You are on page 1of 2

CORTA FUEGO A 2.

IPTABLES -P INPUT -j ACCEPT IPTABLES -P OUTPUT -j ACCEPT IPTABLES -P FORWARD -j DROP CORTA FUEGO B IPTABLES -P INPUT -j ACCEPT IPTABLES -P OUTPUT -j ACCEPT IPTABLES -P FORWARD -j ACCEPT 3.IPTABLES -A FORWARD -i eth0 -s 192.168.0.0/24 -p TCP --dport 80 -j ACCEPT IPTABLES -A FORWARD -i eth0 -s 192.168.0.0/24 -p TCP --dport TELNET -j ACCEPT IPTABLES -A FORWARD -i eth1 -s 0.0.0.0/0 -p TCP --dport 80 -j DROP IPTABLES -A FORWARD -i eth1 -s 0.0.0.0/0 -p TCP --dport TELNET -j DROP 4. IPTABLES -A INPUT -p icmp -j DROP 5. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE echo 1 >> /proc/sys/net/ipv4/ip_forward 6. IPTABLES -A INPUT -i lo -j ACCEPT IPTABLES -A OUTPUT -o lo -j ACCEPT 7.IPTABLES -A INPUT -i eth0 -s 200.172.34.9 -d 0.0.0.0/0 -j ACCEPT IPTABLES -A INPUT -i eth0 -s 210.165.34.6 -d 0.0.0.0/0 -j ACCEPT 8. IPTABLES -A INPUT -i eth0 192.168.0.0/16 -p TCP --dport 6901 -j DROP IPTABLES -A INPUT -i eth0 192.168.0.0/16 -p UDP --dport 6901 -j DROP IPTABLES -A INPUT -i eth0 192.168.0.0/16 -p TCP --dport 1863 -j DROP 9. iptables A FORWARD d 10.10.0.5 p tcp dport 80 j ACCEPT iptables A FORWARD d 10.10.0.5 j DROP iptables A FORWARD -s 10.10.0.5 d 192.168.0.0/24 p tcp sport 80 j ACCEPT iptables A FORWARD -s 10.10.0.5 -J DROP iptables A FORWARD d 10.10.0.4 p tcp dport 25 j ACCEPT iptables A FORWARD d 10.10.0.4 j DROP iptables A FORWARD -s 10.10.0.4 d 192.168.0.0/24 p tcp sport 25 j ACCEPT iptables A FORWARD -s 10.10.0.4 d 192.168.0.0/24 p tcp sport 110 j ACCEPT iptables A FORWARD -s 10.10.0.4 d 192.168.0.0/24 p tcp sport 143 j ACCEPT iptables A FORWARD -s 10.10.0.4 -J DROP 10.IPTABLES -A INPUT -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -p TCP --dport 10555 -j DROP IPTABLES -A INPUT -i eth0 -s 0.0.0.0/0 -d 192.168.0.0/24 -p TCP --dport 105 55 -j ACCEPT 11.IPTABLES -A OUTPUT -i eth0 192.168.0.0/24 -p tcp --dport www -j ACCEPT IPTABLES -A OUTPUT -i eth0 192.168.0.0/24 -p tcp --dport 1024:65535 -m stat e --state ESTABLISHED -j ACCEPT IPTABLES -A OUTPUT -i eth0 192.168.0.0/24 -p tcp --dport 110 -j ACCEPT // falta denegar accesos a otros puertos 12.IPTABLES -A FORWARD -j LOG // en firewalls A 13 iptables -A FORWARD -i eth1 -s 192.168.0.0/24 -p TCP --dport 1214 -j DROP iptables -A FORWARD -i eth1 -s 192.168.0.0/24 -p UDP --dport 1214 -j DROP iptables -A FORWARD -i eth1 -d 192.168.0.0/24 -p TCP --sport 1214 -j DROP iptables -A FORWARD -i eth1 -d 192.168.0.0/24 -p UDP --sport 1214 -j DROP iptables iptables iptables iptables -A -A -A -A FORWARD FORWARD FORWARD FORWARD -i -i -i -i tcp tcp tcp tcp -s -s -s -s 192.168.0.0/24 192.168.0.0/24 192.168.0.0/24 192.168.0.0/24 -d -d -d -d scs.msg.yahoo.com -j ACCEPT scsa.msg.yahoo.com -j ACCEPT scsb.msg.yahoo.com -j ACCEPT scsc.msg.yahoo.com -j ACCEPT

iptables -A FORWARD -i tcp -d 192.168.0.0/24 -s scs.msg.yahoo.com -j ACCEPT

iptables iptables iptables 14. echo

-A FORWARD -i tcp -d 192.168.0.0/24 -s scsa.msg.yahoo.com -j ACCEPT -A FORWARD -i tcp -d 192.168.0.0/24 -s scsb.msg.yahoo.com -j ACCEPT -A FORWARD -i tcp -d 192.168.0.0/24 -s scsc.msg.yahoo.com -j ACCEPT 1 > /proc/sys/net/ipv4/ip_forward // EN AMBOS FIREWALLS