forked from SimplesIP/pabx-app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.2 KiB
45 lines
1.2 KiB
2 years ago
|
#!/bin/bash
|
||
|
#Script de parametrizacao de seguranca com iptables para o Simples PABX IP
|
||
|
#Autor: Alan Pablo
|
||
|
#Referencia: Livro Asterisk na pratica - Alexandre Keller
|
||
|
#Cuiaba - MT - 23/02/2015
|
||
|
|
||
|
|
||
|
#Dependencias
|
||
|
#yum --disablerepo=\* --enablerepo=base install iptables-services
|
||
|
#systemctl enable iptables
|
||
|
|
||
|
#Flush (esvaziar). Remove todas as regras existentes.
|
||
|
iptables -F
|
||
|
#Apagar uma chain vazia
|
||
|
iptables -X
|
||
|
#Fecha todas as entradas
|
||
|
iptables -P INPUT DROP
|
||
|
|
||
|
#Abre todas as entradas
|
||
|
#iptables -P INPUT ACCEPT
|
||
|
|
||
|
#Garantindo o acesso as redes existentes
|
||
|
#Lista as interfaces disponiveis (desconsidera o loopback)
|
||
|
#interfaces=$(/sbin/ip ro | grep "/" | awk {'print $1'} | grep -v "169.254.0.0")
|
||
|
# for i in $interfaces
|
||
|
# do
|
||
|
# iptables -A INPUT --src $i -j ACCEPT
|
||
|
# done
|
||
|
|
||
|
#Liberacao com base na origem
|
||
|
ips=$(cat /hdaux/utilitarios/ips-liberados.txt | grep -v ";" | grep -v "#")
|
||
|
for i in $ips
|
||
|
do
|
||
|
iptables -A INPUT --src $i -j ACCEPT
|
||
|
done
|
||
|
|
||
|
#LOCALHOST
|
||
|
iptables -A INPUT -i lo -j ACCEPT
|
||
|
|
||
|
#Regra com base no status de conexao: now (NEW) estabelecida (ESTABLISHED) reincidente (RELATED) e invalida (INVALID)
|
||
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||
|
|
||
|
#Salva as regras mesmo com reboot
|
||
|
service iptables save
|