Firewall para o Kura
Regra de firewall para impedir telnet no Kura
# kura-firewall.sh #!/bin/bash ### BEGIN INIT INFO # Provides: kura-firewall # Required-Start: $all # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: ### END INIT INFO function startFirewall() { #Regras de IPV4 /sbin/iptables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT #Regras de IPV6 /sbin/iptables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT } function stopFirewall() { /sbin/iptables -F } case "$1" in start ) startFirewall echo "Firewall started." ;; stop ) stopFirewall echo "Firewall stopped." ;; status ) echo "IPV4 rules:" /sbin/iptables -nL echo "IPV6 rules:" /sbin/ip6tables -nL ;; * )echo "Invalid option, use start stop, restart or status." ;; esac
Criando arquivo um serviço para o firewall pelo systemd
Instalando o firewall
#Mudando permissões do .sh sudo chown root:root kura-firewall.sh sudo chmod 755 kura-firewall.sh #Mudando permissões do .service sudo chown root:root kura-firewall.service sudo chmod 644 kura-firewall.service #Movendo arquivos sudo mv arquivo.sh /etc/init.d/ sudo mv arquivo.service /lib/systemd/system #Recarregando o systemctl sudo systemctl daemon-reload sudo systemctl enable kura-firewall.service sudo systemctl start kura-firewall.service
Firewall para o RabbitMQ
# kura-firewall.sh #!/bin/bash ### BEGIN INIT INFO # Provides: kura-firewall # Required-Start: $all # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: ### END INIT INFO function startFirewall() { #Regras de IPV4 /sbin/iptables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT #Regras de IPV6 /sbin/iptables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT }function stopFirewall() { /sbin/iptables -F } case "$1" in start ) startFirewall echo "Firewall started." ;; stop ) stopFirewall echo "Firewall stopped." ;; status ) echo "IPV4 rules:" /sbin/iptables -nL echo "IPV6 rules:" /sbin/ip6tables -nL ;; * )echo "Invalid option, use start stop, restart or status." ;; esac
Firewall Geral
# Protegendo acesso telnet pelo Kura/sbin/iptables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT /sbin/ip6tables -A INPUT -p tcp --dport 5002 -m conntrack --ctstate NEW,ESTABLISHED -j REJECT # Protegendo RabbitMQ GUI# Bloquear pacotes para a Web GUI do RabbitMQ provenientes de tudo que não for loopback, ips vpn (bloquear interfaces?/sbin/iptables -A INPUT -i lo -p tcp --dport 15672 -j ACCEPT /sbin/iptables -A INPUT -i tun0 -p tcp --dport 15672 -j ACCEPT /sbin/iptables -A INPUT -i tun1 -p tcp --dport 15672 -j ACCEPT /sbin/iptables -A INPUT -i tun2 -p tcp --dport 15672 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 15672 -j REJECT /sbin/ip6tables -A INPUT -i lo -p tcp --dport 15672 -j ACCEPT /sbin/ip6tables -A INPUT -i tun0 -p tcp --dport 15672 -j ACCEPT /sbin/ip6tables -A INPUT -i tun1 -p tcp --dport 15672 -j ACCEPT /sbin/ip6tables -A INPUT -i tun2 -p tcp --dport 15672 -j ACCEPT /sbin/ip6tables -A INPUT -p tcp --dport 15672 -j REJECT