我有以下脚本,我需要在 Ubuntu Server 启动时运行它。我可以把它放在哪里?在rc.local
?提前致谢!
#!/bin/sh
# Variaveis
LOIF="lo"
LOIP="127.0.0.1/32"
LOOPBACKIF="lo"
LOOPBACKIP="127.0.0.1/32"
INTIF="eth0"
INTIP="192.3.1.2/32"
REDEINT="192.3.1.0/24"
EXTIF="eth1"
EXTIP="192.168.1.8/32"
UNIVERSO="0.0.0.0/0"
PALTAS="1024:65535"
IPTABLE="/sbin/iptables"
LOGGING="-l"
# Geral
echo " - Desabilitando ataques de IP Spoofing."
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
# Habilitando FORWARDing
echo "1" > /proc/sys/net/ipv4/ip_forward
# Kill Timestamps
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
# Habilitando protecao a Cookie TCP SYN
echo " - Habilitando protecao a Cookie TCP SYN."
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
# Certifique que as configuracoes de diversos ICMP sanity estao presentes.
echo " - Habilitando configuracoes de ICMP."
# Desabilitando protecao a echo de broadcast ICMP.
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Habilitando protecao a mensagem de "bad error"
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Desabilitando redirecionamentos de ICMP
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Logar pacotes spoofed, roteados na origem ou redirecionados.
echo " - Logar pacotes spoofed, roteados na origem ou redirecionados "
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
# Set out local port range
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
# Reduce Dos'ing ability by reducing timeout
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack
# Carga dos Modulos
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
#Regra para pacotes com defeito
$IPTABLE -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLE -A INPUT -m state --state INVALID -j DROP
$IPTABLE -A FORWARD -m state --state INVALID -j DROP
$IPTABLE -t nat -A POSTROUTING -s $REDEINT -d $UNIVERSO -o $EXTIF -j MASQUERADE
在我的rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
noip2
# Variaveis
LOIF="lo"
LOIP="127.0.0.1/32"
LOOPBACKIF="lo"
LOOPBACKIP="127.0.0.1/32"
INTIF="eth0"
INTIP="192.3.1.2/32"
REDEINT="192.3.1.0/24"
EXTIF="eth1"
EXTIP="192.168.1.8/32"
UNIVERSO="0.0.0.0/0"
PALTAS="1024:65535"
IPTABLE="/sbin/iptables"
LOGGING="-l"
# Geral
echo " - Desabilitando ataques de IP Spoofing."
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
# Habilitando FORWARDing
echo "1" > /proc/sys/net/ipv4/ip_forward
# Kill Timestamps
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
# Habilitando protecao a Cookie TCP SYN
echo " - Habilitando protecao a Cookie TCP SYN."
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
# Certifique que as configuracoes de diversos ICMP sanity estao presentes.
echo " - Habilitando configuracoes de ICMP."
# Desabilitando protecao a echo de broadcast ICMP.
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Habilitando protecao a mensagem de "bad error"
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Desabilitando redirecionamentos de ICMP
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Logar pacotes spoofed, roteados na origem ou redirecionados.
echo " - Logar pacotes spoofed, roteados na origem ou redirecionados "
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
# Set out local port range
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
# Reduce Dos'ing ability by reducing timeout
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack
# Carga dos Modulos
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
#Regra para pacotes com defeito
$IPTABLE -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLE -A INPUT -m state --state INVALID -j DROP
$IPTABLE -A FORWARD -m state --state INVALID -j DROP
$IPTABLE -t nat -A POSTROUTING -s $REDEINT -d $UNIVERSO -o $EXTIF -j MASQUERADE
exit 0
答案1
是的。编辑/etc/rc.local
并将命令放在此处。记得以以下代码结束脚本exit 0