Coloquei a regra conforme abaixo e estou recebendo as mensagens de erro logo a seguir.
#### Regras para liberar o programa SPI ### inicio... $IPT -t filter -I FORWARD -d 177.135.260.61 -p tcp -m multiport --dport 3051,5836,5837,725 -j ACCEPT $IPT -t filter -I FORWARD -d 177.135.260.61 -p udp -m multiport --dport 3051,5836,5837,725 -j ACCEPT #### Regras para liberar o programa SPI ### final...
[root@proxy ~]# /etc/rc.d/init.d/firewall.sh INICIANDO FIREWALL ...................[OK] LIMPANDO AS REGRAS ...................[OK] APLICADO REGRAS PADRÕES ..............[OK] APLICANDO REGRAS MANUAIS .............[OK] iptables v1.4.7: host/network `177.135.260.61' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.4.7: host/network `177.135.260.61' not found Try `iptables -h' or 'iptables --help' for more information. FIREWALL INICIADO ....................[OK]
Coloquei as linhas de regras antes das linhas descritas abaixo.
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD" $IPT -t filter -A FORWARD -j DROP
De: centos-pt-br-request@centos.org Para: centos-pt-br@centos.org Enviadas: Quarta-feira, 7 de setembro de 2016 9:00:02 Assunto: Digest CentOS-pt-br, volume 114, assunto 2
Enviar submissões para a lista de discussão CentOS-pt-br para centos-pt-br@centos.org
Para se cadastrar ou descadastrar via WWW, visite o endereço https://lists.centos.org/mailman/listinfo/centos-pt-br ou, via email, envie uma mensagem com a palavra 'help' no assunto ou corpo da mensagem para centos-pt-br-request@centos.org
Você poderá entrar em contato com a pessoa que gerencia a lista pelo endereço centos-pt-br-owner@centos.org
Quando responder, por favor edite sua linha Assunto assim ela será mais específica que "Re: Contents of CentOS-pt-br digest..."
Tópicos de Hoje:
1. Iptables! (Glenio Cortes Himmen) 2. Assunto: Iptables! (Adroaldo Cavalheiro) 3. Re: Iptables! (João Paulo Ferreira)
----------------------------------------------------------------------
Message: 1 Date: Tue, 6 Sep 2016 14:03:25 -0300 (BRT) From: Glenio Cortes Himmen glenio.11622x@aparecida.go.gov.br To: CentOS-pt-br@centos.org Subject: [CentOS-pt-br] Iptables! Message-ID: 1251459852.311112.1473181405819.JavaMail.zimbra@aparecida.go.gov.br Content-Type: text/plain; charset="utf-8"
Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
177.135.260.61:3051 177.135.250.61:5836 177.135.250.61:5837 177.135.250.61:725
As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
Abaixo o script firewall.sh que utilizo.
#!/bin/bash #___________.__________________________ __ _____ .____ .____ #_ _____/| ______ _ _____/ \ / / _ \ | | | | # | __) | || _/| __)_\ // / /_\ | | | | # | \ | || | | \ / | \ |___| |___ # ___ / |___||____|_ /_______ / __/\ /____|__ /_______ _______ \ # / / / / / / / ##################################################################### # VARIAVEIS ##################################################################### # -d ip de destino - rede destino - ip da rede 192.168.2.1 192.168.0.0/24 # -s ip de origem - rede de origem - ip da internet # --sport NUMERO porta origem # --dport NUMERO porta destino # -j ACAO LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options --log-level info" IPT="/sbin/iptables" ### INTERFACE DA REDE EXTERNA INTERNET IF_EXT="eth0"
### INTERFACE DA REDE INTERNA LAN IF_INT="eth1"
### REDE INTERNA REDE_INTERNA="172.16.0.0/26"
### PORTAS LIBERADAS TCP INPUT PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
### PORTAS LIBERADAS UDP INPUT PORTAS_UDP="53 161 3128"
### Portas liberadas de fora internet para a rede interna PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
# ======== FORWARD LIBERADO PARA IP EXTERNO IP_FORWARD_EXTERNO=" 189.2.188.173 187.5.111.45 " ### FORWARD LIBERADO PARA IP DA REDE INTERNA ### Informar os IP's da rede interna que poderão passar sem configurar o proxy IP_FORWARD_INTERNO=" 172.16.0.3 172.16.0.7 172.16.0.25 172.16.0.11 172.16.0.50 172.16.0.47 172.16.0.38 172.16.0.61 172.16.0.24 172.16.0.10 172.16.0.9 172.16.0.49 172.16.0.18 172.16.0.15 172.16.0.36 172.16.0.51 172.16.0.39 172.16.0.45 172.16.0.29 172.16.0.36 " echo "INICIANDO FIREWALL ...................[OK]" ##################################################################### # MODULOS ##################################################################### /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe iptable_nat /sbin/modprobe ipt_tos /sbin/modprobe ipt_MASQUERADE
echo "LIMPANDO AS REGRAS ...................[OK]" ### APAGANDO REGRAS PADRAO $IPT -F $IPT -t nat -F $IPT -t mangle -F
### APAGANDO CHAINS $IPT -X $IPT -t nat -X $IPT -t mangle -X
### ZERANDO CONTADORES $IPT -Z $IPT -t nat -Z $IPT -t mangle -Z
echo "APLICADO REGRAS PADRÕES ..............[OK]" ###################################################################### # REGRAS PADROES ###################################################################### $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT ACCEPT
### HABILITANDO ROTEAMENTO NO KERNEL echo "1" > /proc/sys/net/ipv4/ip_forward
###################################################################### # REGRAS DE NAT ###################################################################### ### COMPARTILHAR INTERNET
#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE $IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
#Redirecionar 443 para 3128 #$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
### PROXY TRANSPARENTE #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to 10.1.1.1:3128 #$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128
### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination 10.1.1.54:3389 #$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT
echo "APLICANDO REGRAS MANUAIS .............[OK]" ##################################################################### # REGRAS INPUT ##################################################################### $IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT $IPT -t filter -A INPUT -p icmp -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
for i in $PORTAS_REDE_INTERNA; do $IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT done
for i in $PORTAS_UDP; do $IPT -A INPUT -p udp --dport $i -j ACCEPT done
$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT" $IPT -t filter -A INPUT -j DROP
##################################################################### # REGRAS DE FORWARD ##################################################################### ### PORTAS FORWARD for i in $PORTAS_FORWARD; do $IPT -A FORWARD -p tcp --dport $i -j ACCEPT done
### FORWARD EXTERNA INTERNET for i in $IP_FORWARD_EXTERNO; do $IPT -A FORWARD -d $i -j ACCEPT done
### FORWARD INTERNO INTERNT for i in $IP_FORWARD_INTERNO; do $IPT -A FORWARD -s $i -j ACCEPT done ###
for i in $PORTAS_UDP; do $IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT done
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD" $IPT -t filter -A FORWARD -j DROP
echo "FIREWALL INICIADO ....................[OK]"
Gostaria da ajuda para saber o comando e onde colocar. -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/5ed31ef2/attachment-0001.html
------------------------------
Message: 2 Date: Tue, 6 Sep 2016 22:33:01 +0000 (UTC) From: Adroaldo Cavalheiro adroaldo_goncalves@yahoo.com.br To: "Portuguese (Brazilian) CentOS mailing list" centos-pt-br@centos.org Subject: [CentOS-pt-br] Assunto: Iptables! Message-ID: 700822086.704018.1473201181100@mail.yahoo.com Content-Type: text/plain; charset="utf-8"
Tenta isso. iptables -A FORWARD -p tcp --dport 3051 -d 177.135.260.61 -j ACCEPTFaz o mesmo com as outras portas, é só repetir a regra. Tirei deste Post no Vivaolinux.
Enviado do Yahoo Mail no Android
Em 14:03 ter, 6 de set de PM, Glenio Cortes Himmenglenio.11622x@aparecida.go.gov.br escreveu: Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
177.135.260.61:3051 177.135.250.61:5836 177.135.250.61:5837 177.135.250.61:725 As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
Abaixo o script firewall.sh que utilizo.
#!/bin/bash #___________.__________________________ __ _____ .____ .____ #_ _____/| ______ _ _____/ \ / / _ \ | | | | # | __) | || _/| __)_\ // / /_\ | | | | # | \ | || | | \ / | \ |___| |___ # ___ / |___||____|_ /_______ / __/\ /____|__ /_______ _______ \ # / / / / / / / ##################################################################### # VARIAVEIS ##################################################################### # -d ip de destino - rede destino - ip da rede 192.168.2.1 192.168.0.0/24 # -s ip de origem - rede de origem - ip da internet # --sport NUMERO porta origem # --dport NUMERO porta destino # -j ACAO LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options --log-level info" IPT="/sbin/iptables" ### INTERFACE DA REDE EXTERNA INTERNET IF_EXT="eth0"
### INTERFACE DA REDE INTERNA LAN IF_INT="eth1"
### REDE INTERNA REDE_INTERNA="172.16.0.0/26"
### PORTAS LIBERADAS TCP INPUT PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
### PORTAS LIBERADAS UDP INPUT PORTAS_UDP="53 161 3128"
### Portas liberadas de fora internet para a rede interna PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
# ======== FORWARD LIBERADO PARA IP EXTERNO IP_FORWARD_EXTERNO=" 189.2.188.173 187.5.111.45 " ### FORWARD LIBERADO PARA IP DA REDE INTERNA ### Informar os IP's da rede interna que poderão passar sem configurar o proxy IP_FORWARD_INTERNO=" 172.16.0.3 172.16.0.7 172.16.0.25 172.16.0.11 172.16.0.50 172.16.0.47 172.16.0.38 172.16.0.61 172.16.0.24 172.16.0.10 172.16.0.9 172.16.0.49 172.16.0.18 172.16.0.15 172.16.0.36 172.16.0.51 172.16.0.39 172.16.0.45 172.16.0.29 172.16.0.36 " echo "INICIANDO FIREWALL ...................[OK]" ##################################################################### # MODULOS ##################################################################### /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe iptable_nat /sbin/modprobe ipt_tos /sbin/modprobe ipt_MASQUERADE
echo "LIMPANDO AS REGRAS ...................[OK]" ### APAGANDO REGRAS PADRAO $IPT -F $IPT -t nat -F $IPT -t mangle -F
### APAGANDO CHAINS $IPT -X $IPT -t nat -X $IPT -t mangle -X
### ZERANDO CONTADORES $IPT -Z $IPT -t nat -Z $IPT -t mangle -Z
echo "APLICADO REGRAS PADRÕES ..............[OK]" ###################################################################### # REGRAS PADROES ###################################################################### $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT ACCEPT
### HABILITANDO ROTEAMENTO NO KERNEL echo "1" > /proc/sys/net/ipv4/ip_forward
###################################################################### # REGRAS DE NAT ###################################################################### ### COMPARTILHAR INTERNET
#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE $IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
#Redirecionar 443 para 3128 #$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
### PROXY TRANSPARENTE #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to 10.1.1.1:3128 #$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128
### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination 10.1.1.54:3389 #$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT
echo "APLICANDO REGRAS MANUAIS .............[OK]" ##################################################################### # REGRAS INPUT ##################################################################### $IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT $IPT -t filter -A INPUT -p icmp -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
for i in $PORTAS_REDE_INTERNA; do $IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT done
for i in $PORTAS_UDP; do $IPT -A INPUT -p udp --dport $i -j ACCEPT done
$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT" $IPT -t filter -A INPUT -j DROP
##################################################################### # REGRAS DE FORWARD ##################################################################### ### PORTAS FORWARD for i in $PORTAS_FORWARD; do $IPT -A FORWARD -p tcp --dport $i -j ACCEPT done
### FORWARD EXTERNA INTERNET for i in $IP_FORWARD_EXTERNO; do $IPT -A FORWARD -d $i -j ACCEPT done
### FORWARD INTERNO INTERNT for i in $IP_FORWARD_INTERNO; do $IPT -A FORWARD -s $i -j ACCEPT done ###
for i in $PORTAS_UDP; do $IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT done
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD" $IPT -t filter -A FORWARD -j DROP
echo "FIREWALL INICIADO ....................[OK]"
Gostaria da ajuda para saber o comando e onde colocar.
-------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/a8d6e24a/attachment-0001.html
------------------------------
Message: 3 Date: Tue, 6 Sep 2016 23:51:26 -0300 From: João Paulo Ferreira jferreira.ba@gmail.com To: "Portuguese (Brazilian) CentOS mailing list" centos-pt-br@centos.org Subject: Re: [CentOS-pt-br] Iptables! Message-ID: CA+fqMVCoKcY0Ej+fz5py6wSuGcnghdU2AXdJ2GRihpW+OfDqYA@mail.gmail.com Content-Type: text/plain; charset="utf-8"
iptables -t filter -I FORWARD -d 177.135.260.61 -p tcp -m multiport --dport 3051,5836,5837,725 -j ACCEPT iptables -t filter -I FORWARD -d 177.135.260.61 -p udp -m multiport --dport 3051,5836,5837,725 -j ACCEPT
Como você não informou o protocolo da camada de transporte estou colocando a regra para UDP e TCP.
Atenciosamente,
*João Paulo Ferreira* *B.S. Ciência da Computação* - UNIVERSIDADE SALVADOR *Esp. Redes de Computadores e Telecomunicações* - UNIVERSIDADE SALVADOR *Novell Certified Linux Administrator* - NOVELL *Certified Linux Professional Institute *- LPI *CompTIA Linux+* - COMPTIA *Mikrotik Certified Network Associate* - MIKROTIK Cel.: +55 (71) 9918-1235 VIVO Cel.: +55 (71) 8837-7080 OI Skype.: joaopaulo.cf G-Talk/Mail: jferreira.ba@gmail.com
Em 6 de setembro de 2016 14:03, Glenio Cortes Himmen < glenio.11622x@aparecida.go.gov.br> escreveu:
Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
177.135.260.61:3051 177.135.250.61:5836 177.135.250.61:5837 177.135.250.61:725
As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
Abaixo o script firewall.sh que utilizo.
#!/bin/bash #___________.__________________________ __ _____ .____ .____ #_ _____/| ______ _ _____/ \ / / _ \ | | | | # | __) | || _/| __)_\ // / /_\ | | | | # | \ | || | | \ / | \ |___| |___ # ___ / |___||____|_ /_______ / __/\ /____|__ /_______ _______ \ # / / / / / / / ##################################################################### # VARIAVEIS ##################################################################### # -d ip de destino - rede destino - ip da rede 192.168.2.1 192.168.0.0/24 # -s ip de origem - rede de origem - ip da internet # --sport NUMERO porta origem # --dport NUMERO porta destino # -j ACAO LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options --log-level info" IPT="/sbin/iptables" ### INTERFACE DA REDE EXTERNA INTERNET IF_EXT="eth0"
### INTERFACE DA REDE INTERNA LAN IF_INT="eth1"
### REDE INTERNA REDE_INTERNA="172.16.0.0/26"
### PORTAS LIBERADAS TCP INPUT PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
### PORTAS LIBERADAS UDP INPUT PORTAS_UDP="53 161 3128"
### Portas liberadas de fora internet para a rede interna PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
# ======== FORWARD LIBERADO PARA IP EXTERNO IP_FORWARD_EXTERNO=" 189.2.188.173 187.5.111.45 " ### FORWARD LIBERADO PARA IP DA REDE INTERNA ### Informar os IP's da rede interna que poderão passar sem configurar o proxy IP_FORWARD_INTERNO=" 172.16.0.3 172.16.0.7 172.16.0.25 172.16.0.11 172.16.0.50 172.16.0.47 172.16.0.38 172.16.0.61 172.16.0.24 172.16.0.10 172.16.0.9 172.16.0.49 172.16.0.18 172.16.0.15 172.16.0.36 172.16.0.51 172.16.0.39 172.16.0.45 172.16.0.29 172.16.0.36 " echo "INICIANDO FIREWALL ...................[OK]" ##################################################################### # MODULOS ##################################################################### /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe iptable_nat /sbin/modprobe ipt_tos /sbin/modprobe ipt_MASQUERADE
echo "LIMPANDO AS REGRAS ...................[OK]" ### APAGANDO REGRAS PADRAO $IPT -F $IPT -t nat -F $IPT -t mangle -F
### APAGANDO CHAINS $IPT -X $IPT -t nat -X $IPT -t mangle -X
### ZERANDO CONTADORES $IPT -Z $IPT -t nat -Z $IPT -t mangle -Z
echo "APLICADO REGRAS PADRÕES ..............[OK]" ###################################################################### # REGRAS PADROES ###################################################################### $IPT -P INPUT DROP $IPT -P FORWARD DROP $IPT -P OUTPUT ACCEPT
### HABILITANDO ROTEAMENTO NO KERNEL echo "1" > /proc/sys/net/ipv4/ip_forward
###################################################################### # REGRAS DE NAT ###################################################################### ### COMPARTILHAR INTERNET
#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE $IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
#Redirecionar 443 para 3128 #$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
### PROXY TRANSPARENTE #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to 10.1.1.1:3128 #$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128
### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination 10.1.1.54:3389 #$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT
echo "APLICANDO REGRAS MANUAIS .............[OK]" ##################################################################### # REGRAS INPUT ##################################################################### $IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT $IPT -t filter -A INPUT -p icmp -j ACCEPT $IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
for i in $PORTAS_REDE_INTERNA; do $IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT done
for i in $PORTAS_UDP; do $IPT -A INPUT -p udp --dport $i -j ACCEPT done
$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT" $IPT -t filter -A INPUT -j DROP
##################################################################### # REGRAS DE FORWARD ##################################################################### ### PORTAS FORWARD for i in $PORTAS_FORWARD; do $IPT -A FORWARD -p tcp --dport $i -j ACCEPT done
### FORWARD EXTERNA INTERNET for i in $IP_FORWARD_EXTERNO; do $IPT -A FORWARD -d $i -j ACCEPT done
### FORWARD INTERNO INTERNT for i in $IP_FORWARD_INTERNO; do $IPT -A FORWARD -s $i -j ACCEPT done ###
for i in $PORTAS_UDP; do $IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT done
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT $IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD" $IPT -t filter -A FORWARD -j DROP
echo "FIREWALL INICIADO ....................[OK]"
Gostaria da ajuda para saber o comando e onde colocar.
CentOS-pt-br mailing list CentOS-pt-br@centos.org https://lists.centos.org/mailman/listinfo/centos-pt-br
-------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/7ba77985/attachment-0001.html
------------------------------
_______________________________________________ CentOS-pt-br mailing list CentOS-pt-br@centos.org https://lists.centos.org/mailman/listinfo/centos-pt-br
Fim da Digest CentOS-pt-br, volume 114, assunto 2 *************************************************
discuss-pt-br@lists.centos.org
-
Glenio Cortes Himmen