firewall internet input forward. – f limpar regras; – x excluir regra; – p modificar...
TRANSCRIPT
![Page 1: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/1.jpg)
Internet
INPUTFORWARD
![Page 2: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/2.jpg)
– F Limpar regras; – X Excluir regra; – P Modificar Policy; –t <tabela> Utilizar tabela; –L Exibir regras; –A acrescenta uma nova regra
às existentes; – N cria um novo CHAIN; –s <ip ou rede> Origem –d <ip ou rede> Destino – p <tcp/udp/icmp>
Protocolo
--dport <porta> Porta de destino
--sport <porta> Porta de origem
– i <placa> Placa de entrada; – o <placa> placa de saída; – m multiport múltiplas
portas; – j Ação executada;
Parâmetros
![Page 3: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/3.jpg)
Desligar Roteamento
Limpar Regras
Bloquear tudo
Liberar acesso Local
Criar regraspersonalizadas
Liberar Saída
Ligar roteamento
Iptables –FIptables -X
Iptables –P ... DROP
Iptables –A INPUTIptables –A FORWARD
FIR
EWA
LL -
Estr
utur
a B
ásic
a echo 0 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
![Page 4: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/4.jpg)
Criar um Firewallecho 0 > /proc/sys/net/ipv4/ip_forward
#limpar regrasiptables -Fiptables –Xiptables –t mangle -Fiptables –t mangle –Xiptables –t nat -Fiptables –t nat -X
![Page 5: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/5.jpg)
Criar um Firewall#Bloquear tudoiptables –P INPUT DROPiptables –P FORWARD DROPiptables –P OUTPUT DROP
#Liberar acesso Localiptables –A INPUT –i lo –j ACCEPTiptables –A FORWARD –i lo –j ACCEPT
![Page 6: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/6.jpg)
Criar um Firewall#Liberar acesso à Internet (HTTP,HTTPS,
SMTP,POP e DNS)iptables –A INPUT –i eth0 –p udp –-sport 53 –j ACCEPTiptables –A INPUT –i eth0 –p tcp –m multiport –-sport 25,80,443,110 –j ACCEPT
#Liberar acesso dos clientes da rede/proxyiptables –A INPUT –i eth1 –p tcp –-dport 3128 –j ACCEPT
#Liberar saídaiptables –A OUTPUT –j ACCEPT
![Page 7: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/7.jpg)
Servidor ProxySquid
![Page 8: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/8.jpg)
Servidor Proxy
CacheLista de Controle de Acesso (ACL)Autenticação
INTERNET
Cliente
Servidor Proxy
![Page 9: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/9.jpg)
Laboratório
INTERNET
192.168.104.1 – eth0
eth1 – 192.168.10.1
Servidor PROXYLinux - Squid
Cliente PROXYWindows
192.168.10.2
![Page 10: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/10.jpg)
Pacote e serviço
Instalar o pacote do SQUID#urpmi squidIniciar o serviço#chkconfig squid on#service squid startAplicar configurações sem reiniciar o serviço#squid –k reconfigure
![Page 11: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/11.jpg)
/etc/squid/squid.conf
http_port 3128error_directory /usr/share/squid/errors/Portuguesecache_dir ufs /var/spool/squid 100 16 256cache_mgr [email protected]_effective_user rootcache_effective_group rootcache_mem 8 MBvisible_hostname nome_do_servidor
![Page 12: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/12.jpg)
/etc/squid/squid.conf (ACLs)
acl minha_rede src 192.169.104.0/255.255.255.0acl palavra url_regex –i sexacl lista_negra url_regex “/etc/squid/lista.txt”acl horario time MTWTF 08:00-18:00
http_access deny palavrahttp_access deny lista_negrahttp_access allow minha_rede horario
![Page 13: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/13.jpg)
Configurar Cliente
![Page 14: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/14.jpg)
Internet ExplorerMenu ferramentas/Opções da Internet
![Page 15: Firewall Internet INPUT FORWARD. – F Limpar regras; – X Excluir regra; – P Modificar Policy; –t Utilizar tabela; –L Exibir regras;](https://reader036.vdocuments.pub/reader036/viewer/2022062818/570638471a28abb8238f395a/html5/thumbnails/15.jpg)
Firefox
Menu ferramentas/Opções ou Editar/Preferências