| Linha 1: | Linha 1: | ||
| - | |||
'''CARTORIO-BIGUAÇU''' | '''CARTORIO-BIGUAÇU''' | ||
| Linha 49: | Linha 48: | ||
senha - lupa2010 | senha - lupa2010 | ||
| + | |||
| + | |||
| + | '''rc.local''' | ||
| + | <pre> | ||
| + | #### Bloqueio do msn | ||
| + | iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT | ||
| + | iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT | ||
| + | |||
| + | #### Libera estacoes para MSN iptables -A FORWARD -s 192.168.0.15/32 -p tcp --dport 1863 -j ACCEPT | ||
| + | iptables -A FORWARD -s 192.168.0.15/32 -d loginnet.passport.com -j ACCEPT | ||
| + | iptables -A FORWARD -s 192.168.0.20/32 -p tcp --dport 1863 -j ACCEPT | ||
| + | iptables -A FORWARD -s 192.168.0.20/32 -d loginnet.passport.com -j ACCEPT | ||
| + | #iptables -A FORWARD -s 192.168.0.4/32 -p tcp --dport 1863 -j ACCEPT | ||
| + | #iptables -A FORWARD -s 192.168.0.4/32 -d loginnet.passport.com -j ACCEPT | ||
| + | |||
| + | #### IP/Bancos por fora do proxy Santander | ||
| + | iptables -t nat -I tproxy -d 200.220.186.3 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.220.178.3 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.220.179.4 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.220.187.4 -j RETURN | ||
| + | |||
| + | #### Conectividade Social Caixa | ||
| + | iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 200.201.174.0/24 -p tcp --dport 80 -j ACCEPT | ||
| + | |||
| + | iptables -t nat -A PREROUTING -d 200.201.174.202 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.202:80 | ||
| + | iptables -t nat -A PREROUTING -d 200.201.174.203 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.203:80 | ||
| + | iptables -t nat -A PREROUTING -d 200.201.174.204 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.204:80 iptables -t nat -A PREROUTING -d 200.201.174.205 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.205:80 | ||
| + | iptables -t nat -A PREROUTING -d 200.201.174.206 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.206:80 | ||
| + | iptables -t nat -A PREROUTING -d 200.201.174.207 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.207:80 iptables -t nat -A PREROUTING -d 200.201.174.208 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.208:80 | ||
| + | iptables -t nat -A PREROUTING -d 200.201.174.209 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.209:80 | ||
| + | |||
| + | iptables -t nat -I PREROUTING -i eth1 -d 200.201.174.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 | ||
| + | iptables -t nat -A PREROUTING -i eth1 -d www.caixa.gov.br -p tcp --dport 80 -j ACCEPT | ||
| + | iptables -t nat -A PREROUTING -i eth1 -d www1.caixa.gov.br -p tcp --dport 80 -j ACCEPT | ||
| + | iptables -t nat -A PREROUTING -i eth1 -d cmt.caixa.gov.br -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -d www.caixa.com.br -p tcp --dport 80 -j ACCEPT | ||
| + | |||
| + | iptables -t nat -I PREROUTING -d 200.201.174.207 -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -s 200.201.174.207 -j ACCEPT | ||
| + | |||
| + | iptables -t nat -I PREROUTING -d 200.201.169.69 -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -s 200.201.169.69 -j ACCEPT | ||
| + | |||
| + | iptables -t nat -I PREROUTING -d 200.201.166.240 -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -s 200.201.166.240 -j ACCEPT | ||
| + | |||
| + | iptables -I FORWARD -p tcp --dport 80 -s 192.168.0.0/24 -d 200.201.174.0/24 -j ACCEPT | ||
| + | |||
| + | iptables -I FORWARD -p tcp --dport 21 -d 200.201.174.207 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 80 -d 200.201.174.207 -j ACCEPT | ||
| + | |||
| + | iptables -I FORWARD -p tcp --dport 21 -d 200.201.169.69 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 80 -d 200.201.169.69 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 21 -d 200.201.166.240 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 80 -d 200.201.166.240 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.169.69 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.169.69 -j ACCEPT | ||
| + | |||
| + | iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.166.240 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.166.240 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.174.207 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.174.207 -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp -s 200.201.174.207 -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp -s 200.201.169.69 -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
| + | iptables -I FORWARD -p tcp -s 200.201.166.240 -m state --state ESTABLISHED,RELATED -j ACCEPT | ||
| + | |||
| + | iptables -A INPUT -i eth0 -p udp -s 200.201.174.207 -j ACCEPT | ||
| + | iptables -A INPUT -i eth1 -p udp -s 200.201.174.207 -j ACCEPT | ||
| + | iptables -A INPUT -i eth0 -p udp -s 200.201.169.69 -j ACCEPT | ||
| + | iptables -A INPUT -i eth1 -p udp -s 200.201.169.69 -j ACCEPT | ||
| + | |||
| + | iptables -A INPUT -i eth0 -p udp -s 200.201.166.240 -j ACCEPT | ||
| + | iptables -A INPUT -i eth1 -p udp -s 200.201.166.240 -j ACCEPT | ||
| + | |||
| + | iptables -A OUTPUT -p tcp --destination-port 2631:2631 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --destination-port 2631:2631 -j ACCEPT | ||
| + | |||
| + | #### Passa por fora do Proxy #### | ||
| + | iptables -t nat -I tproxy -d 200.201.166.200 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.166.240 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.169.69 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.173.0/24 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.173.68 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.174.0/24 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.174.204 -j RETURN | ||
| + | iptables -t nat -I tproxy -d 200.201.174.207 -j RETURN | ||
| + | |||
| + | # Speed UP DNS | ||
| + | iptables -t mangle -A OUTPUT -p udp --dport 53 -j TOS --set-tos 0x08 iptables -t mangle -A PREROUTING -p udp --dport 53 -j TOS --set-tos 0x10 | ||
| + | |||
| + | # Speed UP HTTP | ||
| + | iptables -t mangle -A OUTPUT -p tcp -j TOS --sport 80 --set-tos 0x08 | ||
| + | iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TOS --set-tos 0x08 | ||
| + | |||
| + | ## bloqueado https (Porta 443) iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify | ||
| + | iptables -A INPUT -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify | ||
| + | iptables -A FORWARD -d meebo.com -p tcp --dport 443 -j DROP iptables -A INPUT -d meebo.com -p tcp --dport 443 -j DROP | ||
| + | |||
| + | #Bloqueio do https://Imo.im | ||
| + | iptables -A FORWARD -d imo.im -p tcp --dport 443 -j DROP | ||
| + | iptables -A INPUT -d imo.im -p tcp --dport 443 -j DROP | ||
| + | iptables -A FORWARD -p tcp -d imo.im --dport 448 -j DROP | ||
| + | iptables -A FORWARD -p udp -d imo.im --dport 448 -j DROP | ||
| + | |||
| + | ## google talk | ||
| + | iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j DROP | ||
| + | iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j DROP | ||
| + | iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j DROP | ||
| + | iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP | ||
| + | |||
| + | ## bloqueado https (Porta 563) | ||
| + | #iptables -A FORWARD -d iy-in-f85.google.com -p tcp --dport 563 -j DROP #orkut | ||
| + | #iptables -A INPUT -d vw-in-f85.google.com -p tcp --dport 563 -j DROP #orkut | ||
| + | iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP | ||
| + | iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP | ||
| + | iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify | ||
| + | iptables -A INPUT -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify | ||
| + | iptables -A FORWARD -d meebo.com -p tcp --dport 563 -j DROP | ||
| + | iptables -A INPUT -d meebo.com -p tcp --dport 563 -j DROP | ||
| + | |||
| + | ### BLOQ PLUS | ||
| + | iptables -t nat -I PREROUTING -p tcp --dport 443 -j ACCEPT # LIBERADO PARA ACESSO A BANCOS iptables -A FORWARD -d orkut.com -p tcp --dport 563 -j DROP | ||
| + | iptables -A INPUT -d orkut.com -p tcp --dport 563 -j DROP | ||
| + | iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.meebo.com --dport 443 -j DROP | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.orkut.com --dport 443 -j DROP | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.buddy.com --dport 443 -j DROP | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.ebuddy.com --dport 443 -j DROP | ||
| + | |||
| + | ## Bloqueio das estacoes CART 10 11 e 12 | ||
| + | iptables -t nat -I PREROUTING -p tcp -m iprange --src-range 192.168.0.5-192.168.0.7 -j DROP | ||
| + | |||
| + | ## Liberação de sites essenciais para CART 10 11 e 12 | ||
| + | iptables -t nat -I PREROUTING -p tcp -d tjsc6.tjsc.jus.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.receita.fazenda.gov.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d receita.fazenda.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d www.extrajudicial.tjsp.jus.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d extrajudicial.tjsp.jus.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.tj.sc.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d tj.sc.gov.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d app.tjsc.jus.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d www.tjsc.jus.br -j ACCEPT | ||
| + | iptables -t nat -I PREROUTING -p tcp -d tjsc.jus.br -j ACCEPT | ||
| + | |||
| + | ## Lebera a atualização do avira | ||
| + | iptables -t nat -I PREROUTING -p tcp -d personal.avira-update.com -j ACCEPT | ||
| + | ### vpn | ||
| + | #openvpn /etc/brazilfw/openvpn/server-01.config #openvpn /etc/brazilfw/openvpn/server-02.config | ||
| + | |||
| + | ### ADM | ||
| + | cp /partition/lupa/otimizacoes/meu_profile/profile /root/.profile | ||
| + | cp /partition/lupa/otimizacoes/lupa.png /var/htdocs/webadmin/images/logo.png | ||
| + | |||
| + | /partition/lupa/scripts/snmpd.sh | ||
| + | |||
| + | </pre> | ||
CARTORIO-BIGUAÇU
ssh cartoriobiguacu.no-ip.info -l root --> firewall ssh 187.55.251.121 -l root --> firewall
backup diario via cobian local e para HD externo
D:\BACKUP --> local G:\BACKUP_EXTERNO --> HD_externo
IP 186.215.117.71
Mascara 255.255.255.192
GW 186.215.117.65
Para um bom desempenho do Windows e do seu disco rígido, é recomendável você executar o Scandisk e o Desfragmentador de Disco uma vez ao mês para garantir a integridade dos dados e para que a performance do micro não seja afetada.
Agendados para o primeiro sábado de cada mês.
* Servidores
Acesso - 186.215.117.12 usuario - root senha - lupa9002furacao2000
Acesso - 186.215.117.12
porta - 3535
usuario - Administrator
senha - lupa2010
'''rc.local'''
<pre>
#### Bloqueio do msn
iptables -A FORWARD -s 192.168.0.0/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.0.0/24 -d loginnet.passport.com -j REJECT
#### Libera estacoes para MSN iptables -A FORWARD -s 192.168.0.15/32 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.15/32 -d loginnet.passport.com -j ACCEPT
iptables -A FORWARD -s 192.168.0.20/32 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.0.20/32 -d loginnet.passport.com -j ACCEPT
#iptables -A FORWARD -s 192.168.0.4/32 -p tcp --dport 1863 -j ACCEPT
#iptables -A FORWARD -s 192.168.0.4/32 -d loginnet.passport.com -j ACCEPT
#### IP/Bancos por fora do proxy Santander
iptables -t nat -I tproxy -d 200.220.186.3 -j RETURN
iptables -t nat -I tproxy -d 200.220.178.3 -j RETURN
iptables -t nat -I tproxy -d 200.220.179.4 -j RETURN
iptables -t nat -I tproxy -d 200.220.187.4 -j RETURN
#### Conectividade Social Caixa
iptables -t nat -A PREROUTING -s 192.168.0.0/24 -d 200.201.174.0/24 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 200.201.174.202 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.202:80
iptables -t nat -A PREROUTING -d 200.201.174.203 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.203:80
iptables -t nat -A PREROUTING -d 200.201.174.204 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.204:80 iptables -t nat -A PREROUTING -d 200.201.174.205 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.205:80
iptables -t nat -A PREROUTING -d 200.201.174.206 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.206:80
iptables -t nat -A PREROUTING -d 200.201.174.207 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.207:80 iptables -t nat -A PREROUTING -d 200.201.174.208 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.208:80
iptables -t nat -A PREROUTING -d 200.201.174.209 -p tcp -m tcp --dport 80 -j DNAT --to-destination 200.201.174.209:80
iptables -t nat -I PREROUTING -i eth1 -d 200.201.174.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -d www.caixa.gov.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d www1.caixa.gov.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d cmt.caixa.gov.br -p tcp --dport 80 -j ACCEPT iptables -t nat -A PREROUTING -i eth1 -d www.caixa.com.br -p tcp --dport 80 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.174.207 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.174.207 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.169.69 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.169.69 -j ACCEPT
iptables -t nat -I PREROUTING -d 200.201.166.240 -j ACCEPT
iptables -t nat -I PREROUTING -s 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -s 192.168.0.0/24 -d 200.201.174.0/24 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 21 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.169.69 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.166.240 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20001:20005 -s 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp --dport 20000:20019 -d 200.201.174.207 -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.174.207 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.169.69 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD -p tcp -s 200.201.166.240 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.174.207 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.169.69 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.169.69 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s 200.201.166.240 -j ACCEPT
iptables -A INPUT -i eth1 -p udp -s 200.201.166.240 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 2631:2631 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 2631:2631 -j ACCEPT
#### Passa por fora do Proxy ####
iptables -t nat -I tproxy -d 200.201.166.200 -j RETURN
iptables -t nat -I tproxy -d 200.201.166.240 -j RETURN
iptables -t nat -I tproxy -d 200.201.169.69 -j RETURN
iptables -t nat -I tproxy -d 200.201.173.0/24 -j RETURN
iptables -t nat -I tproxy -d 200.201.173.68 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.0/24 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.204 -j RETURN
iptables -t nat -I tproxy -d 200.201.174.207 -j RETURN
# Speed UP DNS
iptables -t mangle -A OUTPUT -p udp --dport 53 -j TOS --set-tos 0x08 iptables -t mangle -A PREROUTING -p udp --dport 53 -j TOS --set-tos 0x10
# Speed UP HTTP
iptables -t mangle -A OUTPUT -p tcp -j TOS --sport 80 --set-tos 0x08
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TOS --set-tos 0x08
## bloqueado https (Porta 443) iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify
iptables -A INPUT -d 207.44.237.165 -p tcp --dport 443 -j DROP #proxify
iptables -A FORWARD -d meebo.com -p tcp --dport 443 -j DROP iptables -A INPUT -d meebo.com -p tcp --dport 443 -j DROP
#Bloqueio do https://Imo.im
iptables -A FORWARD -d imo.im -p tcp --dport 443 -j DROP
iptables -A INPUT -d imo.im -p tcp --dport 443 -j DROP
iptables -A FORWARD -p tcp -d imo.im --dport 448 -j DROP
iptables -A FORWARD -p udp -d imo.im --dport 448 -j DROP
## google talk
iptables -A FORWARD -d talk.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talkx.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d talk.l.google.com -p tcp --dport 443 -j DROP
iptables -A FORWARD -d chatenabled.mail.google.com -p tcp --dport 443 -j DROP
## bloqueado https (Porta 563)
#iptables -A FORWARD -d iy-in-f85.google.com -p tcp --dport 563 -j DROP #orkut
#iptables -A INPUT -d vw-in-f85.google.com -p tcp --dport 563 -j DROP #orkut
iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP
iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP
iptables -A FORWARD -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify
iptables -A INPUT -d 207.44.237.165 -p tcp --dport 563 -j DROP #proxify
iptables -A FORWARD -d meebo.com -p tcp --dport 563 -j DROP
iptables -A INPUT -d meebo.com -p tcp --dport 563 -j DROP
### BLOQ PLUS
iptables -t nat -I PREROUTING -p tcp --dport 443 -j ACCEPT # LIBERADO PARA ACESSO A BANCOS iptables -A FORWARD -d orkut.com -p tcp --dport 563 -j DROP
iptables -A INPUT -d orkut.com -p tcp --dport 563 -j DROP
iptables -A FORWARD -d imo.im -p tcp --dport 563 -j DROP iptables -A INPUT -d imo.im -p tcp --dport 563 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.meebo.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.orkut.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.buddy.com --dport 443 -j DROP
iptables -t nat -I PREROUTING -p tcp -d www.ebuddy.com --dport 443 -j DROP
## Bloqueio das estacoes CART 10 11 e 12
iptables -t nat -I PREROUTING -p tcp -m iprange --src-range 192.168.0.5-192.168.0.7 -j DROP
## Liberação de sites essenciais para CART 10 11 e 12
iptables -t nat -I PREROUTING -p tcp -d tjsc6.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.receita.fazenda.gov.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d receita.fazenda.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d www.extrajudicial.tjsp.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d extrajudicial.tjsp.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.tj.sc.gov.br -j ACCEPT iptables -t nat -I PREROUTING -p tcp -d tj.sc.gov.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d app.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d www.tjsc.jus.br -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d tjsc.jus.br -j ACCEPT
## Lebera a atualização do avira
iptables -t nat -I PREROUTING -p tcp -d personal.avira-update.com -j ACCEPT
### vpn
#openvpn /etc/brazilfw/openvpn/server-01.config #openvpn /etc/brazilfw/openvpn/server-02.config
### ADM
cp /partition/lupa/otimizacoes/meu_profile/profile /root/.profile
cp /partition/lupa/otimizacoes/lupa.png /var/htdocs/webadmin/images/logo.png
/partition/lupa/scripts/snmpd.sh