Atenção usuários de email com anti-spam (Uol e Bol).
#!/bin/sh## copyright (c) the KMyFirewall developers 2001-2007# Please report bugs to: Christian Hubinger <chubinegr@irrsinnig.org>## This program is distributed under the terms of the GPL v2## KMyFirewall v1.1.1# This is an automatic generated file DO NOT EDIT## Configuration created for My Local Computer [127.0.0.1]#startFirewall() {echo -n "Starting iptables (created by KMyFirewall)... "if [ "$verbose" = "1" ]; thenecho -n "Loading needed modules... "fi$MOD ip_tables $MOD ip_conntrack $MOD ipt_LOG $MOD ipt_limit $MOD ipt_state $MOD ip_conntrack_ftp$MOD ip_conntrack_irc$MOD iptable_filter$MOD iptable_nat$MOD iptable_mangleif [ "$verbose" = "1" ]; thenecho "Done."fi# Define all custom chainsif [ "$verbose" = "1" ]; thenecho -n "Create custom chains... "fiif [ "$verbose" = "1" ]; thenecho " Done."fi# Rules:if [ "$verbose" = "1" ]; thenecho "Settup Rules in Table FILTER:"fi# Define Rules for Chain: INPUTif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: INPUT"fi $IPT -t filter -A INPUT --source 127.0.0.1 --in-interface lo -j ACCEPT || { status="1"; echo " Setting up Rule: LOCALHOST FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A INPUT -p tcp --match multiport --destination-ports 6881,6882,6883,6884,6885,6886,6887,6888,6889 -j ACCEPT || { status="1"; echo " Setting up Rule: Bittorrent_tcp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT || { status="1"; echo " Setting up Rule: CONNTRACK FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A INPUT -m limit --limit 5/second --limit-burst 5 -j LOG --log-prefix "KMF: " || { status="1"; echo " Setting up Rule: Chain: INPUT Drop Logging FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -P INPUT DROP || { status="1"; echo " Setting up Rule: Chain: INPUT Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: OUTPUTif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: OUTPUT"fi $IPT -t filter -A OUTPUT --out-interface lo -j ACCEPT || { status="1"; echo " Setting up Rule: LOCALHOST FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p tcp --match multiport --destination-ports 6881,6882,6883,6884,6885,6886,6887,6888,6889 -j ACCEPT || { status="1"; echo " Setting up Rule: Bittorrent_tcp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p udp --destination-port 53 -j ACCEPT || { status="1"; echo " Setting up Rule: DNS_udp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p tcp --destination-port 80 -j ACCEPT || { status="1"; echo " Setting up Rule: HTTP_tcp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p tcp --destination-port 443 -j ACCEPT || { status="1"; echo " Setting up Rule: HTTPS_tcp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p tcp --destination-port 88 -j ACCEPT || { status="1"; echo " Setting up Rule: Kerberos_tcp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -p udp --destination-port 88 -j ACCEPT || { status="1"; echo " Setting up Rule: Kerberos_udp FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -A OUTPUT -m limit --limit 5/second --limit-burst 5 -j LOG --log-prefix "KMF: " || { status="1"; echo " Setting up Rule: Chain: OUTPUT Drop Logging FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t filter -P OUTPUT DROP || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: FORWARDif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: FORWARD"fi $IPT -t filter -P FORWARD ACCEPT || { status="1"; echo " Setting up Rule: Chain: FORWARD Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }if [ "$verbose" = "1" ]; thenecho "Settup Rules in Table NAT:"fi# Define Rules for Chain: OUTPUTif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: OUTPUT"fi $IPT -t nat -P OUTPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: PREROUTINGif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: PREROUTING"fi $IPT -t nat -P PREROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: PREROUTING Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: POSTROUTINGif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: POSTROUTING"fi $IPT -t nat -A POSTROUTING -j MASQUERADE || { status="1"; echo " Setting up Rule: NAT_RULE FAILED! Clearing Rules!"; stopFirewall; exit 1; }$IPT -t nat -P POSTROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: POSTROUTING Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }if [ "$verbose" = "1" ]; thenecho "Settup Rules in Table MANGLE:"fi# Define Rules for Chain: INPUTif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: INPUT"fi $IPT -t mangle -P INPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: INPUT Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: OUTPUTif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: OUTPUT"fi $IPT -t mangle -P OUTPUT ACCEPT || { status="1"; echo " Setting up Rule: Chain: OUTPUT Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: FORWARDif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: FORWARD"fi $IPT -t mangle -P FORWARD ACCEPT || { status="1"; echo " Setting up Rule: Chain: FORWARD Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: PREROUTINGif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: PREROUTING"fi $IPT -t mangle -P PREROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: PREROUTING Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }# Define Rules for Chain: POSTROUTINGif [ "$verbose" = "1" ]; thenecho "Create Rules for Chain: POSTROUTING"fi $IPT -t mangle -P POSTROUTING ACCEPT || { status="1"; echo " Setting up Rule: Chain: POSTROUTING Default Target FAILED! Clearing Rules!"; stopFirewall; exit 1; }if [ "$verbose" = "1" ]; thenecho -n "Enable IP Forwarding. "fiecho 1 > /proc/sys/net/ipv4/ip_forwardif [ "$verbose" = "1" ]; thenecho "Done."fiif [ "$verbose" = "1" ]; thenecho -n "Disable Reverse Path Filtering "fifor i in /proc/sys/net/ipv4/conf/*/rp_filter ; doecho 0 > $i doneif [ "$verbose" = "1" ]; thenecho "Done."fiif [ "$verbose" = "1" ]; thenecho -n "Disable log_martians (logging). "fifor i in /proc/sys/net/ipv4/conf/*/log_martians ; doecho 0 > $i doneif [ "$verbose" = "1" ]; thenecho "Done."fiif [ "$verbose" = "1" ]; thenecho -n "Enable Syn Cookies. "fiecho 1 > /proc/sys/net/ipv4/tcp_syncookiesif [ "$verbose" = "1" ]; thenecho "Done."fiecho Done.}stopFirewall() { echo -n "Clearing iptables (created by KMyFirewall)... " $IPT -t filter -F || status="1" $IPT -t filter -X || status="1" $IPT -t filter -P INPUT ACCEPT || status="1" $IPT -t filter -P OUTPUT ACCEPT || status="1" $IPT -t filter -P FORWARD ACCEPT || status="1" $IPT -t nat -F || status="1" $IPT -t nat -X || status="1" $IPT -t nat -P OUTPUT ACCEPT || status="1" $IPT -t nat -P PREROUTING ACCEPT || status="1" $IPT -t nat -P POSTROUTING ACCEPT || status="1" $IPT -t mangle -F || status="1" $IPT -t mangle -X || status="1" $IPT -t mangle -P INPUT ACCEPT || status="1" $IPT -t mangle -P OUTPUT ACCEPT || status="1" $IPT -t mangle -P OUTPUT ACCEPT || status="1" $IPT -t mangle -P PREROUTING ACCEPT || status="1" $IPT -t mangle -P POSTROUTING ACCEPT || status="1" echo "Done."}IPT="/sbin/iptables"MOD="/sbin/modprobe"status="0"verbose="0"action="$1"if [ "$1" = "-v" ]; then verbose="1"fiif [ "$1" = "--verbose" ]; then verbose="1"fiif [ "$verbose" = "1" ]; then if [ "$2" = "" ]; then echo "Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }" exit 1 fiaction="$2"ficase $action in start) stopFirewall startFirewall ;; stop) stopFirewall ;; restart) stopFirewall startFirewall ;; *) echo "Invalid action!Usage: sh kmyfirewall.sh [-v|--verbose] { start | stop | restart }" ;; esacif [ "$status" = "1" ]; then exit 1else exit 0fi