what are you think, this my script
#Rc.firewall - By Luis GUSTAVO
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
# Liberando WEB e E-mail
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
# Liberando WEB e E-mail Interno
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
#Compartilhando a Internet
#iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
# Proxy transparente
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# Bloqueando ping
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
# Block all ports
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1024:65535
#iptables -A FORWARD -s 192.168.1.0/24 -p udp --dport 1024:65535
#iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 1024:65535
#iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1024:65535
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1024:65535
#iptables -A FORWARD -s 192.168.1.0/24 -p udp --dport 1024:65535
#iptables -A INPUT -s 192.168.1.0/24 -p udp --dport 1024:65535
#iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1024:65535
#:.Bloqueando AIM:
#iptables -A FORWARD -d login.oscar.aol.com -j REJECT
#iptables -A FORWARD -d login.oscar.aol.com -j REJECT
#:.Bloqueando ICQ:
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 5190 -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d login.icq.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d go.icq.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 5190 -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d login.icq.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d go.icq.com -j DROP
#:.Bloqueando MSN:
iptables -A OUTPUT -s 192.168.1.0/24 -p TCP --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.1.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d login.passport.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d rad.msn.com -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs160.msgr.hotmail.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs157.msgr.hotmail.com -j DROP
iptables -A OUTPUT -s 192.168.1.0/24 -p TCP --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.1.0/24 -d messenger.hotmail.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d login.passport.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d rad.msn.com -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs160.msgr.hotmail.com -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs157.msgr.hotmail.com -j DROP
#:.Bloqueando Yahoo Messenger:
#iptables -A FORWARD -s 192.168.1.0/24 -d cs.yahoo.com -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d scsa.yahoo.com -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d cs.yahoo.com -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d scsa.yahoo.com -j REJECT
#:.iMesh:
#iptables -A FORWARD -s 192.168.1.0/24 -d 216.35.208.0/24 -j REJECT
#iptables -A FORWARD -s 192.168.1.0/24 -d 216.35.208.0/24 -j REJECT
#:.BearShare:
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#:.ToadNode:
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#:.WinMX:
#iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
#iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
#iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#:.Napigator:
#iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#:.Morpheus:
#iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
#iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
#iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#:.KaZaA:
iptables -t filter -A INPUT -i ppp0 -p tcp --dport http -m string --string "kazaa" -j DROP
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT
iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string "Kazaa" -j DROP
#iptables -A FORWARD -m string --string "msn." -j DROP
iptables -A FORWARD -m string --string ".mp3" -j DROP
iptables -t filter -A INPUT -i ppp0 -p tcp --dport http -m string --string "kazaa" -j DROP
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT
iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
iptables -A FORWARD -m string --string "Kazaa" -j DROP
#iptables -A FORWARD -m string --string "msn." -j DROP
iptables -A FORWARD -m string --string ".mp3" -j DROP
#:.Limewire:
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#:.Audiogalaxy:
#iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
#iptables -A FORWARD -m unclean -j DROP
#iptables -A INPUT -p tcp --syn -j DROP
#iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
#iptables -A FORWARD -m unclean -j DROP
#iptables -A INPUT -p tcp --syn -j DROP
# Blocking Blaster
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j DROP
#Windows Media Service | Fm odia
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d mediasrv-2.ig.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d volstag2.uol.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d 200.221.5.17 -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d mediasrv-2.ig.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d volstag2.uol.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d 200.221.5.17 -j DROP
#Protegendo contra synflood
#iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j DROP
#iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j DROP
#Protegendo contra Scanner Oculto
#iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j DROP
#iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j DROP
#Protegendo contra scaner suspeito
#iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j DROP
#iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j DROP
# TOS
iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A OUTPUT -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A OUTPUT -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
Luis GUSTAVO lgpcf@xxxxxxxxxxxx
+55 (21) 9891-3560 http://skafe.sites.uol.com.br
---------------------------------------------------------------------------------
Yahoo! Messenger - Fale com seus amigos online. Instale agora!
