Firewall para seu PC iptables Linux ipv6


#!/bin/sh
### BEGIN INIT INFO
# Provides:          firewall
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts and stops Firewall
# Description:       Starts and stops Firewall, a network firewall
### END INIT INFO

iniciar(){
sleep 3
# Defina suas variáveis de comando

IPV4="iptables"
IPV6="ip6tables"

#----------------------------------------------------------------------------------#

                              # Prioridade de portas #

#----------------------------------------------------------------------------------#

 PORT_TOS="80,443"

 $IPV4 -t mangle -A OUTPUT -p tcp -m multiport --dports $PORT_TOS -j TOS --set-tos 16

# ipv6

 $IPV6 -t mangle -A OUTPUT -p tcp -m multiport --dports $PORT_TOS -j TOS --set-tos 16

#----------------------------------------------------------------------------------#

 $IPV4 -P INPUT DROP
 $IPV4 -P FORWARD DROP

# IPV6
 $IPV6 -P INPUT DROP
 $IPV6 -P FORWARD DROP

#----------------------------------------------------------------------------------#
# Localhost rede

 $IPV4 -A INPUT -i lo -j ACCEPT
 $IPV4 -A INPUT -s 192.168.1.0/24 -j ACCEPT

# IPV6

# Rede local, Link local

 $IPV4 -A INPUT -i lo -j ACCEPT
 $IPV4 -A INPUT -s 192.168.1.0/24 -j ACCEPT

# IPV6
# Fonte :: http://ipv6.br/post/enderecamento/
## /64 10
 $IPV6 -A INPUT -i lo -j ACCEPT
# Unicast
 $IPV6 -A INPUT -s fe80::/64 -j ACCEPT
# Multicast
# $IPV6 -A INPUT -s fe80::/10 -j ACCEPT
#----------------------------------------------------------------------------------#
# Internet rede

 $IPV4 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

# IPV6

 $IPV6 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

#----------------------------------------------------------------------------------#

# Portas Pc e Block Propaganda

 $IPV4 -A OUTPUT -p tcp -m string --string "g.doubleclick.net" --algo kmp -j REJECT

# ipv6

 $IPV6 -A OUTPUT -p tcp -m string --string "g.doubleclick.net" --algo kmp -j REJECT

#----------------------------------------------------------------------------------#

# Abra portas aqui.

# EX:: $IPV4 -A INPUT -p tcp -m multiport --dports 25456:35460 -j ACCEPT
# EX:: $IPV6 -A INPUT -p tcp -m multiport --dports 25456:35460 -j ACCEPT

# Esse e um exemplo.

#----------------------------------------------------------------------------------#

}

parar(){

#---- Desativar o firewall ----#

# Defina suas variáveis de comando

IPV4="iptables"
IPV6="ip6tables"

 $IPV4 -F
 $IPV4 -X
 $IPV4 -t nat -F
 $IPV4 -t nat -X
 $IPV4 -t mangle -F
 $IPV4 -t mangle -X
 $IPV4 -P INPUT ACCEPT
 $IPV4 -P FORWARD ACCEPT
 $IPV4 -P OUTPUT ACCEPT

# ipv6

 $IPV6 -F
 $IPV6 -X
 $IPV6 -t nat -F
 $IPV6 -t nat -X
 $IPV6 -t mangle -F
 $IPV6 -t mangle -X
 $IPV6 -P INPUT ACCEPT
 $IPV6 -P FORWARD ACCEPT
 $IPV6 -P OUTPUT ACCEPT

}

ver(){

#---- Ver regras o firewall ----#

echo ""
echo "$(tput bold ; tput setaf 1)--- IPV4 ---$(tput sgr0)"
echo ""

iptables -nvL
echo ""

iptables --list-rules
echo ""
echo "$(tput bold ; tput setaf 1)--- IPV6 ---$(tput sgr0)"
echo ""

ip6tables -nvL
echo ""

ip6tables --list-rules

echo ""
echo "$(tput bold ; tput setaf 1)--- mangle ---$(tput sgr0)"
echo ""
ip6tables -t mangle -L

}

case "$1" in
"start") iniciar;;
"stop") parar;;
"status") ver;;
"restart") parar; iniciar;;
*) echo "$(tput bold ; tput setaf 2)---| Use os parâmetros start stop status ou restart |---$(tput sgr0)"
esac

Comentários

Postagens mais visitadas deste blog

Roteador Modelo HGW-2501GNP-RC da Vivo

Login automático LXDE

wicd perfil otimizado