# # Segurança de Sistemas # # --> Limpando regras /sbin/ipchains -F input /sbin/ipchains -F forward /sbin/ipchains -F output # --> Definindo timeout /sbin/ipchains -M -S 7200 10 160 # --> Definindo diretivas default /sbin/ipchains -P forward DENY /sbin/ipchains -P input ACCEPT /sbin/ipchains -P output ACCEPT # --> Liberacao do trafego loopback /sbin/ipchains -A input -i eth0 -j ACCEPT /sbin/ipchains -A output -i eth1 -j ACCEPT # --> Bloqueando ping para as placas locais #/sbin/ipchains -A input -i eth0 -p icmp -j DENY #/sbin/ipchains -A input -i eth1 -p icmp -j DENY /sbin/ipchains -A forward -s any/0 -d any/0 -p icmp -j ACCEPT # --> Saida da rede /sbin/ipchains -A forward -s 200.250.30.0/24 -d any/0 -p all -j ACCEPT # --> trafego ESTABILISHED /sbin/ipchains -A forward -s any/0 -d any/0 ! -y -p tcp -j ACCEPT # --> servidor DNS /sbin/ipchains -A forward -s any/0 -d 200.250.30.2 nameserver -p tcp -j ACCEPT /sbin/ipchains -A forward -s any/0 -d 200.250.30.2 nameserver -p udp -j ACCEPT /sbin/ipchains -A forward -s any/0 nameserver -d 200.250.30.2 -p tcp -j ACCEPT /sbin/ipchains -A forward -s any/0 nameserver -d 200.250.30.2 -p udp -j ACCEPT /sbin/ipchains -A forward -s 200.250.30.2 -d any/0 nameserver -p udp -j ACCEPT /sbin/ipchains -A forward -s 200.250.30.2 -d any/0 nameserver -p tcp -j ACCEPT /sbin/ipchains -A forward -s 200.250.30.2 nameserver -d any/0 -p udp -j ACCEPT /sbin/ipchains -A forward -s 200.250.30.2 nameserver -d any/0 -p tcp -j ACCEPT # --> servidor www/ftp /sbin/ipchains -A forward -s any/0 -d 200.250.30.3 www -p tcp -j ACCEPT /sbin/ipchains -A forward -s any/0 -d 200.250.30.3 ftp -p tcp -j ACCEPT # --> servidor e-mail /sbin/ipchains -A forward -s any/0 -d 200.250.30.5 mail -p tcp -j ACCEPT /sbin/ipchains -A forward -s any/0 -d 200.250.30.5 pop3 -p tcp -j ACCEPT /sbin/ipchains -A forward -s any/0 -d 200.250.30.5 imap3 -p tcp -j ACCEPT # Logar possiveis ataques /sbin/ipchains -A forward -j REJECT -l