This Text file is old! In a ðŸ›ï¸Museum, an unsorted archive of (user-)pages. (Saved from Geocities in Oct-2009. The archival story: oocities.org)
--------------------------------------- (To 🚫report any bad content: archivehelp @ gmail.com)
>

echo 1 > /proc/sys/net/ipv4/ip_forward


# placas de servidores
ip a a 172.16.0.5/16 dev eth0
ip a a 172.16.0.8/16 dev eth0

# configuracao do firewall
# versao 20060419

iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat

iptables -P INPUT DROP
iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT  -m state --state INVALID -j DROP

iptables -A INPUT  -i lo -d 127.0.0.0/8 -j ACCEPT

iptables -P OUTPUT ACCEPT
iptables -A OUTPUT -o lo -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j DROP

iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -i lo -o lo -d 127.0.0.0/8 -j ACCEPT

########################## INPUT
iptables -A INPUT -s 10.1.0.0/16 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p tcp --dport 80   -j ACCEPT
iptables -A INPUT -s 10.1.0.1/32 -p udp --dport 514  -j ACCEPT
iptables -A INPUT -s 10.1.0.1/32 -p tcp --dport 514  -j ACCEPT
iptables -A INPUT -s 10.1.1.2/32 -p tcp --dport 514  -j ACCEPT
iptables -A INPUT                -p tcp --dport 5000 -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p icmp             -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 53   -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward


# placas de servidores
ip a a 172.16.0.5/16 dev eth0
ip a a 172.16.0.8/16 dev eth0

# configuracao do firewall
# versao 20060419

iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat

iptables -P INPUT DROP
iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT  -m state --state INVALID -j DROP

iptables -A INPUT  -i lo -d 127.0.0.0/8 -j ACCEPT

iptables -P OUTPUT ACCEPT
iptables -A OUTPUT -o lo -d 127.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j DROP

iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -i lo -o lo -d 127.0.0.0/8 -j ACCEPT

########################## INPUT
iptables -A INPUT -s 10.1.0.0/16 -p tcp --dport 22   -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p tcp --dport 80   -j ACCEPT
iptables -A INPUT -s 10.1.0.1/32 -p udp --dport 514  -j ACCEPT
iptables -A INPUT -s 10.1.0.1/32 -p tcp --dport 514  -j ACCEPT
iptables -A INPUT -s 10.1.1.2/32 -p tcp --dport 514  -j ACCEPT
iptables -A INPUT                -p tcp --dport 5000 -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p icmp             -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p udp --dport 53   -j ACCEPT
iptables -A INPUT -s 10.1.0.0/16 -p tcp --dport 3000 -j ACCEPT

########################## OUTPUT
#iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
#iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
#iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
#iptables -A OUTPUT -p icmp -j ACCEPT

########################## NATs

iptables -t nat -A PREROUTING -d 172.16.0.5 -j DNAT --to 10.1.0.1
# 172.16.0.5 = 200.180.147.50 - webserver


iptables -t nat -A PREROUTING -d 172.16.0.6 -j DNAT --to 10.1.0.254
# 172.16.0.6 = 200.180.147.51 - firewall


iptables -t nat -A PREROUTING  -d 172.16.0.8 -j DNAT --to 10.1.0.2
# 172.16.0.8 = 200.180.147.53 - servidor de mapas


iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -j SNAT --to 172.16.0.6
iptables -t nat -A POSTROUTING -s 172.17.0.2  -j SNAT --to 10.1.0.254
# adicionar interface

########################## FORWARD

############## acesso interno -> externo

## evita faixa de ips para furar proxy
iptables -A FORWARD -d 207.210.233.0/24 -j REJECT

## evita autenticação msn
iptables -A FORWARD -s rede -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s rede -d loginnet.passport.com -j REJECT

## acesso web, só pelo proxy
iptables -A FORWARD -i eth1 -s 10.1.1.2/32 -p tcp --syn --dport 80   -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.1.2/32 -p tcp --syn --dport 443  -j ACCEPT

## acesso para atualizacoes do servidor web (apt-get)
iptables -A FORWARD -i eth1 -s 10.1.0.1/32 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p udp --dport 53   -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 110  -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 995  -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 25   -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 22   -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 587  -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.0/16 -p tcp --dport 4447 -j ACCEPT
iptables -A FORWARD -p icmp                                          -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.1.2/32 -p udp --dport 123  -j ACCEPT
iptables -A FORWARD -i eth1 -s 10.1.0.1/32 -p udp --dport 123  -j ACCEPT

# servidor de mapas (acessa rede de fora)
iptables -A FORWARD         -s 10.1.0.2/32 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD         -s 10.1.0.2/32 -p tcp --dport 4747 -j ACCEPT
iptables -A FORWARD         -s 10.1.0.2/32 -p udp --dport 4747 -j ACCEPT

# professores

# note wlan0 peres
iptables -A FORWARD -i eth1 -m mac --mac-source 00:90:4b:91:6e:9f -j ACCEPT
# note eth1 peres
iptables -A FORWARD -i eth1 -m mac --mac-source 00:02:2d:5e:ee:02 -j ACCEPT
# anderson
iptables -A FORWARD -i eth1 -m mac --mac-source 00:d0:59:36:b2:78 -j ACCEPT
# maq producao/manutencao do site
iptables -A FORWARD -i eth1 -m mac --mac-source 00:D0:87:0e:8e:39 -j ACCEPT
# maquina pesquisa coordenacao
iptables -A FORWARD -i eth1 -m mac --mac-source 00:0c:6e:49:ab:88 -j ACCEPT
# zeve
iptables -A FORWARD -i eth1 -m mac --mac-source 00:D0:59:4A:CD:06 -j ACCEPT
# palm do mariano
iptables -A FORWARD -i eth1 -m mac --mac-source 00:0d:88:a6:ca:7d -j ACCEPT

############## acesso externo/interno -> DMZ extranet

# servidor web / email / ssh

iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 80   -j ACCEPT
iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 443  -j ACCEPT
iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 25   -j ACCEPT
iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 110  -j ACCEPT
iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 22   -j ACCEPT
iptables -A FORWARD -d 10.1.0.1/32 -p tcp --dport 3366 -j ACCEPT
iptables -A FORWARD -j LOG

# servidor de mapas

iptables -A FORWARD -d 10.1.0.2/32 -p tcp --dport 4447 -j ACCEPT
iptables -A FORWARD -d 10.1.0.2/32 -p tcp --dport 8001 -j ACCEPT
iptables -A FORWARD -d 10.1.0.2/32 -p tcp --dport 4747 -j ACCEPT
iptables -A FORWARD -d 10.1.0.2/32 -p udp --dport 4747 -j ACCEPT

Text file Source (historic): geocities.com/br/dionata.nunes/Documentos/Apostilas

geocities.com/br/dionata.nunes/Documentos
geocities.com/br/dionata.nunes
geocities.com/br

(to report bad content: archivehelp @ gmail)