| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- #!/bin/sh
- modprobe ip_tables
- iptables -F INPUT
- iptables -F OUTPUT
- iptables -F FORWARD
- iptables -F -t filter
- iptables -F POSTROUTING -t nat
- iptables -F PREROUTING -t nat
- iptables -F OUTPUT -t nat
- iptables -F -t nat
- iptables -t nat -F
- iptables -t mangle -F
- iptables -X
- # Zerando contadores
- iptables -Z
- iptables -t nat -Z
- iptables -t mangle -Z
- iptables -P INPUT DROP
- iptables -P OUTPUT ACCEPT
- iptables -P FORWARD DROP
- iptables -A INPUT -i lo -d 127.0.0.1 -j ACCEPT
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- i=/proc/sys/net/ipv4
- # Desabilita o trafego IP entre as placas de rede
- echo "0" > /proc/sys/net/ipv4/ip_forward
- # Protecao contra SYN flood
- echo "1" > $i/tcp_syncookies
- echo "1" > $i/icmp_echo_ignore_broadcasts
- # Protecao contra responses bogus
- echo "1" > $i/icmp_ignore_bogus_error_responses
- echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
- iptables -I INPUT 1 -m state --state INVALID -j LOG --log-level info --log-prefix "PKT INVALIDO - "
- iptables -I INPUT 2 -m state --state INVALID -j DROP
- iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 5/m -j ACCEPT
- echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
|
