forked from SimplesIP/pabx-app
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.2 KiB
44 lines
1.2 KiB
#!/bin/bash |
|
#Script de parametrizacao de seguranca com iptables para o Simples PABX IP |
|
#Autor: Alan Pablo |
|
#Referencia: Livro Asterisk na pratica - Alexandre Keller |
|
#Cuiaba - MT - 23/02/2015 |
|
|
|
|
|
#Dependencias |
|
#yum --disablerepo=\* --enablerepo=base install iptables-services |
|
#systemctl enable iptables |
|
|
|
#Flush (esvaziar). Remove todas as regras existentes. |
|
iptables -F |
|
#Apagar uma chain vazia |
|
iptables -X |
|
#Fecha todas as entradas |
|
iptables -P INPUT DROP |
|
|
|
#Abre todas as entradas |
|
#iptables -P INPUT ACCEPT |
|
|
|
#Garantindo o acesso as redes existentes |
|
#Lista as interfaces disponiveis (desconsidera o loopback) |
|
#interfaces=$(/sbin/ip ro | grep "/" | awk {'print $1'} | grep -v "169.254.0.0") |
|
# for i in $interfaces |
|
# do |
|
# iptables -A INPUT --src $i -j ACCEPT |
|
# done |
|
|
|
#Liberacao com base na origem |
|
ips=$(cat /hdaux/utilitarios/ips-liberados.txt | grep -v ";" | grep -v "#") |
|
for i in $ips |
|
do |
|
iptables -A INPUT --src $i -j ACCEPT |
|
done |
|
|
|
#LOCALHOST |
|
iptables -A INPUT -i lo -j ACCEPT |
|
|
|
#Regra com base no status de conexao: now (NEW) estabelecida (ESTABLISHED) reincidente (RELATED) e invalida (INVALID) |
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
|
|
|
#Salva as regras mesmo com reboot |
|
service iptables save
|
|
|