Página Inicial>Relacionado com a programação>Outro código-fonte
Baixar

DNAT RUSP AP 

 # Print the IP address
_IP= $( hostname -I ) || true
if [ " $_IP " ] ; then
  printf " My IP address is %sn " " $_IP "
fi


echo 1 > /proc/sys/net/ipv4/ip_forward && 
iptables -F & 
iptables -t nat -F & 
iptables -t nat -X REDSOCKS &

sleep 5 && 
iptables -t nat -N REDSOCKS && 
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN && 
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN && 
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN && 
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN && 
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN && 
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN && 
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN && 
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN && 
iptables -t nat -A REDSOCKS -p tcp -o eth0 -j DNAT --to 127.0.0.1:12345 && 
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 && 
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner dmit -j RETURN && 
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner pi -j REDSOCKS && 
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner root -j REDSOCKS && 
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner forest -j REDSOCKS && 
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS && 
iptables -A INPUT -i eth0 -j ACCEPT && 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && 
iptables -A FORWARD -i eth0 -j ACCEPT && 
iptables -t nat -A PREROUTING -p tcp -i eth0 -j REDSOCKS && 
iptables -A INPUT -i wlan0 -j ACCEPT && 
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE && 
iptables -A FORWARD -i wlan0 -j ACCEPT && 
iptables -t nat -A PREROUTING -p tcp -i wlan0 -j REDSOCKS && 
systemctl start isc-dhcp-server && 
echo " RASP ROUTER CONFIGURED "



exit 0

Seguro-Google-Itables

iptables seguros 

 #! /bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# Print the IP address
_IP= $( hostname -I ) || true
if [ " $_IP " ] ; then
  printf " My IP address is %sn " " $_IP "
fi


echo " GOOGLE IPTABLES "
iptables -t nat -F &
iptables -t nat -N REDSOCKS &

iptables -t nat -D REDSOCKS -d 202.120.58.0/24 -j RETURN &
iptables -t nat -D REDSOCKS -d 101.6.8.0/24 -j RETURN &
iptables -t nat -D REDSOCKS -d 59.111.0.251/24 -j RETURN &
iptables -t nat -D REDSOCKS -d 202.120.188.98/24 -j RETURN &
iptables -t nat -D REDSOCKS -d 0.0.0.0/8 -j RETURN &
iptables -t nat -D REDSOCKS -d 10.0.0.0/8 -j RETURN &
iptables -t nat -D REDSOCKS -d 127.0.0.0/8 -j RETURN &
iptables -t nat -D REDSOCKS -d 169.254.0.0/16 -j RETURN &
iptables -t nat -D REDSOCKS -d 172.16.0.0/12 -j RETURN &
iptables -t nat -D REDSOCKS -d 192.168.0.0/16 -j RETURN &
iptables -t nat -D REDSOCKS -d 224.0.0.0/4 -j RETURN &
iptables -t nat -D REDSOCKS -d 240.0.0.0/4 -j RETURN &

iptables -t nat -A REDSOCKS -d 202.120.188.98/24 -j RETURN &
iptables -t nat -A REDSOCKS -d 202.120.58.0/24 -j RETURN &
iptables -t nat -A REDSOCKS -d 101.6.8.0/24 -j RETURN &
iptables -t nat -A REDSOCKS -d 59.111.0.251/24 -j RETURN &
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN &
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN &
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN &
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN &
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN &
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN &
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN &
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN &

iptables -t nat -D REDSOCKS -p tcp -j REDIRECT --to-ports 12345 &
iptables -t nat -D OUTPUT -p tcp -m owner --uid-owner pi -j REDSOCKS &
iptables -t nat -D OUTPUT -p tcp -m owner --uid-owner root -j REDSOCKS &

iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 &
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner pi -j REDSOCKS &
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner root -j REDSOCKS &
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner 0 -j REDSOCKS &
iptables -t nat -A OUTPUT -p tcp -m owner --gid-owner root -j REDSOCKS &
iptables -t nat -A OUTPUT -p tcp -m owner --gid-owner 0 -j REDSOCKS &

iptables -D OUTPUT -p tcp --tcp-flags RST RST -j DROP &
iptables -D INPUT -p tcp --tcp-flags RST RST -j DROP &
iptables -D OUTPUT -p udp -d 127.0.0.0/8 -j ACCEPT &
iptables -D OUTPUT -p udp -d 45.89.228.0/24 -j ACCEPT &
iptables -D OUTPUT -p udp -j DROP &

iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP &
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP &
iptables -A OUTPUT -p udp -d 127.0.0.0/8 -j ACCEPT &
iptables -A OUTPUT -p udp -d 45.89.228.0/24 -j ACCEPT &
iptables -A OUTPUT -p udp -j DROP &

echo " GOOGLE IPTABLES ADDED "

Configurações do roteador iptables da Enterprise X86 Arch

eco 1>/proc/sys/net/ipv4/ip_forward iptables -f iptables -t nat -f iptables -t Nat -x Redsocks

iptables -t Nat -n Redsocks iptables -t nat -a Redsocks -d 0.0.0.0/8 -j retorna iptables -t Nat -a Redsocks -d 10.0.0.0.0/8 -j Retorno Iptables -t NAT -A Redsocks -d 127.0.0.0/8 -j Return iptables -T -T -T -T Redsocks -d 127.0.0.0/8 -j Return Iptables -T -T -T -T Redsocks -D 127.0.0/8 -j Return iptables -t -t -t Redsocks -d 127.0.0.0/8 -j Return iptables -t -t -t Redsocks -d 127.0.0.0/8 -J 169.254.0.0/16 -J Retorno iptables -t Nat -a Redsocks -d 172.16.0.0/12 -j Retorno iptables -t Nat -a Redsocks -d 192.168.0.0/16 -j retornar iptables -t Nat -A Redsocks -d 224.0.0.0.0.0.0/16 -J 240.0.0.0/4 -J Retorno iptables -t Nat -a Redsocks -d 45.89.228.109 -j Retorno iptables -t Nat -a Redsocks -d 2.56.240.163 -j Return

iptables -t nat -A REDSOCKS -p tcp -o wlp0s29f7u4 -j DNAT --to 127.0.0.1:12345 iptables -t nat -A REDSOCKS -p tcp -o enp4s0 -j ​​DNAT --to 127.0.0.1:12345 iptables -t nat -A REDSOCKS -p tcp -j Redirecionar-para as portas 12345

iptables -t nat -a output -p tcp -m proprietário -uid -proprietário raiz -j retorna iptables -t nat -a saída -p tcp -m proprietário --uid -proprietário vpn -j devolver iptables -t nat -a saída -p tcp -j redsocks

Aceite a entrada e o Foward em todas as interface

iptables -A INPUT -i enp2s0 -j ​​ACCEPT iptables -A INPUT -i enp3s0 -j ​​ACCEPT iptables -A INPUT -i enp4s0 -j ​​ACCEPT iptables -A INPUT -i enp5s0 -j ​​ACCEPT iptables -A INPUT -i enp6s0 -j ​​ACCEPT iptables -A INPUT -i enp7s0 -j ​​ACCEPT iptables -A INPUT -i wlp0s29f7u4 -j ACCEPT iptables -A FORWARD -i enp2s0 -j ​​ACCEPT iptables -A FORWARD -i enp3s0 -j ​​ACCEPT iptables -A FORWARD -i enp4s0 -j ​​ACCEPT iptables -A FORWARD -i enp5s0 -j ​​ACCEPT iptables -A FORWARD -i enp6s0 -j ​​ACCEPT iptables -A FORWARD -i enp7s0 -j ​​ACCEPT iptables -A FORWARD -i WLP0S29F7U4 -J ACEITO

Habilite o NatS de disfarce para interfaces de saída direta

iptables -t nat -a pós -trout -o enp4s0 -j ​​máscaras iptables -t nat -a pós -trout -o wlp0s29f7u4 -j máscaras iptables -t nat -a pós -touting -o enp7s0 -j ​​machada i0 -i0 -i0t.At -at -a -tAtAtSouting -O -OSTATATATATATATATATATATATATATATATATATATATATATS6 -A pós -touting -o enp5s0 -j ​​mascarada

Redirecionar a entrada do cliente para Redsocks

iptables -t nat -a pré -picando -p tcp -i enp7s0 -j ​​Redsocks iptables -t nat -a pré -transmitindo -p tcp -i enp6s0 -j ​​redsocks iptables -t nat -a pré -ting -p tcp -i enp5s0 -j ​​Redsocks

eco "Redsocks iptables configurados";

Expandir
Informações adicionais
Aplicativos Relacionados
Recomendado para você
Informações Relacionadas Todos