[CentOS-pt-br] Digest CentOS-pt-br, volume 114, assunto 2
Glenio Cortes Himmen
glenio.11622x em aparecida.go.gov.br
Quinta Setembro 8 14:17:17 UTC 2016
Coloquei a regra conforme abaixo e estou recebendo as mensagens de erro logo a seguir.
#### Regras para liberar o programa SPI ### inicio...
$IPT -t filter -I FORWARD -d 177.135.260.61 -p tcp -m multiport --dport 3051,5836,5837,725 -j ACCEPT
$IPT -t filter -I FORWARD -d 177.135.260.61 -p udp -m multiport --dport 3051,5836,5837,725 -j ACCEPT
#### Regras para liberar o programa SPI ### final...
[root em proxy ~]# /etc/rc.d/init.d/firewall.sh
INICIANDO FIREWALL ...................[OK]
LIMPANDO AS REGRAS ...................[OK]
APLICADO REGRAS PADRÕES ..............[OK]
APLICANDO REGRAS MANUAIS .............[OK]
iptables v1.4.7: host/network `177.135.260.61' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.7: host/network `177.135.260.61' not found
Try `iptables -h' or 'iptables --help' for more information.
FIREWALL INICIADO ....................[OK]
Coloquei as linhas de regras antes das linhas descritas abaixo.
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD"
$IPT -t filter -A FORWARD -j DROP
De: centos-pt-br-request em centos.org
Para: centos-pt-br em centos.org
Enviadas: Quarta-feira, 7 de setembro de 2016 9:00:02
Assunto: Digest CentOS-pt-br, volume 114, assunto 2
Enviar submissões para a lista de discussão CentOS-pt-br para
centos-pt-br em centos.org
Para se cadastrar ou descadastrar via WWW, visite o endereço
https://lists.centos.org/mailman/listinfo/centos-pt-br
ou, via email, envie uma mensagem com a palavra 'help' no assunto ou
corpo da mensagem para
centos-pt-br-request em centos.org
Você poderá entrar em contato com a pessoa que gerencia a lista pelo
endereço
centos-pt-br-owner em centos.org
Quando responder, por favor edite sua linha Assunto assim ela será
mais específica que "Re: Contents of CentOS-pt-br digest..."
Tópicos de Hoje:
1. Iptables! (Glenio Cortes Himmen)
2. Assunto: Iptables! (Adroaldo Cavalheiro)
3. Re: Iptables! (João Paulo Ferreira)
----------------------------------------------------------------------
Message: 1
Date: Tue, 6 Sep 2016 14:03:25 -0300 (BRT)
From: Glenio Cortes Himmen <glenio.11622x em aparecida.go.gov.br>
To: CentOS-pt-br em centos.org
Subject: [CentOS-pt-br] Iptables!
Message-ID:
<1251459852.311112.1473181405819.JavaMail.zimbra em aparecida.go.gov.br>
Content-Type: text/plain; charset="utf-8"
Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
177.135.260.61:3051
177.135.250.61:5836
177.135.250.61:5837
177.135.250.61:725
As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
Abaixo o script firewall.sh que utilizo.
#!/bin/bash
#___________.__________________________ __ _____ .____ .____
#\_ _____/| \______ \_ _____/ \ / \/ _ \ | | | |
# | __) | || _/| __)_\ \/\/ / /_\ \| | | |
# | \ | || | \| \\ / | \ |___| |___
# \___ / |___||____|_ /_______ / \__/\ /\____|__ /_______ \_______ \
# \/ \/ \/ \/ \/ \/ \/
#####################################################################
# VARIAVEIS
#####################################################################
# -d ip de destino - rede destino - ip da rede 192.168.2.1 192.168.0.0/24
# -s ip de origem - rede de origem - ip da internet
# --sport NUMERO porta origem
# --dport NUMERO porta destino
# -j ACAO
LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options --log-level info"
IPT="/sbin/iptables"
### INTERFACE DA REDE EXTERNA INTERNET
IF_EXT="eth0"
### INTERFACE DA REDE INTERNA LAN
IF_INT="eth1"
### REDE INTERNA
REDE_INTERNA="172.16.0.0/26"
### PORTAS LIBERADAS TCP INPUT
PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
### PORTAS LIBERADAS UDP INPUT
PORTAS_UDP="53 161 3128"
### Portas liberadas de fora internet para a rede interna
PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
# ======== FORWARD LIBERADO PARA IP EXTERNO
IP_FORWARD_EXTERNO="
189.2.188.173
187.5.111.45
"
### FORWARD LIBERADO PARA IP DA REDE INTERNA
### Informar os IP's da rede interna que poderão passar sem configurar o proxy
IP_FORWARD_INTERNO="
172.16.0.3
172.16.0.7
172.16.0.25
172.16.0.11
172.16.0.50
172.16.0.47
172.16.0.38
172.16.0.61
172.16.0.24
172.16.0.10
172.16.0.9
172.16.0.49
172.16.0.18
172.16.0.15
172.16.0.36
172.16.0.51
172.16.0.39
172.16.0.45
172.16.0.29
172.16.0.36
"
echo "INICIANDO FIREWALL ...................[OK]"
#####################################################################
# MODULOS
#####################################################################
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_tos
/sbin/modprobe ipt_MASQUERADE
echo "LIMPANDO AS REGRAS ...................[OK]"
### APAGANDO REGRAS PADRAO
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
### APAGANDO CHAINS
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
### ZERANDO CONTADORES
$IPT -Z
$IPT -t nat -Z
$IPT -t mangle -Z
echo "APLICADO REGRAS PADRÕES ..............[OK]"
######################################################################
# REGRAS PADROES
######################################################################
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
### HABILITANDO ROTEAMENTO NO KERNEL
echo "1" > /proc/sys/net/ipv4/ip_forward
######################################################################
# REGRAS DE NAT
######################################################################
### COMPARTILHAR INTERNET
#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
#Redirecionar 443 para 3128
#$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
### PROXY TRANSPARENTE
#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to 10.1.1.1:3128
#$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128
### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO
#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination 10.1.1.54:3389
#$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT
echo "APLICANDO REGRAS MANUAIS .............[OK]"
#####################################################################
# REGRAS INPUT
#####################################################################
$IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
for i in $PORTAS_REDE_INTERNA; do
$IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT
done
for i in $PORTAS_UDP; do
$IPT -A INPUT -p udp --dport $i -j ACCEPT
done
$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT"
$IPT -t filter -A INPUT -j DROP
#####################################################################
# REGRAS DE FORWARD
#####################################################################
### PORTAS FORWARD
for i in $PORTAS_FORWARD; do
$IPT -A FORWARD -p tcp --dport $i -j ACCEPT
done
### FORWARD EXTERNA INTERNET
for i in $IP_FORWARD_EXTERNO; do
$IPT -A FORWARD -d $i -j ACCEPT
done
### FORWARD INTERNO INTERNT
for i in $IP_FORWARD_INTERNO; do
$IPT -A FORWARD -s $i -j ACCEPT
done
###
for i in $PORTAS_UDP; do
$IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT
done
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD"
$IPT -t filter -A FORWARD -j DROP
echo "FIREWALL INICIADO ....................[OK]"
Gostaria da ajuda para saber o comando e onde colocar.
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/5ed31ef2/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 6 Sep 2016 22:33:01 +0000 (UTC)
From: Adroaldo Cavalheiro <adroaldo_goncalves em yahoo.com.br>
To: "Portuguese (Brazilian) CentOS mailing list"
<centos-pt-br em centos.org>
Subject: [CentOS-pt-br] Assunto: Iptables!
Message-ID: <700822086.704018.1473201181100 em mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"
Tenta isso.
iptables -A FORWARD -p tcp --dport 3051 -d 177.135.260.61 -j ACCEPTFaz o mesmo com as outras portas, é só repetir a regra.
Tirei deste Post no Vivaolinux.
Enviado do Yahoo Mail no Android
Em 14:03 ter, 6 de set de PM, Glenio Cortes Himmen<glenio.11622x em aparecida.go.gov.br> escreveu: Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
177.135.260.61:3051
177.135.250.61:5836
177.135.250.61:5837
177.135.250.61:725
As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
Abaixo o script firewall.sh que utilizo.
#!/bin/bash
#___________.__________________________ __ _____ .____ .____
#\_ _____/| \______ \_ _____/ \ / \/ _ \ | | | |
# | __) | || _/| __)_\ \/\/ / /_\ \| | | |
# | \ | || | \| \\ / | \ |___| |___
# \___ / |___||____|_ /_______ / \__/\ /\____|__ /_______ \_______ \
# \/ \/ \/ \/ \/ \/ \/
#####################################################################
# VARIAVEIS
#####################################################################
# -d ip de destino - rede destino - ip da rede 192.168.2.1 192.168.0.0/24
# -s ip de origem - rede de origem - ip da internet
# --sport NUMERO porta origem
# --dport NUMERO porta destino
# -j ACAO
LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options --log-level info"
IPT="/sbin/iptables"
### INTERFACE DA REDE EXTERNA INTERNET
IF_EXT="eth0"
### INTERFACE DA REDE INTERNA LAN
IF_INT="eth1"
### REDE INTERNA
REDE_INTERNA="172.16.0.0/26"
### PORTAS LIBERADAS TCP INPUT
PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
### PORTAS LIBERADAS UDP INPUT
PORTAS_UDP="53 161 3128"
### Portas liberadas de fora internet para a rede interna
PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
# ======== FORWARD LIBERADO PARA IP EXTERNO
IP_FORWARD_EXTERNO="
189.2.188.173
187.5.111.45
"
### FORWARD LIBERADO PARA IP DA REDE INTERNA
### Informar os IP's da rede interna que poderão passar sem configurar o proxy
IP_FORWARD_INTERNO="
172.16.0.3
172.16.0.7
172.16.0.25
172.16.0.11
172.16.0.50
172.16.0.47
172.16.0.38
172.16.0.61
172.16.0.24
172.16.0.10
172.16.0.9
172.16.0.49
172.16.0.18
172.16.0.15
172.16.0.36
172.16.0.51
172.16.0.39
172.16.0.45
172.16.0.29
172.16.0.36
"
echo "INICIANDO FIREWALL ...................[OK]"
#####################################################################
# MODULOS
#####################################################################
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_tos
/sbin/modprobe ipt_MASQUERADE
echo "LIMPANDO AS REGRAS ...................[OK]"
### APAGANDO REGRAS PADRAO
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
### APAGANDO CHAINS
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
### ZERANDO CONTADORES
$IPT -Z
$IPT -t nat -Z
$IPT -t mangle -Z
echo "APLICADO REGRAS PADRÕES ..............[OK]"
######################################################################
# REGRAS PADROES
######################################################################
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
### HABILITANDO ROTEAMENTO NO KERNEL
echo "1" > /proc/sys/net/ipv4/ip_forward
######################################################################
# REGRAS DE NAT
######################################################################
### COMPARTILHAR INTERNET
#$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE
$IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
#Redirecionar 443 para 3128
#$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
### PROXY TRANSPARENTE
#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to 10.1.1.1:3128
#$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT --to-port 3128
### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO
#$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT --to-destination 10.1.1.54:3389
#$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j ACCEPT
echo "APLICANDO REGRAS MANUAIS .............[OK]"
#####################################################################
# REGRAS INPUT
#####################################################################
$IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
for i in $PORTAS_REDE_INTERNA; do
$IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT
done
for i in $PORTAS_UDP; do
$IPT -A INPUT -p udp --dport $i -j ACCEPT
done
$IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT"
$IPT -t filter -A INPUT -j DROP
#####################################################################
# REGRAS DE FORWARD
#####################################################################
### PORTAS FORWARD
for i in $PORTAS_FORWARD; do
$IPT -A FORWARD -p tcp --dport $i -j ACCEPT
done
### FORWARD EXTERNA INTERNET
for i in $IP_FORWARD_EXTERNO; do
$IPT -A FORWARD -d $i -j ACCEPT
done
### FORWARD INTERNO INTERNT
for i in $IP_FORWARD_INTERNO; do
$IPT -A FORWARD -s $i -j ACCEPT
done
###
for i in $PORTAS_UDP; do
$IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT
done
$IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD"
$IPT -t filter -A FORWARD -j DROP
echo "FIREWALL INICIADO ....................[OK]"
Gostaria da ajuda para saber o comando e onde colocar.
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/a8d6e24a/attachment-0001.html>
------------------------------
Message: 3
Date: Tue, 6 Sep 2016 23:51:26 -0300
From: João Paulo Ferreira <jferreira.ba em gmail.com>
To: "Portuguese (Brazilian) CentOS mailing list"
<centos-pt-br em centos.org>
Subject: Re: [CentOS-pt-br] Iptables!
Message-ID:
<CA+fqMVCoKcY0Ej+fz5py6wSuGcnghdU2AXdJ2GRihpW+OfDqYA em mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
iptables -t filter -I FORWARD -d 177.135.260.61 -p tcp -m multiport --dport
3051,5836,5837,725 -j ACCEPT
iptables -t filter -I FORWARD -d 177.135.260.61 -p udp -m multiport --dport
3051,5836,5837,725 -j ACCEPT
Como você não informou o protocolo da camada de transporte estou colocando
a regra para UDP e TCP.
Atenciosamente,
*João Paulo Ferreira*
*B.S. Ciência da Computação* - UNIVERSIDADE SALVADOR
*Esp. Redes de Computadores e Telecomunicações* - UNIVERSIDADE SALVADOR
*Novell Certified Linux Administrator* - NOVELL
*Certified Linux Professional Institute *- LPI
*CompTIA Linux+* - COMPTIA
*Mikrotik Certified Network Associate* - MIKROTIK
Cel.: +55 (71) 9918-1235 VIVO
Cel.: +55 (71) 8837-7080 OI
Skype.: joaopaulo.cf
G-Talk/Mail: jferreira.ba em gmail.com
Em 6 de setembro de 2016 14:03, Glenio Cortes Himmen <
glenio.11622x em aparecida.go.gov.br> escreveu:
> Sou novo com IPTABLES e SQUID, preciso liberar um determinado programa
> para acessar o endereço e portas abaixo relacionados sem passar pelo proxy.
>
> 177.135.260.61:3051
> 177.135.250.61:5836
> 177.135.250.61:5837
> 177.135.250.61:725
>
> As requisições de saída sairão do IP 172.16.0.48/255.255.255.192.
>
> Abaixo o script firewall.sh que utilizo.
>
> #!/bin/bash
> #___________.__________________________ __ _____ .____ .____
> #\_ _____/| \______ \_ _____/ \ / \/ _ \ | | | |
> # | __) | || _/| __)_\ \/\/ / /_\ \| | | |
> # | \ | || | \| \\ / | \ |___| |___
> # \___ / |___||____|_ /_______ / \__/\ /\____|__ /_______ \_______ \
> # \/ \/ \/ \/ \/ \/ \/
> #####################################################################
> # VARIAVEIS
> #####################################################################
> # -d ip de destino - rede destino - ip da rede 192.168.2.1
> 192.168.0.0/24
> # -s ip de origem - rede de origem - ip da internet
> # --sport NUMERO porta origem
> # --dport NUMERO porta destino
> # -j ACAO
> LOG_OPTIONS="--log-tcp-sequence --log-ip-options --log-tcp-options
> --log-level info"
> IPT="/sbin/iptables"
> ### INTERFACE DA REDE EXTERNA INTERNET
> IF_EXT="eth0"
>
> ### INTERFACE DA REDE INTERNA LAN
> IF_INT="eth1"
>
> ### REDE INTERNA
> REDE_INTERNA="172.16.0.0/26"
>
> ### PORTAS LIBERADAS TCP INPUT
> PORTAS_REDE_INTERNA="23 25 53 137 443 8080 1194 2928 3128 3389 80"
>
> ### PORTAS LIBERADAS UDP INPUT
> PORTAS_UDP="53 161 3128"
>
> ### Portas liberadas de fora internet para a rede interna
> PORTAS_FORWARD="23 25 53 443 8080 137 1194 2928 3389 3128"
>
> # ======== FORWARD LIBERADO PARA IP EXTERNO
> IP_FORWARD_EXTERNO="
> 189.2.188.173
> 187.5.111.45
> "
> ### FORWARD LIBERADO PARA IP DA REDE INTERNA
> ### Informar os IP's da rede interna que poderão passar sem configurar o
> proxy
> IP_FORWARD_INTERNO="
> 172.16.0.3
> 172.16.0.7
> 172.16.0.25
> 172.16.0.11
> 172.16.0.50
> 172.16.0.47
> 172.16.0.38
> 172.16.0.61
> 172.16.0.24
> 172.16.0.10
> 172.16.0.9
> 172.16.0.49
> 172.16.0.18
> 172.16.0.15
> 172.16.0.36
> 172.16.0.51
> 172.16.0.39
> 172.16.0.45
> 172.16.0.29
> 172.16.0.36
> "
> echo "INICIANDO FIREWALL ...................[OK]"
> #####################################################################
> # MODULOS
> #####################################################################
> /sbin/modprobe ip_conntrack
> /sbin/modprobe ip_conntrack_ftp
> /sbin/modprobe ip_nat_ftp
> /sbin/modprobe iptable_nat
> /sbin/modprobe ipt_tos
> /sbin/modprobe ipt_MASQUERADE
>
> echo "LIMPANDO AS REGRAS ...................[OK]"
> ### APAGANDO REGRAS PADRAO
> $IPT -F
> $IPT -t nat -F
> $IPT -t mangle -F
>
> ### APAGANDO CHAINS
> $IPT -X
> $IPT -t nat -X
> $IPT -t mangle -X
>
> ### ZERANDO CONTADORES
> $IPT -Z
> $IPT -t nat -Z
> $IPT -t mangle -Z
>
> echo "APLICADO REGRAS PADRÕES ..............[OK]"
> ######################################################################
> # REGRAS PADROES
> ######################################################################
> $IPT -P INPUT DROP
> $IPT -P FORWARD DROP
> $IPT -P OUTPUT ACCEPT
>
> ### HABILITANDO ROTEAMENTO NO KERNEL
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> ######################################################################
> # REGRAS DE NAT
> ######################################################################
> ### COMPARTILHAR INTERNET
>
> #$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -o $IF_EXT -j MASQUERADE
> $IPT -t nat -A POSTROUTING -o $IF_EXT -j MASQUERADE
>
> #Redirecionar 443 para 3128
> #$IPT -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 3128
>
> ### PROXY TRANSPARENTE
> #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 80 -j DNAT --to
> 10.1.1.1:3128
> #$IPT -t nat -A PREROUTING -i $IF_INT -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> ### REDIRECIONAR ACESSO EXTERNO RDP PARA HOST INTERNO
> #$IPT -t nat -A PREROUTING -i $IF_EXT -p tcp --dport 3389 -j DNAT
> --to-destination 10.1.1.54:3389
> #$IPT -t filter -A FORWARD -i $IF_EXT -d 10.1.1.54 -p tcp --dport 3389 -j
> ACCEPT
>
> echo "APLICANDO REGRAS MANUAIS .............[OK]"
> #####################################################################
> # REGRAS INPUT
> #####################################################################
> $IPT -t filter -A INPUT -p tcp -i lo -j ACCEPT
> $IPT -t filter -A INPUT -p icmp -j ACCEPT
> $IPT -t filter -A INPUT -p tcp --dport 443 -j DROP
>
> for i in $PORTAS_REDE_INTERNA; do
> $IPT -t filter -A INPUT -p tcp --dport $i -j ACCEPT
> done
>
> for i in $PORTAS_UDP; do
> $IPT -A INPUT -p udp --dport $i -j ACCEPT
> done
>
> $IPT -t filter -A INPUT -m state --state INVALID,RELATED,ESTABLISHED -j
> ACCEPT
> $IPT -t filter -A INPUT -j LOG $LOG_OPTIONS --log-prefix "LOG_INPUT"
> $IPT -t filter -A INPUT -j DROP
>
> #####################################################################
> # REGRAS DE FORWARD
> #####################################################################
> ### PORTAS FORWARD
> for i in $PORTAS_FORWARD; do
> $IPT -A FORWARD -p tcp --dport $i -j ACCEPT
> done
>
> ### FORWARD EXTERNA INTERNET
> for i in $IP_FORWARD_EXTERNO; do
> $IPT -A FORWARD -d $i -j ACCEPT
> done
>
> ### FORWARD INTERNO INTERNT
> for i in $IP_FORWARD_INTERNO; do
> $IPT -A FORWARD -s $i -j ACCEPT
> done
> ###
>
> for i in $PORTAS_UDP; do
> $IPT -t filter -A FORWARD -p udp --dport $i -j ACCEPT
> done
>
> $IPT -t filter -A FORWARD -m state --state INVALID,RELATED,ESTABLISHED -j
> ACCEPT
> $IPT -t filter -A FORWARD -j LOG $LOG_OPTIONS --log-prefix "LOG_FORWARD"
> $IPT -t filter -A FORWARD -j DROP
>
> echo "FIREWALL INICIADO ....................[OK]"
>
> Gostaria da ajuda para saber o comando e onde colocar.
>
> _______________________________________________
> CentOS-pt-br mailing list
> CentOS-pt-br em centos.org
> https://lists.centos.org/mailman/listinfo/centos-pt-br
>
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.centos.org/pipermail/centos-pt-br/attachments/20160906/7ba77985/attachment-0001.html>
------------------------------
_______________________________________________
CentOS-pt-br mailing list
CentOS-pt-br em centos.org
https://lists.centos.org/mailman/listinfo/centos-pt-br
Fim da Digest CentOS-pt-br, volume 114, assunto 2
*************************************************
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.centos.org/pipermail/centos-pt-br/attachments/20160908/71b7a8a4/attachment.html>
Mais detalhes sobre a lista de discussão CentOS-pt-br