[Fedora-users-br] Re: Digest Fedora-users-br, volume 13, assunto 71
Bruno Contin
brunorodeiro em gmail.com
Seg Nov 27 16:17:43 UTC 2006
Ele fica rede interna, é um servidor de proxy com velox, os e-mails usam a
porta 25 e 110.
Em 27/11/06, fedora-users-br-request em redhat.com <
fedora-users-br-request em redhat.com> escreveu:
>
> enviar inscrições da lista de discussão Send Fedora-users-br para
> fedora-users-br em redhat.com
>
> Para se cadastrar ou descadastrar via WWW, visite o endereço
> https://www.redhat.com/mailman/listinfo/fedora-users-br
> ou, via email, envie uma mensagem com a palavra 'help' no assunto ou
> corpo da mensagem para
> fedora-users-br-request em redhat.com
>
> Você poderá entrar em contato com a pessoa que gerencia a lista pelo
> endereço
> fedora-users-br-owner em redhat.com
>
> Quando responder, por favor edite sua linha Assunto assim ela será
> mais específica que "Re: Contents of Fedora-users-br digest..."
>
>
> Tópicos de Hoje:
>
> 1. Firewall fedora?? não envia e-mail (Bruno Yahoo)
> 2. Re: Firewall fedora?? não envia e-mail (Felipe Tocchetto)
> 3. Re: Firewall fedora?? não envia e-mail (Alexandre Singulani)
> 4. firewall naõ deixa enviar e-mails (Bruno Contin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 27 Nov 2006 08:44:21 -0200
> From: "Bruno Yahoo" <brunoce10 em yahoo.com.br>
> Subject: [Fedora-users-br] Firewall fedora?? não envia e-mail
> To: <fedora-users-br em redhat.com>
> Message-ID: <000f01c71211$010928f0$0a00a8c0 em bruno>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Olá comunidade, eu estou com um problema, implementei um firewall com
> proxy ( squid ) no Fedora, a net está ok, o proxy também, só que não consigo
> receber e-mails e nem enviar, e as portas no firewall estão abertas para
> isso.
> esse é o meu firewall, se alguém puder me ajudar, eu agradeço... Vamos
> criar uma lista de pessoas que queiram conversar via Google Talk para tirar
> dúvidas? o meu é brunorodeiro em gmail.com
> abraços...
> #!/bin/bash
>
> stop ()
> {
> echo "0" > /proc/sys/net/ipv4/ip_forward
> iptables -F
> iptables -X
> }
>
> start ()
> {
>
> ############################# Limpar as regras primeiro
> /usr/sbin/iptables -F
> /usr/sbin/iptables -t nat -F
> /usr/sbin/iptables -F -t mangle
> /usr/sbin/iptables -X -t mangle
>
>
> ############################# Insere os modulos kernel
> /sbin/modprobe iptable_nat
> /sbin/modprobe iptable_mangle
> /sbin/modprobe ipt_conntrack
> /sbin/modprobe ip_conntrack_ftp
> /sbin/modprobe ip_nat_ftp
> /sbin/modprobe ipt_multiport
> /sbin/modprobe ipt_LOG
> /sbin/modprobe ipt_mark
> /sbin/modprobe ipt_MARK
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> echo "0" > /proc/sys/net/ipv4/tcp_ecn
>
> ###########################################
> #/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> /usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> ########### LOGS ######################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5190 -j LOG
> --log-prefix "LOG ICQ: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 1863 -j LOG
> --log-prefix "LOG MSN: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 22 -j LOG
> --log-prefix "Serviço SSH: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j LOG
> --log-prefix "Serviço FTP: "
>
> #####################################
> # PROTECAO EXTRA
> #####################################
>
> ############## Brute Force ############
> /usr/sbin/iptables -A INPUT -p tcp --syn --dport 22 -m recent --name
> sshattack --set
> /usr/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH
> REJECT: '
> /usr/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with
> tcp-reset
> /usr/sbin/iptables -A FORWARD -p tcp --syn --dport 22 -m recent --name
> sshattack --set
> /usr/sbin/iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH
> REJECT: '
> /usr/sbin/iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with
> tcp-reset
>
> ############# Proteção contra trojans ################
> /usr/sbin/iptables -N TROJAN
> /usr/sbin/iptables -A TROJAN -m limit --limit 15/m -j LOG --log-level 6
> --log-prefix "FIREWALL: trojan: "
> /usr/sbin/iptables -A TROJAN -j DROP
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 666 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 666 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 4000 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 6000 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 6006 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 16660 -j TROJAN
>
> ############## Proteção contra worms #################
> /usr/sbin/iptables -A FORWARD -p tcp --dport 135 -i eth0 -j REJECT
>
> ############## SYN-flood ############
> /usr/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
>
> ############## ping da morte ########
> /usr/sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit
> --limit 1/s -j ACCEPT
>
> ########### Port Scanners ###########
> /usr/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m
> limit --limit 1/s -j DROP
>
> ########## IP Spoofing ##############
> /usr/sbin/iptables -N syn-flood
> /usr/sbin/iptables -A INPUT -i eth0 -p tcp --syn -j syn-flood
> /usr/sbin/iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP
> /usr/sbin/iptables -A INPUT -s 172.16.0.0/16 -i eth0 -j DROP
> /usr/sbin/iptables -A INPUT -s 192.168.0.0/24 -i eth0 -j DROP
>
> ######## anomalias de pacotes #######
> /usr/sbin/iptables -A FORWARD -m unclean -j DROP
>
> ################### CEF ########################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 200.201.174.0/16 -j
> ACCEPT
> /usr/sbin/iptables -A FORWARD -p tcp -d 200.201.174.0/16 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 200.201.166.0/16 -j
> ACCEPT
> /usr/sbin/iptables -A FORWARD -p tcp -d 200.201.166.0/16 -j ACCEPT
>
> ############################# Redirecionar 80, 3128 -> 3128
>
> #/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 2100 -j DNAT
> --to-destination 192.168.0.1:3128
> #/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -s
> 192.168.0.0/24 -j DNAT --to-destination 192.168.0.1:3128
> iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport -s
> 192.168.0.0/24 --dport 80,443,563 -j REDIRECT --to-port 3128
>
> ############################# Aceitar lista de portas padrao
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 22 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 23 -j ACCEPT -s
> 192.168.0.145
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 110 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 465 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 500 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 587 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 995 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 3306 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 2100 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 8080 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5017 -j ACCEPT -s
> 192.168.0.0/24
>
> ########## ICQ ################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5190 -j ACCEPT -s
> 192.168.0.50
>
> ########### MSN #######################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 1863 -j ACCEPT -s
> 192.168.0.128
>
>
> ######################################
> # Filtros de portas udp
> ######################################
> /usr/sbin/iptables -t nat -A PREROUTING -p udp --dport 53 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j ACCEPT
>
>
> ########### Apos feitas as regras rejeitar todos os outros pacotes
> /usr/sbin/iptables -t nat -p tcp -A PREROUTING -j DROP
> /usr/sbin/iptables -t nat -p udp -A PREROUTING -j DROP
>
> }
>
> case $1 in
> start)
> echo -n Starting Firewall...
> add_rules
> echo "Done"
> ;;
> stop)
> echo -n Stoping Firewall...
> flush_rules
> echo "Done"
> ;;
> restart)
> echo -n Restarting Firewall...
> flush_rules
> add_rules
> echo "Done"
> ;;
> status)
> echo "============================ Firewall rules:"
> iptables -L -n
> echo "============================ Masquerade tables:"
> iptables -t nat -L -n
> echo "============================ Mangle table:"
> iptables -t mangle -L -n
> ;;
> *)
> echo Usar: "$0 { status | start | stop | restart }"
> ;;
> esac
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL:
> https://www.redhat.com/archives/fedora-users-br/attachments/20061127/0e8bd41a/attachment.html
>
> ------------------------------
>
> Message: 2
> Date: Mon, 27 Nov 2006 08:51:51 -0200
> From: "Felipe Tocchetto" <felipe em tocchetto.com>
> Subject: Re: [Fedora-users-br] Firewall fedora?? não envia e-mail
> To: " Lista de discussão voltada para os usuários brasileiros do
> Fedora " <fedora-users-br em redhat.com>
> Message-ID:
> <4f70c5c80611270251l75710ab3jbcafa9714171a708 em mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Seu servidor de email fica dentro da rede?
>
> Em 27/11/06, Bruno Yahoo<brunoce10 em yahoo.com.br> escreveu:
> >
> >
> > Olá comunidade, eu estou com um problema, implementei um firewall com
> proxy
> > ( squid ) no Fedora, a net está ok, o proxy também, só que não consigo
> > receber e-mails e nem enviar, e as portas no firewall estão abertas para
> > isso.
> > esse é o meu firewall, se alguém puder me ajudar, eu agradeço... Vamos
> criar
> > uma lista de pessoas que queiram conversar via Google Talk para tirar
> > dúvidas? o meu é brunorodeiro em gmail.com
> > abraços...
> > #!/bin/bash
> >
> > stop ()
> > {
> > echo "0" > /proc/sys/net/ipv4/ip_forward
> > iptables -F
> > iptables -X
> > }
> >
> > start ()
> > {
> >
> > ############################# Limpar as regras primeiro
>
>
> --
> Felipe L. Tocchetto
> http://felipe.tocchetto.com
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 27 Nov 2006 12:04:58 +0000
> From: "Alexandre Singulani" <alexsingr em hotmail.com>
> Subject: Re: [Fedora-users-br] Firewall fedora?? não envia e-mail
> To: fedora-users-br em redhat.com
> Message-ID: <BAY106-F6C55F9BA1A0D91B217169BEE60 em phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Um anexo em HTML foi limpo...
> URL:
> https://www.redhat.com/archives/fedora-users-br/attachments/20061127/e9122007/attachment.html
>
> ------------------------------
>
> Message: 4
> Date: Mon, 27 Nov 2006 10:35:35 -0200
> From: "Bruno Contin" <brunorodeiro em gmail.com>
> Subject: [Fedora-users-br] firewall naõ deixa enviar e-mails
> To: fedora-users-br em redhat.com
> Message-ID:
> <c1066330611270435p1b8c6c03y83b739494117a619 em mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Olá comunidade, eu estou com um problema, implementei um firewall com
> proxy
> ( squid ) no Fedora, a net está ok, o proxy também, só que não consigo
> receber e-mails e nem enviar, e as portas no firewall estão abertas para
> isso.
> esse é o meu firewall, se alguém puder me ajudar, eu agradeço... Vamos
> criar
> uma lista de pessoas que queiram conversar via Google Talk para tirar
> dúvidas? o meu é brunorodeiro em gmail.com
> abraços...
> obs: troquei de-mail pois no yahoo não estava recebendo. agora estou com
> brunorodeiro em gmail.com
> obs: se eu colocar também uma regra no firewall para excluir determinado
> ip
> do proxy, os e-mails funcionam normalmente...
>
> #!/bin/bash
>
> stop ()
> {
> echo "0" > /proc/sys/net/ipv4/ip_forward
> iptables -F
> iptables -X
> }
>
> start ()
> {
>
> ############################# Limpar as regras primeiro
> /usr/sbin/iptables -F
> /usr/sbin/iptables -t nat -F
> /usr/sbin/iptables -F -t mangle
> /usr/sbin/iptables -X -t mangle
>
>
> ############################# Insere os modulos kernel
> /sbin/modprobe iptable_nat
> /sbin/modprobe iptable_mangle
> /sbin/modprobe ipt_conntrack
> /sbin/modprobe ip_conntrack_ftp
> /sbin/modprobe ip_nat_ftp
> /sbin/modprobe ipt_multiport
> /sbin/modprobe ipt_LOG
> /sbin/modprobe ipt_mark
> /sbin/modprobe ipt_MARK
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> echo "0" > /proc/sys/net/ipv4/tcp_ecn
>
> ###########################################
> #/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> /usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>
> ########### LOGS ######################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5190 -j LOG
> --log-prefix "LOG ICQ: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 1863 -j LOG
> --log-prefix "LOG MSN: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 22 -j LOG
> --log-prefix "Serviço SSH: "
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j LOG
> --log-prefix "Serviço FTP: "
>
> #####################################
> # PROTECAO EXTRA
> #####################################
>
> ############## Brute Force ############
> /usr/sbin/iptables -A INPUT -p tcp --syn --dport 22 -m recent --name
> sshattack --set
> /usr/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH
> REJECT: '
> /usr/sbin/iptables -A INPUT -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with
> tcp-reset
> /usr/sbin/iptables -A FORWARD -p tcp --syn --dport 22 -m recent --name
> sshattack --set
> /usr/sbin/iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j LOG --log-prefix 'SSH
> REJECT: '
> /usr/sbin/iptables -A FORWARD -p tcp --dport 22 --syn -m recent --name
> sshattack --rcheck --seconds 60 --hitcount 3 -j REJECT --reject-with
> tcp-reset
>
> ############# Proteção contra trojans ################
> /usr/sbin/iptables -N TROJAN
> /usr/sbin/iptables -A TROJAN -m limit --limit 15/m -j LOG --log-level 6
> --log-prefix "FIREWALL: trojan: "
> /usr/sbin/iptables -A TROJAN -j DROP
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 666 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 666 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 4000 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 6000 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 6006 -j TROJAN
> /usr/sbin/iptables -A INPUT -p TCP -i eth0 --dport 16660 -j TROJAN
>
> ############## Proteção contra worms #################
> /usr/sbin/iptables -A FORWARD -p tcp --dport 135 -i eth0 -j REJECT
>
> ############## SYN-flood ############
> /usr/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
>
> ############## ping da morte ########
> /usr/sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit
> --limit 1/s -j ACCEPT
>
> ########### Port Scanners ###########
> /usr/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m
> limit --limit 1/s -j DROP
>
> ########## IP Spoofing ##############
> /usr/sbin/iptables -N syn-flood
> /usr/sbin/iptables -A INPUT -i eth0 -p tcp --syn -j syn-flood
> /usr/sbin/iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP
> /usr/sbin/iptables -A INPUT -s 172.16.0.0/16 -i eth0 -j DROP
> /usr/sbin/iptables -A INPUT -s 192.168.0.0/24 -i eth0 -j DROP
>
> ######## anomalias de pacotes #######
> /usr/sbin/iptables -A FORWARD -m unclean -j DROP
>
> ################### CEF ########################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 200.201.174.0/16 -j
> ACCEPT
> /usr/sbin/iptables -A FORWARD -p tcp -d 200.201.174.0/16 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 200.201.166.0/16 -j
> ACCEPT
> /usr/sbin/iptables -A FORWARD -p tcp -d 200.201.166.0/16 -j ACCEPT
>
> ############################# Redirecionar 80, 3128 -> 3128
>
> #/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 2100 -j DNAT
> --to-destination 192.168.0.1:3128
> #/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -s
> 192.168.0.0/24 -j DNAT --to-destination 192.168.0.1:3128
> iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport -s
> 192.168.0.0/24--dport 80,443,563 -j REDIRECT --to-port 3128
>
> ############################# Aceitar lista de portas padrao
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 21 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 22 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 23 -j ACCEPT -s
> 192.168.0.145
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 25 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 110 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 465 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 500 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 587 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 995 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 3306 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 2100 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 8080 -j ACCEPT -s
> 192.168.0.0/24
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5017 -j ACCEPT -s
> 192.168.0.0/24
>
> ########## ICQ ################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5190 -j ACCEPT -s
> 192.168.0.50
>
> ########### MSN #######################
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 1863 -j ACCEPT -s
> 192.168.0.128
>
>
> ######################################
> # Filtros de portas udp
> ######################################
> /usr/sbin/iptables -t nat -A PREROUTING -p udp --dport 53 -j ACCEPT
> /usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 53 -j ACCEPT
>
>
> ########### Apos feitas as regras rejeitar todos os outros pacotes
> /usr/sbin/iptables -t nat -p tcp -A PREROUTING -j DROP
> /usr/sbin/iptables -t nat -p udp -A PREROUTING -j DROP
>
> }
>
> case $1 in
> start)
> echo -n Starting Firewall...
> add_rules
> echo "Done"
> ;;
> stop)
> echo -n Stoping Firewall...
> flush_rules
> echo "Done"
> ;;
> restart)
> echo -n Restarting Firewall...
> flush_rules
> add_rules
> echo "Done"
> ;;
> status)
> echo "============================ Firewall rules:"
> iptables -L -n
> echo "============================ Masquerade tables:"
> iptables -t nat -L -n
> echo "============================ Mangle table:"
> iptables -t mangle -L -n
> ;;
> *)
> echo Usar: "$0 { status | start | stop | restart }"
> ;;
> esac
> -------------- Próxima Parte ----------
> Um anexo em HTML foi limpo...
> URL:
> https://www.redhat.com/archives/fedora-users-br/attachments/20061127/f26ae776/attachment.html
>
> ------------------------------
>
> --
> Fedora-users-br mailing list
> Fedora-users-br em redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-users-br
> Site do Projeto Fedora Brasileiro = http://www.projetofedora.org
>
>
> Fim da Digest Fedora-users-br, volume 13, assunto 71
> ****************************************************
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://listman.redhat.com/archives/fedora-users-br/attachments/20061127/9b1e9af1/attachment.htm>
Mais detalhes sobre a lista de discussão Fedora-users-br