Erro em script

shell-script-pt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Erro em script

From:	White_Tiger
Subject:	Erro em script
Date:	Wed, 25 May 2005 17:30:43 -0300
Ae galera. Estou construindo um script de firewall mas Ele náo está 
executando todas as ações. Se alguem pudesse me dar uma mão eu agradeceria. 
O erro que encontrei eh quando ele tem de entrar no laço case. Ele não 
apresenta erro mas nao entra.



#!/bin/bash

# Declaracao das variaveis globais
WORKING = $PWD

INT_NET = 'eth0' #Interface de coneccao com a internet.
INT_REDE = 'eth1' #Interface de coneccao com a rede.

SQUID = 'S' #Configura se o servidor possue proxy squid rodando. (S) Sim ou 
(N) Nao.
SQUID_PORT = 3128 #Porta do squid (3128 Ã(c) o padrao)

TS = 'S' #Configura se possue um servidor terminal service na rede e 
redireciona a porta (S) ou (N)
TERM_IP='192.168.1.250 <http://192.168.1.250>' #IP do servidor rodando 
terminal service na rede

YAHOO = 'S' #Bloqueia Yahoo messenger
MSN = 'N' #Bloqueia Msn messenger
ICQ = 'S' #Bloqueia ICQ
AIM = 'S' #Bloqueia AIM
P2P = 'S' #Bloqueia Kazaa
SPY = 'S' #Bloqueia Spyares conhecidos

MOD=`which modprobe` #Modulos do iptables

# Fim da declaracao de variaveis







clear
echo 
'############################################################################################################################'
echo '# #'
echo '# #'
echo '# Script IPTABLES #'
echo '# by White_Tiger - address@hidden #'
echo '# #'
echo '# #'
#
echo 
'############################################################################################################################'
echo ''
echo ''


# Deleta todas as regras do firewall

printf "Limpando as Regras."
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
printf " \033[40;32m [OK] \033[m\n"


# Desabilitando o trafego IP Entre as Placas de Rede
printf "Desabilitando o trafego entre as placas de rede."
echo "0" > /proc/sys/net/ipv4/ip_forward
printf " \033[40;32m [OK] \033[m\n"

# Configurando a Protecao anti-spoofing
printf "Configurando a protecao anti-spoofing."
for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $spoofing
done
printf " \033[40;32m [OK] \033[m\n"


# Remove modulos do ipchains para evitar conflitos
#printf "Removendo mÃ³dulos do ipchains."
#rmmod ipchains
#printf " \033[40;32m [OK] \033[m\n"

# Inseri modulos iptables
printf "Inserindo modulos iptables."
$MOD ip_tables
$MOD ip_nat_ftp
$MOD ip_conntrack_ftp
$MOD ipt_MASQUERADE
$MOD iptable_nat
$MOD ip_conntrack
$MOD iptable_filter
printf " \033[40;32m [OK] \033[m\n"


# Barra a porta Wincrash e cria log da tentativa de acesso
printf "Barrando Wincrash."
iptables -A INPUT -p tcp --dport 5042 -j LOG --log-prefix "Servico: 
Wincrash"
iptables -A INPUT -p tcp --dport 5042 -j DROP
printf " \033[40;32m [OK] \033[m\n"

# Barra a porta NetBus e cria log da tentativa de acesso
printf "Barrando NetBus."
iptables -A INPUT -p tcp --dport 12345 -j LOG --log-prefix "Servico: NetBus"
iptables -A INPUT -p tcp --dport 12345 -j DROP
printf " \033[40;32m [OK] \033[m\n"

#Protecao quanto a ataques DoS
#printf "Protegendo contra ataque DoS."
#iptables -A FORWARD -m unclean -j DROP
#printf " \033[40;32m [OK] \033[m\n"

#nat da rede
printf "Fazendo Nat na rede."
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
printf " \033[40;32m [OK] \033[m\n"

#Habilitando o squid
case $SQUID in
'S'|'s')
printf "Redirecionando a porta 80 para server squid na porta 3128."
iptables -t nat -A PREROUTING -i $INT_REDE -p tcp --dport 80 -j REDIRECT 
--to-port $SQUID_PORT
itables â"-A FORWARD -s 192.168.1.0/24 <http://192.168.1.0/24> â"-p tcp 
--dport 3128 â"-j ACCEPT
printf " \033[40;32m [OK] \033[m\n"
esac

#Habilitando o Terminal Service do RWindows
case $TS in
S|s)
printf "Redirecionando porta 3389 para Terminal Service.";
iptables -A PREROUTING -t nat -p tcp --dport 3389 -j DNAT --to $TERM_IP;
printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando o Yahoo messenger
case $YAHOO in
S|s)
printf "Bloqueando o Yahoo Messenger.";
iptables -A FORWARD -d cs.yahoo.com <http://cs.yahoo.com> -j REJECT;
iptables -A FORWARD -d scsa.yahoo.com <http://scsa.yahoo.com> -j REJECT;
printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando o Msn messenger
case $MSN in
S|s)
printf "Bloqueando o MSN Messenger.";
iptables -A FORWARD -p TCP --dport 1863 -j REJECT;
iptables -A FORWARD -d 64.4.13.0/24 <http://64.4.13.0/24> -j REJECT;
printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando o ICQ
case $ICQ in
S|s)
printf "Bloqueando o ICQ.";
iptables -A FORWARD -p TCP --dport 5190 -j REJECT;
iptables -A FORWARD -d login.icq.com <http://login.icq.com> -j REJECT;
printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando o AIM
case $AIM in
S|s)
printf "Bloqueando o AIM";
iptables -A FORWARD -d login.oscar.aol.com <http://login.oscar.aol.com> -j 
REJECT;
printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando P2P
case $P2P in

S|s)
printf "Bloqueando P2Ps.";
#iMesh
iptables -A FORWARD -d 216.35.208.0/24 <http://216.35.208.0/24> -j REJECT;

#BearShare
iptables -A FORWARD -p TCP --dport 6346 -j REJECT;

#ToadNode
iptables -A FORWARD -p TCP --dport 6346 -j REJECT;

#WinMX
iptables -A FORWARD -d 209.61.186.0/24 <http://209.61.186.0/24> -j REJECT;
iptables -A FORWARD -d 64.49.201.0/24 <http://64.49.201.0/24> -j REJECT;

#Napigator
iptables -A FORWARD -d 209.25.178.0/24 <http://209.25.178.0/24> -j REJECT;

#Morpheus
iptables -A FORWARD -d 206.142.53.0/24 <http://206.142.53.0/24> -j REJECT;
iptables -A FORWARD -p TCP --dport 1214 -j REJECT;

#KaZaA
iptables -A FORWARD -d 213.248.112.0/24 <http://213.248.112.0/24> -j REJECT;
iptables -A FORWARD -p TCP --dport 1214 -j REJECT;

for IP in `cat $WORKING/bloqueios/ip-kazaa-10.txt`
do
iptables -A FORWARD -i $OUT_IFACE -d $IP -j DROP
done;

#Limewire
iptables -A FORWARD -p TCP --dport 6346 -j REJECT;

#Audiogalaxy
iptables -A FORWARD -d 64.245.58.0/23 <http://64.245.58.0/23> -j REJECT;

#GNUTella
iptables -A FORWARD -p tcp --dport 6346 -j REJECT;

#eDonkey
iptables -A FORWARD -p tcp --dport 4661:4662 -j REJECT;
iptables -A FORWARD -p udp --dport 4665 -j REJECT;

#Napster
iptables -A FORWARD -d 64.124.41.0/24 <http://64.124.41.0/24> -j REJECT;

#Bearshare
iptables -A FORWARD -p TCP --dport 6346 -j REJECT;

#ToadNode
iptables -A FORWARD -p TCP --dport 6346 -j REJECT;


printf " \033[40;32m [OK] \033[m\n";;
esac


#Bloqueando Spyware
case $SPY in
S|s)
printf "Bloqueando SPYWARES.";
CONT=0;
for SPYW in `cat $WORKING/bloqueios/spyware cut -d : -f1`
do
iptables -A INPUT -s $SPYW -j DROP
CONT=`expr $CONT + 1`
if [ $CONT -eq 110 ]
then
echo -n "."
CONT=0
fi
done;
printf " \033[40;32m [OK] \033[m\n";;
esac

# Habilitando o trafego Ip, entre as Interfaces de rede
printf "Habilitanto o trafego entre as redes."
echo "1" > /proc/sys/net/ipv4/ip_forward
printf " \033[40;32m [OK] \033[m\n"

printf "\n\n"
printf "Instalacao do Firewall completa. \033[40;32m [OK] \033[m\n"


[As partes desta mensagem que não continham texto foram removidas]
[Prev in Thread]
Current Thread
[Next in Thread]
Pergunta aplicar ML em aix!!!, rab, 2005/05/25
- Erro em script, White_Tiger <=
  - Re: [shell-script] Erro em script, Tiago Peczenyj, 2005/05/25
Prev by Date: Pergunta aplicar ML em aix!!!
Next by Date: Re: [shell-script] Erro em script
Previous by thread: Pergunta aplicar ML em aix!!!
Next by thread: Re: [shell-script] Erro em script
Index(es):
- Date
- Thread