Para colocar um script seu para ser um serviço no sistema operacional.

Crie um script no diretório /etc/init.d/ :

# vi /etc/init.d/firewall.sh

Obs. Onde o próprio script vai receber o start,stop e restart em linha de comando.

#####bloquando facebook ##########

########Bloqueando o destino#####
iptables -I FORWARD -d AS54115 -j DROP
iptables -I FORWARD -d AS32934 -j DROP
iptables -I FORWARD -d 74.119.76.0/22 -j DROP
iptables -I FORWARD -d 69.63.184.0/21 -j DROP
iptables -I FORWARD -d 69.63.176.0/24 -j DROP
iptables -I FORWARD -d 69.63.176.0/21 -j DROP
iptables -I FORWARD -d 69.171.255.0/24 -j DROP
iptables -I FORWARD -d 69.171.240.0/20 -j DROP
iptables -I FORWARD -d 69.171.239.0/24 -j DROP
iptables -I FORWARD -d 69.171.224.0/20 -j DROP
iptables -I FORWARD -d 66.220.159.0/24 -j DROP
iptables -I FORWARD -d 66.220.152.0/21 -j DROP
iptables -I FORWARD -d 66.220.144.0/21 -j DROP
iptables -I FORWARD -d 31.13.77.0/24 -j DROP
iptables -I FORWARD -d 31.13.76.0/24 -j DROP
iptables -I FORWARD -d 31.13.75.0/24 -j DROP
iptables -I FORWARD -d 31.13.73.0/24 -j DROP
iptables -I FORWARD -d 31.13.72.0/24 -j DROP
iptables -I FORWARD -d 31.13.69.0/24 -j DROP
iptables -I FORWARD -d 31.13.64.0/19 -j DROP
iptables -I FORWARD -d 31.13.24.0/21 -j DROP
iptables -I FORWARD -d 2a03:2880::/32 -j DROP
iptables -I FORWARD -d 2620:0000:1c00::/40 -j DROP
iptables -I FORWARD -d 204.15.20.0/22 -j DROP
iptables -I FORWARD -d 173.252.96.0/19 -j DROP
iptables -I FORWARD -d 173.252.70.0/24 -j DROP
iptables -I FORWARD -d 173.252.64.0/19 -j DROP

######### Bloqueando a origem##########
iptables -I FORWARD -s AS54115 -j DROP
iptables -I FORWARD -s AS32934 -j DROP
iptables -I FORWARD -s 74.119.76.0/22 -j DROP
iptables -I FORWARD -s 69.63.184.0/21 -j DROP
iptables -I FORWARD -s 69.63.176.0/24 -j DROP
iptables -I FORWARD -s 69.63.176.0/21 -j DROP
iptables -I FORWARD -s 69.171.255.0/24 -j DROP
iptables -I FORWARD -s 69.171.240.0/20 -j DROP
iptables -I FORWARD -s 69.171.239.0/24 -j DROP
iptables -I FORWARD -s 69.171.224.0/20 -j DROP
iptables -I FORWARD -s 66.220.159.0/24 -j DROP
iptables -I FORWARD -s 66.220.152.0/21 -j DROP
iptables -I FORWARD -s 66.220.144.0/21 -j DROP
iptables -I FORWARD -s 31.13.77.0/24 -j DROP
iptables -I FORWARD -s 31.13.76.0/24 -j DROP
iptables -I FORWARD -s 31.13.75.0/24 -j DROP
iptables -I FORWARD -s 31.13.73.0/24 -j DROP
iptables -I FORWARD -s 31.13.72.0/24 -j DROP
iptables -I FORWARD -s 31.13.69.0/24 -j DROP
iptables -I FORWARD -s 31.13.64.0/19 -j DROP
iptables -I FORWARD -s 31.13.24.0/21 -j DROP
iptables -I FORWARD -s 2a03:2880::/32 -j DROP
iptables -I FORWARD -s 2620:0000:1c00::/40 -j DROP
iptables -I FORWARD -s 204.15.20.0/22 -j DROP
iptables -I FORWARD -s 173.252.96.0/19 -j DROP
iptables -I FORWARD -s 173.252.70.0/24 -j DROP
iptables -I FORWARD -s 173.252.64.0/19 -j DROP

######## permissão para execução##########

# chmod 755 /etc/init.d/firewall.sh

Para colocar na inicialização do sistema operacional Debian ou Ubuntu

# update-rc.d firewall.sh defaults

Referencias:

O bloqueio do facebook foi pego no blog do professor Alexandre onde fiz testes em um cliente da empresa onde trabalho.

Não houve acesso nos relatório e testes nas estações.

Redes in Veia

FORUM

quarta-feira, 23 de maio de 2012

SCRIPT NO SERVIÇO E NA INICIALIZAÇÃO