Este script está funcionando perfeitamente no Ubuntu 9.04. No ubuntu 12.04.1 lts ocorre um erro na linha "case "$1" in". Se possível, me ajude... Desde já, agradeço pela vossa atenção. Grato. Vitor.
#Firewall.sh
iniciar(){
IFINT="eth1"
IFEXT="eth0"
DMZ="eth2"
MASCARA="255.255.255.0"
RANG="192.168.100.0/24"
RANGDMZ="192.168.120.0/24"
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_pptp
modprobe ip_nat_pptp
modprobe ip_tables
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_conntrack
modprobe iptable_nat
echo "Modulos Carregados"
iptables -F
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t nat
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
iptables -X
echo "Tabela limpa"
echo "Definindo Politicas de Acesso"
iptables -P FORWARD DROP
iptables -P INPUT ACCEPT
echo "Iniciando Novas Regras"
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 138 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1723 -j DNAT --to 192.168.100.100
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 389 -j DNAT --to 192.168.100.100
iptables -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to 192.168.100.100
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.100.100
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.100.203
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 5800 -j DNAT --to-destination 192.168.100.203
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 10001 -j DNAT --to-destination 192.168.100.251
iptables -t nat -A POSTROUTING -s $RANG -o eth0 -j SNAT --to 178.94.185.14
iptables -t nat -A POSTROUTING -s $RANGDMZ -o eth0 -j SNAT --to 178.94.185.14
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 465 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -p tcp -s $RANG -d 0/0 --dport 465 -j ACCEPT
iptables -A FORWARD -p tcp -d $RANG -s 0/0 --sport 465 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -s $RANG -d 0/0 --dport 587 -j ACCEPT
iptables -A FORWARD -p tcp -d $RANG -s 0/0 --sport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 220 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p udp --dport 220 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 3006 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p udp --dport 3006 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp --dport 5000 -j ACCEPT
iptables -A FORWARD -s $RANG -p udp --dport 5000 -j ACCEPT
iptables -A FORWARD -p tcp -s $RANG -d 0/0 --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp -d $RANG -s 0/0 --sport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -s $RANG -d 0/0 --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp -d $RANG -s 0/0 --sport 1863 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp -s $RANG -s 0/0 -j ACCEPT
iptables -A FORWARD -p udp -d $RANG -s 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s $RANG -p udp -m udp --dport 21 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp -m tcp --dport 587 -j ACCEPT
iptables -A FORWARD -s $RANG -p tcp -m tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 7001 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p udp --dport 7001 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 5004:65535 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p udp --dport 5004:65535 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p tcp --dport 5061 -j ACCEPT
iptables -A FORWARD -s $RANG -i eth1 -p udp --dport 5061 -j ACCEPT
iptables -A FORWARD -d 192.168.100.100 -s
www.facebook.com -j DROP
iptables -A INPUT -d 192.168.100.100 -s
www.facebook.com -j DROP
iptables -A FORWARD -m mac --mac-source 88:53:2E:57:B0:52 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:19:5B:3B:B0:26 -j ACCEPT
iptables -A FORWARD -s 192.168.100.15 -p tcp -j ACCEPT
iptables -A FORWARD -s 192.168.100.15 -p udp -j ACCEPT
iptables -A FORWARD -d 192.168.100.15 -p tcp -j ACCEPT
iptables -A FORWARD -d 192.168.100.15 -p udp -j ACCEPT
iptables -A FORWARD -s 192.168.120.1 -p udp -j ACCEPT
iptables -A FORWARD -s 192.168.120.1 -p udp -j ACCEPT
iptables -A FORWARD -d 192.168.120.1 -p tcp -j ACCEPT
iptables -A FORWARD -d 192.168.120.1 -p udp -j ACCEPT
iptables -A INPUT -s $RANGDMZ -j ACCEPT
iptables -A FORWARD -s $RANGDMZ -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s $RANG -j ACCEPT
iptables -A INPUT -s 201.0.150.218 -p tcp -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Regras Ativas"
}
parar(){
iptables -F
iptables -X
iptables -t nat -F
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
echo "Regras Desativadas"
}
case "$1" in
"start") iniciar ;;
"stop") parar;;
"restart") parar; iniciar;;
*) echo "Usar start stop"
esac