<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Mike, lembrando que sua chain padr&atilde;o n&atilde;o deve ser alterada.&nbsp; Ou
    seja, a CHAIN INPUT, OUTPUT necessariamente precisam estar como
    ACCEPT.<br>
    <br>
    iptables -P INPUT ACCEPT<br>
    iptables -P OUTPUT ACCEPT<br>
    <br>
    Veja como ficou a sa&iacute;da do iptables -L conforme script abaixo<br>
    <br>
    [root@pbx-grupocred /]# iptables -L<br>
    Chain INPUT (policy ACCEPT)<br>
    target&nbsp;&nbsp;&nbsp;&nbsp; prot opt source&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 172.16.5.0/24&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 186.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 187.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 177.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 179.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 189.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 198.50.96.130&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 200.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    ACCEPT&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; 201.0.0.0/8&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    DROP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; udp&nbsp; --&nbsp; anywhere&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; anywhere<br>
    <br>
    Chain FORWARD (policy ACCEPT)<br>
    target&nbsp;&nbsp;&nbsp;&nbsp; prot opt source&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination<br>
    <br>
    Chain OUTPUT (policy ACCEPT)<br>
    target&nbsp;&nbsp;&nbsp;&nbsp; prot opt source&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination<br>
    <br>
    <br>
    <br>
    Em 29/07/2013 10:29, Guilherme Rezende escreveu:
    <blockquote cite="mid:51F66E3F.40208@guilherme.eti.br" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      Mike, lembrando que se tratando de SIP, que usa o protocolo UDP,
      vc pode fazer conforme abaixo:<br>
      Esse exemplo abaixo possuo em um cliente onde bloqueio qualquer
      tentativa de se logar na central via SIP c/ alguma classe
      diferente das que est&atilde;o listadas(que s&atilde;o classes BR)<br>
      Apenas isso vai resolver seu problema!<br>
      <br>
      #!/bin/bash<br>
      ipt=/sbin/iptables<br>
      $ipt -F<br>
      $ipt -A INPUT -i eth2 -s 172.16.5.0/24 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 186.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 187.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 177.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 179.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 189.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 198.50.96.130 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 200.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -s 201.0.0.0/8 -p udp -j ACCEPT<br>
      $ipt -A INPUT -i eth2 -p udp -j DROP<br>
      <br>
      <br>
      Em 26/07/2013 09:30, Mike escreveu:
      <blockquote
        cite="mid:BLU404-EAS247B98A0B1B21132AEA05F7A06A0@phx.gbl"
        type="cite">
        <meta http-equiv="Content-Type" content="text/html;
          charset=ISO-8859-1">
        <meta name="Generator" content="Microsoft Word 15 (filtered
          medium)">
        <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EstiloDeEmail17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
        <div class="WordSection1">
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Pessoal,

              agrade&ccedil;o muito a todos pelas dicas.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Bruno

              estou lendo j&aacute; os links que me passou.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Fiz

              v&aacute;rias tentativas j&aacute; inclusive esta que voc&ecirc; me passou,
              mas ao carregar o servi&ccedil;o ele me d&aacute; um erro. &nbsp;Mesmo eu
              deixando a regra -A INPUT -s 192.168.25.34 -j ACCEPT apos
              reiniciar o servi&ccedil;o, ele me bloqueia sempre. N&atilde;o libera
              meu acesso.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">[root@ibridge ~]# service iptables restart<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">iptables: Liberando regras do
              firewall:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&nbsp; OK&nbsp; ]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">iptables:

              Configurando chains para a pol&Atilde;&shy;tica ACCEPT: filt[&nbsp; OK&nbsp; ]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">iptables:

              Descarregando m&Atilde;&sup3;dulos:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [&nbsp; OK&nbsp; ]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#C00000;mso-fareast-language:EN-US"
              lang="EN-US">iptables: Aplicando regras do firewall:Bad
              argument `iptables'<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#C00000;mso-fareast-language:EN-US"
              lang="EN-US">Error occurred at line: 18<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">Try `iptables-restore -h' or
              'iptables-restore --help' for more information.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

            </span><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">[FALHOU]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Estou

              com a regra abaixo.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US"># Firewall configuration written by
              system-config-firewall<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US"># Manual customization of this file is not
              recommended.<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">*filter<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">:INPUT ACCEPT [0:0]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">:FORWARD ACCEPT [0:0]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">:OUTPUT ACCEPT [0:0]<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state ESTABLISHED,RELATED
              -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -p icmp -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -i lo -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-P INPUT DROP<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-P OUTPUT DROP<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-P FORWARD DROP<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">iptables -A INPUT -s 192.168.25.34 -j ACCEPT
              ;;meu ip local<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -s 192.168.25.34 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -s 192.168.25.82 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m tcp -p tcp
              --dport 22 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m tcp -p tcp
              --dport 80 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m tcp -p tcp
              --dport 88 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m tcp -p tcp
              --dport 3306 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m tcp -p tcp
              --dport 5038 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -m state --state NEW -m udp -p udp
              --dport 1:65535 -j ACCEPT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A INPUT -j REJECT --reject-with
              icmp-host-prohibited<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"
              lang="EN-US">-A FORWARD -j REJECT --reject-with
              icmp-host-prohibited<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">COMMIT<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Muito

              Obrigado!<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US">Att:

              Mike<o:p></o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:#1F497D;mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p>
          <p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;">De:</span></b><span
style="font-size:11.0pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;">
              <a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org">asteriskbrasil-bounces@listas.asteriskbrasil.org</a>
              [<a moz-do-not-send="true" class="moz-txt-link-freetext"
                href="mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org">mailto:asteriskbrasil-bounces@listas.asteriskbrasil.org</a>]
              <b>Em nome de </b>Bruno Gerotto<br>
              <b>Enviada em:</b> sexta-feira, 26 de julho de 2013 08:34<br>
              <b>Para:</b> <a moz-do-not-send="true"
                class="moz-txt-link-abbreviated"
                href="mailto:asteriskbrasil@listas.asteriskbrasil.org">asteriskbrasil@listas.asteriskbrasil.org</a><br>
              <b>Assunto:</b> Re: [AsteriskBrasil] RES: Iptables<o:p></o:p></span></p>
          <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
          <div>
            <p class="MsoNormal">Bom dia Mike, tudo em ordem.<o:p></o:p></p>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Seguinte, tamb&eacute;m n&atilde;o tenho mtooooo
                conhecimento em iptables e fail2ban, mas acredito que
                consigo te dar uma for&ccedil;a com minhas pr&oacute;prias palavras..<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Quando voc&ecirc; usa a op&ccedil;&atilde;o -P no comando
                iptables (iptables -P INPUT DROP), voc&ecirc; est&aacute; querendo
                dizer que a politica padr&atilde;o do firewall para as conex&otilde;es
                de entrada &eacute; drop, ou seja, todas as conex&otilde;es de entrada
                a esse servidor ser&atilde;o barradas.<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Como voc&ecirc; usou DROP para INPUT,
                FORWARD E OUTPUT, voc&ecirc; isolou o servidor de toda a rede.<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Por&eacute;m existem as regras com -A
                (iptables&nbsp;<span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">-A

                  INPUT -s 111.1111.111.111 -j ACCEPT), ou seja, voc&ecirc;
                  pode dizer que suas regras de entrada padr&atilde;o ser&atilde;o
                  drop, mas quando chegar uma conex&atilde;o de determinado ip
                  voc&ecirc; vai aceitar..</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Partindo

                  desses principios da pra voc&ecirc; bloquear tudo e liberar
                  somente o necess&aacute;rio... oque eu sempre costumo fazer.</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Quanto

                  ao Fail2ban, oque ele faz &eacute; analisar os arquivos de
                  log de uma aplica&ccedil;&atilde;o e bloquear a origem dos acessos
                  caso haja uma determinada quantia de erros. Ele faz
                  isso criando regras no iptables.</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Segue

                  alguns links que j&aacute; me ajudaram muito.</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Fail2ban

                  com asterisk</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
                  href="http://asterisk.zip.net/asterisk/">http://asterisk.zip.net/asterisk/</a>&nbsp;(Da

                um ctrl + f e procura por fail2ban pq ta bem no meio da
                pagina e ela &eacute; um pouco extensa).<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.vivaolinux.com.br/dica/Evitando-bruteforce-de-SSH-utilizando-o-Fail2ban">http://www.vivaolinux.com.br/dica/Evitando-bruteforce-de-SSH-utilizando-o-Fail2ban</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.vivaolinux.com.br/artigo/Bloqueio-de-repetidas-tentativas-de-login-ao-seu-Linux?pagina=5">http://www.vivaolinux.com.br/artigo/Bloqueio-de-repetidas-tentativas-de-login-ao-seu-Linux?pagina=5</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.servidordebian.org/pt/wheezy/security/brute_force_attack/fail2ban">http://www.servidordebian.org/pt/wheezy/security/brute_force_attack/fail2ban</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
                  href="http://www.fail2ban.org/wiki/index.php/Asterisk">http://www.fail2ban.org/wiki/index.php/Asterisk</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><span
style="font-size:11.5pt;font-family:&quot;Calibri&quot;,&quot;sans-serif&quot;;color:black">Firewall

                  Iptables com Asterisk</span><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
                  href="http://wiki.ubuntu-br.org/Iptables">http://wiki.ubuntu-br.org/Iptables</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><a moz-do-not-send="true"
href="http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-pt_br-4/s1-firewall-ipt-fwd.html">http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-pt_br-4/s1-firewall-ipt-fwd.html</a><o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal">Espero ter ajudado.<o:p></o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
            </div>
            <div>
              <p class="MsoNormal"><br clear="all">
                <o:p></o:p></p>
              <div>
                <p class="MsoNormal">ATT.<o:p></o:p></p>
                <div>
                  <p class="MsoNormal">Bruno Gerotto<o:p></o:p></p>
                </div>
              </div>
            </div>
          </div>
        </div>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <br>
        <pre wrap="">_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.Khomp.com">www.Khomp.com</a>.
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.aligera.com.br">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
KHOMP: completa linha de placas externas FXO, FXS, GSM e E1;
Media Gateways de 1 a 64 E1s para SIP com R2, ISDN e SS7;
Intercomunicadores para acesso remoto via rede IP. Conhe&ccedil;a em <a class="moz-txt-link-abbreviated" href="http://www.Khomp.com">www.Khomp.com</a>.
_______________________________________________
ALIGERA &#8211; Fabricante nacional de Gateways SIP-E1 para R2, ISDN e SS7.
Placas de 1E1, 2E1, 4E1 e 8E1 para PCI ou PCI Express.
Channel Bank &#8211; Appliance Asterisk - Acesse <a class="moz-txt-link-abbreviated" href="http://www.aligera.com.br">www.aligera.com.br</a>.
_______________________________________________
Para remover seu email desta lista, basta enviar um email em branco para <a class="moz-txt-link-abbreviated" href="mailto:asteriskbrasil-unsubscribe@listas.asteriskbrasil.org">asteriskbrasil-unsubscribe@listas.asteriskbrasil.org</a></pre>
    </blockquote>
    <br>
  </body>
</html>