Re: [shell-script] Erro em script

shell-script-pt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [shell-script] Erro em script

From:	Tiago Peczenyj
Subject:	Re: [shell-script] Erro em script
Date:	Wed, 25 May 2005 17:48:23 -0300
De um echo $SQUID antes do case.

acho que o espaço entre a variavel e o sinal de igual, assim como o
entre o igual e o valor deve ser removido.

Em 25/05/05, White_Tiger<address@hidden> escreveu:
> Ae galera. Estou construindo um script de firewall mas Ele náo está
> executando todas as ações. Se alguem pudesse me dar uma mão eu agradeceria.
> O erro que encontrei eh quando ele tem de entrar no laço case. Ele não
> apresenta erro mas nao entra.
> 
> #!/bin/bash
> 
> # Declaracao das variaveis globais
> WORKING = $PWD
> 
> INT_NET = 'eth0' #Interface de coneccao com a internet.
> INT_REDE = 'eth1' #Interface de coneccao com a rede.
> 
> SQUID = 'S' #Configura se o servidor possue proxy squid rodando. (S) Sim ou
> (N) Nao.
> SQUID_PORT = 3128 #Porta do squid (3128 Ã(c) o padrao)
> 
> TS = 'S' #Configura se possue um servidor terminal service na rede e
> redireciona a porta (S) ou (N)
> TERM_IP='192.168.1.250 <http://192.168.1.250>' #IP do servidor rodando
> terminal service na rede
> 
> YAHOO = 'S' #Bloqueia Yahoo messenger
> MSN = 'N' #Bloqueia Msn messenger
> ICQ = 'S' #Bloqueia ICQ
> AIM = 'S' #Bloqueia AIM
> P2P = 'S' #Bloqueia Kazaa
> SPY = 'S' #Bloqueia Spyares conhecidos
> 
> MOD=`which modprobe` #Modulos do iptables
> 
> # Fim da declaracao de variaveis
> 
> clear
> echo
> '############################################################################################################################'
> echo '# #'
> echo '# #'
> echo '# Script IPTABLES #'
> echo '# by White_Tiger - address@hidden #'
> echo '# #'
> echo '# #'
> #
> echo
> '############################################################################################################################'
> echo ''
> echo ''
> 
> # Deleta todas as regras do firewall
> 
> printf "Limpando as Regras."
> iptables -t filter -F
> iptables -t filter -X
> iptables -t nat -F
> iptables -t nat -X
> iptables -t mangle -F
> iptables -t mangle -X
> printf " \033[40;32m [OK] \033[m\n"
> 
> # Desabilitando o trafego IP Entre as Placas de Rede
> printf "Desabilitando o trafego entre as placas de rede."
> echo "0" > /proc/sys/net/ipv4/ip_forward
> printf " \033[40;32m [OK] \033[m\n"
> 
> # Configurando a Protecao anti-spoofing
> printf "Configurando a protecao anti-spoofing."
> for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter; do
> echo "1" > $spoofing
> done
> printf " \033[40;32m [OK] \033[m\n"
> 
> # Remove modulos do ipchains para evitar conflitos
> #printf "Removendo mÃ³dulos do ipchains."
> #rmmod ipchains
> #printf " \033[40;32m [OK] \033[m\n"
> 
> # Inseri modulos iptables
> printf "Inserindo modulos iptables."
> $MOD ip_tables
> $MOD ip_nat_ftp
> $MOD ip_conntrack_ftp
> $MOD ipt_MASQUERADE
> $MOD iptable_nat
> $MOD ip_conntrack
> $MOD iptable_filter
> printf " \033[40;32m [OK] \033[m\n"
> 
> # Barra a porta Wincrash e cria log da tentativa de acesso
> printf "Barrando Wincrash."
> iptables -A INPUT -p tcp --dport 5042 -j LOG --log-prefix "Servico:
> Wincrash"
> iptables -A INPUT -p tcp --dport 5042 -j DROP
> printf " \033[40;32m [OK] \033[m\n"
> 
> # Barra a porta NetBus e cria log da tentativa de acesso
> printf "Barrando NetBus."
> iptables -A INPUT -p tcp --dport 12345 -j LOG --log-prefix "Servico: NetBus"
> iptables -A INPUT -p tcp --dport 12345 -j DROP
> printf " \033[40;32m [OK] \033[m\n"
> 
> #Protecao quanto a ataques DoS
> #printf "Protegendo contra ataque DoS."
> #iptables -A FORWARD -m unclean -j DROP
> #printf " \033[40;32m [OK] \033[m\n"
> 
> #nat da rede
> printf "Fazendo Nat na rede."
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> printf " \033[40;32m [OK] \033[m\n"
> 
> #Habilitando o squid
> case $SQUID in
> 'S'|'s')
> printf "Redirecionando a porta 80 para server squid na porta 3128."
> iptables -t nat -A PREROUTING -i $INT_REDE -p tcp --dport 80 -j REDIRECT
> --to-port $SQUID_PORT
> itables â€"-A FORWARD -s 192.168.1.0/24 <http://192.168.1.0/24> â€"-p tcp
> --dport 3128 â€"-j ACCEPT
> printf " \033[40;32m [OK] \033[m\n"
> esac
> 
> #Habilitando o Terminal Service do RWindows
> case $TS in
> S|s)
> printf "Redirecionando porta 3389 para Terminal Service.";
> iptables -A PREROUTING -t nat -p tcp --dport 3389 -j DNAT --to $TERM_IP;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando o Yahoo messenger
> case $YAHOO in
> S|s)
> printf "Bloqueando o Yahoo Messenger.";
> iptables -A FORWARD -d cs.yahoo.com <http://cs.yahoo.com> -j REJECT;
> iptables -A FORWARD -d scsa.yahoo.com <http://scsa.yahoo.com> -j REJECT;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando o Msn messenger
> case $MSN in
> S|s)
> printf "Bloqueando o MSN Messenger.";
> iptables -A FORWARD -p TCP --dport 1863 -j REJECT;
> iptables -A FORWARD -d 64.4.13.0/24 <http://64.4.13.0/24> -j REJECT;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando o ICQ
> case $ICQ in
> S|s)
> printf "Bloqueando o ICQ.";
> iptables -A FORWARD -p TCP --dport 5190 -j REJECT;
> iptables -A FORWARD -d login.icq.com <http://login.icq.com> -j REJECT;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando o AIM
> case $AIM in
> S|s)
> printf "Bloqueando o AIM";
> iptables -A FORWARD -d login.oscar.aol.com <http://login.oscar.aol.com> -j
> REJECT;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando P2P
> case $P2P in
> 
> S|s)
> printf "Bloqueando P2Ps.";
> #iMesh
> iptables -A FORWARD -d 216.35.208.0/24 <http://216.35.208.0/24> -j REJECT;
> 
> #BearShare
> iptables -A FORWARD -p TCP --dport 6346 -j REJECT;
> 
> #ToadNode
> iptables -A FORWARD -p TCP --dport 6346 -j REJECT;
> 
> #WinMX
> iptables -A FORWARD -d 209.61.186.0/24 <http://209.61.186.0/24> -j REJECT;
> iptables -A FORWARD -d 64.49.201.0/24 <http://64.49.201.0/24> -j REJECT;
> 
> #Napigator
> iptables -A FORWARD -d 209.25.178.0/24 <http://209.25.178.0/24> -j REJECT;
> 
> #Morpheus
> iptables -A FORWARD -d 206.142.53.0/24 <http://206.142.53.0/24> -j REJECT;
> iptables -A FORWARD -p TCP --dport 1214 -j REJECT;
> 
> #KaZaA
> iptables -A FORWARD -d 213.248.112.0/24 <http://213.248.112.0/24> -j REJECT;
> iptables -A FORWARD -p TCP --dport 1214 -j REJECT;
> 
> for IP in `cat $WORKING/bloqueios/ip-kazaa-10.txt`
> do
> iptables -A FORWARD -i $OUT_IFACE -d $IP -j DROP
> done;
> 
> #Limewire
> iptables -A FORWARD -p TCP --dport 6346 -j REJECT;
> 
> #Audiogalaxy
> iptables -A FORWARD -d 64.245.58.0/23 <http://64.245.58.0/23> -j REJECT;
> 
> #GNUTella
> iptables -A FORWARD -p tcp --dport 6346 -j REJECT;
> 
> #eDonkey
> iptables -A FORWARD -p tcp --dport 4661:4662 -j REJECT;
> iptables -A FORWARD -p udp --dport 4665 -j REJECT;
> 
> #Napster
> iptables -A FORWARD -d 64.124.41.0/24 <http://64.124.41.0/24> -j REJECT;
> 
> #Bearshare
> iptables -A FORWARD -p TCP --dport 6346 -j REJECT;
> 
> #ToadNode
> iptables -A FORWARD -p TCP --dport 6346 -j REJECT;
> 
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> #Bloqueando Spyware
> case $SPY in
> S|s)
> printf "Bloqueando SPYWARES.";
> CONT=0;
> for SPYW in `cat $WORKING/bloqueios/spyware cut -d : -f1`
> do
> iptables -A INPUT -s $SPYW -j DROP
> CONT=`expr $CONT + 1`
> if [ $CONT -eq 110 ]
> then
> echo -n "."
> CONT=0
> fi
> done;
> printf " \033[40;32m [OK] \033[m\n";;
> esac
> 
> # Habilitando o trafego Ip, entre as Interfaces de rede
> printf "Habilitanto o trafego entre as redes."
> echo "1" > /proc/sys/net/ipv4/ip_forward
> printf " \033[40;32m [OK] \033[m\n"
> 
> printf "\n\n"
> printf "Instalacao do Firewall completa. \033[40;32m [OK] \033[m\n"
> 
> [As partes desta mensagem que não continham texto foram removidas]
> 
> ---------------------------------------------------------------------
> Esta lista não admite a abordagem de outras liguagens de programação, como 
> perl, C etc. Quem insistir em não seguir esta regra será moderado sem prévio 
> aviso.
> ---------------------------------------------------------------------
> Sair da lista: address@hidden
> ---------------------------------------------------------------------
> Esta lista é moderada de acordo com o previsto em 
> http://www.listas-discussao.cjb.net
> ---------------------------------------------------------------------
> 
> Links do Yahoo! Grupos
> 
> 
> 
> 
>
[Prev in Thread]
Current Thread
[Next in Thread]
Pergunta aplicar ML em aix!!!, rab, 2005/05/25
- Erro em script, White_Tiger, 2005/05/25
  - Re: [shell-script] Erro em script, Tiago Peczenyj <=
Prev by Date: Erro em script
Next by Date: Korn Shell
Previous by thread: Erro em script
Next by thread: Korn Shell
Index(es):
- Date
- Thread