1. #### SCRIPT DE REGRAS - FIREWALL ####
#!/bin/bash
##
## CARREGANDO MODULOS
#/sbin/depmod -a
modprobe iptable_nat
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe iptable_filter
modprobe ipt_LOG
modprobe ipt_limit
modprobe ipt_state
modprobe ip_nat_ftp
###APAGANDO TODAS AS REGRAS ###
/sbin/iptables -F
/sbin/iptables -t nat -F
### APLICANDO POLITICAS PADRAO ###
#
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
### Inicio das Regras ####
#
### INICIO DAS REGRAS DA CADEIA INPUT ####
#
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -s 172.16.50.0/24 -p tcp --dport 3128 -j ACCEPT
#/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
#/sbin/iptables -A INPUT -p TCP --dport 22 -j ACCEPT
#/sbin/iptables -A INPUT -p TCP --dport 80 -j ACCEPT
#
#/sbin/iptables -A INPUT -s 172.16.50.0/24 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -j LOG --log-prefix "INPUT-DROP"
#
#INICIO DAS REGRAS DA CADEIA OUTPUT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -s 172.16.49.100 -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -j LOG --log-prefix "OUTPUT-DROP"
#
### INICIO DAS REGRAS DA CADEIA FORWARD ####
#
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p icmp -j ACCEPT
#/sbin/iptables -A FORWARD -s 10.0.0.2 -d 172.16.50.0/24 -j ACCEPT
#
#/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
#/sbin/iptables -A FORWARD -p tcp -d 172.16.49.165 --syn --dport 80 -j ACCEPT
#/sbin/iptables -A FORWARD -p tcp -d 172.16.50.10 --syn --dport 80 -j ACCEPT

2. #/sbin/iptables -A FORWARD -i eth1 -o eth0 -p tcp -d 172.16.49.165 --syn --dport
80 -j ACCEPT
#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 172.16.49.101 --syn --dport
22 -j ACCEPT
#/sbin/iptables -A FORWARD -p tcp -d 172.16.49.101 --dport 3389 -j ACCEPT
#/sbin/iptables -A FORWARD -p tcp -d 172.16.50.30 --dport 3389 -j ACCEPT
#
#/sbin/iptables -A FORWARD -i eth1 -o eth0 -s 172.16.50.0/24 -p tcp --match
multiport --dports 21,80,443 -j ACCEPT
#/sbin/iptables -A FORWARD -i eth1 -o eth0 -p udp --dport 53 -j ACCEPT
### LOG FORWARD #####
/sbin/iptables -A FORWARD -j LOG --log-prefix "FORWARD-DROP"
#
#
#
#
#
#
#
#
############################# Regras de NAT ENTRADA
#
#
#iptables --list PREROUTING -t nat
#
#/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 172.16.49.101 --dport 80 -j
DNAT --to 172.16.50.10:80
#/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.16.49.101 --dport 3389 -j
DNAT --to-destination 172.16.50.30
#/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.16.49.101 -j DNAT --to-
destination 172.16.50.30
#
############################# Regra de NAT - SAIDA/MASCARAMENTO -
SAIDA
#
#
#/sbin/iptables -t nat -A POSTROUTING -s 172.16.50.10 -j SNAT --to-source
172.16.49.101
#/sbin/iptables -t nat -A POSTROUTING -s 172.16.50.0/24 -o eth0 -j SNAT --to-
source 172.16.49.100
#
#
#
#nat dinamico
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to
200.200.217.40-200.200.217.111
/sbin/iptables -t nat -A POSTROUTING -s 172.16.50.0/24 -j MASQUERADE
#
### FIM DAS REGRAS - FIREWALL ###
#/sbin/iptables -A INPUT -s 10.204.144.0/20 -p udp --sport 520 -j ACCEPT

3. #/sbin/iptables -A INPUT -p udp --sport 123 -j ACCEPT
#/sbin/iptables -A INPUT -p icmp -s 172.16.49.144 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -s 172.16.49.144 --dport 80 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -i $INT -s 200.244.230.216 --dport 22 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -i $INT -s 200.244.230.107 --dport 22 -j ACCEPT
#/sbin/iptables -A INPUT -p udp -i $INT -s 200.244.193.176 --sport 53 -j ACCEPT
#
#/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 172.16.50.2 --syn --dport 22 -
m state --state NEW -j ACCEPT