -A INPUT -p icmp -s 10.0.0.0/8 -j DROP iptables -A INPUT -p tcp –-dport 80 -j ACCEPT iptables -A INPUT -p tcp -–dport 80 -i eth1 -j ACCEPT iptables -A INPUT -p tcp -m multiport –-dports 80,53,21,25 -s 192.168.5.3 -i eth2 -j ACCEPT </ul>
  21. 21. Exemplos no chain FORWARD <ul>iptables -A FORWARD -i eth1 -o eth0 -s 192.168.3.0/24 -j ACCEPT iptables -A FORWARD -s 192.168.3.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -o eth2 -d 172.16.3.23 -p tcp --dport 25 -j ACCEPT iptables -A FOWARD -i eth2 -s 172.16.3.23 -o eth0 -p tcp --dport 25 -j ACCEPT </ul>
  22. 22. Exemplos de nat <ul>iptables -t nat -A PREROUTING -i eth0 -d 200.200.200.201-p tcp –-dport 25 -j DNAT --to 172.16.3.24 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to 200.233.222.123 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 </ul>

×