My rulez.... ## Limpando as regras do IPTABLES iptables -F iptables -t nat -F iptables -t mangle -F ## Ativando repasse de pacotes ## echo 1 > /proc/sys/net/ipv4/ip_forward ## instalando modulos do IPTABLES ## modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_conntrack modprobe ipt_conntrack modprobe ip_conntrack_ftp modprobe ip_tables modprobe ipt_LOG modprobe ipt_limit modprobe ipt_REJECT modprobe ipt_layer7 # Criando NAT para toda a rede. #iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE ## Ativando regras do Layer 7 # Bloqueando de skype para skype iptables -A FORWARD -m layer7 --l7proto skypetoskype -j DROP # Bloqueando o Skypeout iptables -A FORWARD -m layer7 --l7proto skypeout -j DROP # Bloqueando o Messenger #iptables -A FORWARD -m layer7 --l7proto msnmessenger -j DROP #iptables -A PREROUTING -m layer7 --l7proto msnmessenger -j DROP iptables -t filter -A FORWARD -m layer7 --l7proto msnmessenger -j DROP #Bloqueando o Goddamn ORKUT por string usando o Algoritmo bm (pode-se usar o km tambem) iptables -t filter -A FORWARD -m string --string "orkut" -j DROP --algo bm #Bloquendo torrents iptables -t filter -A FORWARD -m layer7 --l7proto bittorrent -j DROP # Mudando para Statefull #iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT These rules are blockin' gmail, hotmail and my mail server..... But its just a few rulez.... Some wrong? Cheers Stephan -- --------------------------------------------------------------------- Stephan Higuti MSN: higutisam@xxxxxxxxxxx Email: higuti.sam@xxxxxxxxx ---------------------------------------------------------------------
