quinta-feira, 9 de julho de 2020

Turbinar navegação no Vivo Fibra

Uma maneira simples, para melhorar a navegação da internet, para usuários de Vivo_Fibra, é adicionando duas regrinhas de IPTables (funcionou , na HGU Askey RTF8115VW).

Nesse modem Askey, a empresa , fez um trabalho árduo em cima de Iptables, mas não visando uma melhor fluidez e desempenho do equipamento (que por sinal não é ruim), mas sim limitar o uso de portas específicas, e ter um controle maior, em cima dos três serviços ofertados.

Com o comando iptables-save > firewall, pode-se observar o seguinte:


*raw
:PREROUTING ACCEPT [1367542:113123572]
:OUTPUT ACCEPT [606361:59422162]
:GNT - [0:0]
:GNT_1_1 - [0:0]
:GNT_2_0 - [0:0]
-A PREROUTING -m mark --mark 0x8000/0x8000 -j GNT
-A GNT -d 178.128.171.12/32 -i ppp0 -j GNT_1_1
-A GNT -d 10.200.227.153/32 -i rbr2.2 -j GNT_1_1
-A GNT -d 192.168.15.1/32 -i rbr4.0 -j GNT_1_1
-A GNT_1_1 -p icmp -j ACCEPT
-A GNT_1_1 -p udp -m udp --dport 67 -j ACCEPT
-A GNT_1_1 -p udp -m udp --dport 53 -j ACCEPT
-A GNT_1_1 -p tcp -m tcp --dport 53 -j ACCEPT
-A GNT_1_1 -p tcp -m tcp --dport 8080 -j ACCEPT
-A GNT_1_1 -j DROP
-A GNT_2_0 -p icmp -j ACCEPT
-A GNT_2_0 -p udp -m udp --dport 67 -j ACCEPT
-A GNT_2_0 -p udp -m udp --dport 53 -j ACCEPT
-A GNT_2_0 -p tcp -m tcp --dport 53 -j ACCEPT
-A GNT_2_0 -j DROP
COMMIT
# Completed on Fri Jul  3 19:46:36 2020
# Generated by iptables-save v1.4.20 on Fri Jul  3 19:46:36 2020
*nat
:PREROUTING ACCEPT [411:39470]
:INPUT ACCEPT [15:948]
:OUTPUT ACCEPT [19:1292]
:POSTROUTING ACCEPT [0:0]
:DLB - [0:0]
:DLB_1_1 - [0:0]
:DLB_1_1_F_1 - [0:0]
:DLB_1_1_F_2 - [0:0]
:DLB_1_1_F_3 - [0:0]
:DLB_1_1_F_4 - [0:0]
:DLB_2_0 - [0:0]
:DNT - [0:0]
:DNT_1_1 - [0:0]
:DNT_1_1_F_1 - [0:0]
:DNT_1_1_F_2 - [0:0]
:DNT_1_1_F_3 - [0:0]
:DNT_1_1_F_4 - [0:0]
:DNT_1_1_H_P_1 - [0:0]
:DNT_1_1_H_P_2 - [0:0]
:DNT_1_1_H_P_3 - [0:0]
:DNT_1_1_H_P_4 - [0:0]
:DNT_1_1_H_P_F - [0:0]
:DNT_1_1_H_P_X - [0:0]
:DNT_1_1_H_R_1 - [0:0]
:DNT_1_1_H_R_2 - [0:0]
:DNT_1_1_H_R_3 - [0:0]
:DNT_1_1_H_R_4 - [0:0]
:DNT_1_1_H_R_F - [0:0]
:DNT_1_1_H_R_X - [0:0]
:DNT_1_1_H_X_1 - [0:0]
:DNT_1_1_H_X_2 - [0:0]
:DNT_1_1_H_X_3 - [0:0]
:DNT_1_1_H_X_4 - [0:0]
:DNT_1_1_H_X_F - [0:0]
:DNT_1_1_H_X_X - [0:0]
:DNT_1_1_X_P_1 - [0:0]
:DNT_1_1_X_P_2 - [0:0]
:DNT_1_1_X_P_3 - [0:0]
:DNT_1_1_X_P_4 - [0:0]
:DNT_1_1_X_P_F - [0:0]
:DNT_1_1_X_P_X - [0:0]
:DNT_1_1_X_R_1 - [0:0]
:DNT_1_1_X_R_2 - [0:0]
:DNT_1_1_X_R_3 - [0:0]
:DNT_1_1_X_R_4 - [0:0]
:DNT_1_1_X_R_F - [0:0]
:DNT_1_1_X_R_X - [0:0]
:DNT_1_1_X_X_1 - [0:0]
:DNT_1_1_X_X_2 - [0:0]
:DNT_1_1_X_X_3 - [0:0]
:DNT_1_1_X_X_4 - [0:0]
:DNT_1_1_X_X_F - [0:0]
:DNT_1_1_X_X_X - [0:0]
:DNT_2_0 - [0:0]
:DNT_2_0_H_P_F - [0:0]
:DNT_2_0_H_P_X - [0:0]
:DNT_2_0_H_R_F - [0:0]
:DNT_2_0_H_R_X - [0:0]
:DNT_2_0_H_X_F - [0:0]
:DNT_2_0_H_X_X - [0:0]
:DNT_2_0_X_P_F - [0:0]
:DNT_2_0_X_P_X - [0:0]
:DNT_2_0_X_R_F - [0:0]
:DNT_2_0_X_R_X - [0:0]
:DNT_2_0_X_X_F - [0:0]
:DNT_2_0_X_X_X - [0:0]
:IEX - [0:0]
:IEX_1_1 - [0:0]
:IEX_2_0 - [0:0]
:SHGW_PREROUTING - [0:0]
:SLB - [0:0]
:SLB_1_1 - [0:0]
:SLB_1_1_F_1 - [0:0]
:SLB_1_1_F_2 - [0:0]
:SLB_1_1_F_3 - [0:0]
:SLB_1_1_F_4 - [0:0]
:SLB_2_0 - [0:0]
:SNT - [0:0]
:SNT_1_1 - [0:0]
:SNT_2_0 - [0:0]
:TBR_M - [0:0]
:TBR_ME - [0:0]
:TBR_ME_1_1_F_1 - [0:0]
:TBR_ME_1_1_F_2 - [0:0]
:TBR_ME_1_1_F_3 - [0:0]
:TBR_ME_1_1_F_4 - [0:0]
:TBR_ME_1_1_L - [0:0]
:TBR_ME_1_1_W - [0:0]
:TBR_ME_2_0_L - [0:0]
:TBR_ME_2_0_W - [0:0]
:TBR_M_1_1_F_1 - [0:0]
:TBR_M_1_1_F_2 - [0:0]
:TBR_M_1_1_F_3 - [0:0]
:TBR_M_1_1_F_4 - [0:0]
:TBR_M_1_1_L - [0:0]
:TBR_M_1_1_W - [0:0]
:TBR_M_2_0_L - [0:0]
:TBR_M_2_0_W - [0:0]
:TEF_S - [0:0]
:TEF_S_1_1 - [0:0]
-A PREROUTING -j IEX
-A PREROUTING -j TBR_ME
-A PREROUTING -p tcp -j DLB
-A PREROUTING -p tcp -j DNT
-A PREROUTING -p udp -j DLB
-A PREROUTING -p udp -j DNT
-A PREROUTING -p 33 -j DLB
-A PREROUTING -p 33 -j DNT
-A PREROUTING -p sctp -j DLB
-A PREROUTING -p sctp -j DNT
-A PREROUTING -j TBR_M
-A PREROUTING -j TEF_S
-A POSTROUTING -j SLB
-A POSTROUTING -j SNT
-A DLB -i rbr4.0 -j DLB_1_1
-A DLB_1_1 -d 178.238.171.12/32 -j DLB_1_1_F_2
-A DLB_1_1 -d 10.200.117.152/32 -j DLB_1_1_F_3
-A DLB_1_1 -d 192.168.15.1/32 -j DLB_1_1_F_1
-A DLB_1_1_F_1 -j DNT_1_1_H_P_1
-A DLB_1_1_F_1 -j DNT_1_1_H_P_X
-A DLB_1_1_F_1 -j DNT_1_1_H_R_1
-A DLB_1_1_F_1 -j DNT_1_1_H_R_X
-A DLB_1_1_F_1 -j DNT_1_1_H_X_1
-A DLB_1_1_F_1 -j DNT_1_1_H_X_X
-A DLB_1_1_F_1 -j DNT_1_1_X_P_1
-A DLB_1_1_F_1 -j DNT_1_1_X_P_X
-A DLB_1_1_F_1 -j DNT_1_1_X_R_1
-A DLB_1_1_F_1 -j DNT_1_1_X_R_X
-A DLB_1_1_F_1 -j DNT_1_1_X_X_1
-A DLB_1_1_F_1 -j DNT_1_1_X_X_X
-A DLB_1_1_F_2 -j DNT_1_1_H_P_2
-A DLB_1_1_F_2 -j DNT_1_1_H_P_X
-A DLB_1_1_F_2 -j DNT_1_1_H_R_2
-A DLB_1_1_F_2 -j DNT_1_1_H_R_X
-A DLB_1_1_F_2 -j DNT_1_1_H_X_2
-A DLB_1_1_F_2 -j DNT_1_1_H_X_X
-A DLB_1_1_F_2 -j DNT_1_1_X_P_2
-A DLB_1_1_F_2 -j DNT_1_1_X_P_X
-A DLB_1_1_F_2 -j DNT_1_1_X_R_2
-A DLB_1_1_F_2 -j DNT_1_1_X_R_X
-A DLB_1_1_F_2 -j DNT_1_1_X_X_2
-A DLB_1_1_F_2 -j DNT_1_1_X_X_X
-A DLB_1_1_F_3 -j DNT_1_1_H_P_3
-A DLB_1_1_F_3 -j DNT_1_1_H_P_X
-A DLB_1_1_F_3 -j DNT_1_1_H_R_3
-A DLB_1_1_F_3 -j DNT_1_1_H_R_X
-A DLB_1_1_F_3 -j DNT_1_1_H_X_3
-A DLB_1_1_F_3 -j DNT_1_1_H_X_X
-A DLB_1_1_F_3 -j DNT_1_1_X_P_3
-A DLB_1_1_F_3 -j DNT_1_1_X_P_X
-A DLB_1_1_F_3 -j DNT_1_1_X_R_3
-A DLB_1_1_F_3 -j DNT_1_1_X_R_X
-A DLB_1_1_F_3 -j DNT_1_1_X_X_3
-A DLB_1_1_F_3 -j DNT_1_1_X_X_X
-A DLB_1_1_F_4 -j DNT_1_1_H_P_4
-A DLB_1_1_F_4 -j DNT_1_1_H_P_X
-A DLB_1_1_F_4 -j DNT_1_1_H_R_4
-A DLB_1_1_F_4 -j DNT_1_1_H_R_X
-A DLB_1_1_F_4 -j DNT_1_1_H_X_4
-A DLB_1_1_F_4 -j DNT_1_1_H_X_X
-A DLB_1_1_F_4 -j DNT_1_1_X_P_4
-A DLB_1_1_F_4 -j DNT_1_1_X_P_X
-A DLB_1_1_F_4 -j DNT_1_1_X_R_4
-A DLB_1_1_F_4 -j DNT_1_1_X_R_X
-A DLB_1_1_F_4 -j DNT_1_1_X_X_4
-A DLB_1_1_F_4 -j DNT_1_1_X_X_X
-A DNT -i rbr2.2 -j DNT_1_1_F_3
-A DNT -i rbr3.3 -j DNT_1_1_F_4
-A DNT -i ppp0 -j DNT_1_1_F_2
-A DNT -i rbr4.0 -j DNT_1_1_F_1
-A DNT_1_1 -j DNT_1_1_H_P_F
-A DNT_1_1 -j DNT_1_1_H_P_X
-A DNT_1_1 -j DNT_1_1_H_R_F
-A DNT_1_1 -j DNT_1_1_H_R_X
-A DNT_1_1 -j DNT_1_1_H_X_F
-A DNT_1_1 -j DNT_1_1_H_X_X
-A DNT_1_1 -j DNT_1_1_X_P_F
-A DNT_1_1 -j DNT_1_1_X_P_X
-A DNT_1_1 -j DNT_1_1_X_R_F
-A DNT_1_1 -j DNT_1_1_X_R_X
-A DNT_1_1 -j DNT_1_1_X_X_F
-A DNT_1_1 -j DNT_1_1_X_X_X
-A DNT_1_1_F_1 -d 192.168.15.1/32 -j DNT_1_1
-A DNT_1_1_F_2 -d 178.238.171.12/32 -j DNT_1_1
-A DNT_1_1_F_3 -d 10.200.67.223/32 -j DNT_1_1
-A DNT_2_0 -j DNT_2_0_H_P_F
-A DNT_2_0 -j DNT_2_0_H_P_X
-A DNT_2_0 -j DNT_2_0_H_R_F
-A DNT_2_0 -j DNT_2_0_H_R_X
-A DNT_2_0 -j DNT_2_0_H_X_F
-A DNT_2_0 -j DNT_2_0_H_X_X
-A DNT_2_0 -j DNT_2_0_X_P_F
-A DNT_2_0 -j DNT_2_0_X_P_X
-A DNT_2_0 -j DNT_2_0_X_R_F
-A DNT_2_0 -j DNT_2_0_X_R_X
-A DNT_2_0 -j DNT_2_0_X_X_F
-A DNT_2_0 -j DNT_2_0_X_X_X
-A IEX -d 178.238.271.12/32 -i ppp0 -j IEX_1_1
-A IEX -d 10.20.227.153/32 -i rbr2.2 -j IEX_1_1
-A IEX -d 192.168.15.1/32 -i rbr4.0 -j IEX_1_1
-A IEX_1_1 -i ppp0 -p tcp -m tcp --dport 7547 -j ACCEPT
-A SLB -o rbr4.0 -j SLB_1_1_F_1
-A SLB_1_1 -o rbr2.2 -j MASQUERADE
-A SLB_1_1 -o rbr3.3 -j MASQUERADE
-A SLB_1_1 -o ppp0 -j MASQUERADE
-A SLB_1_1 -o rbr4.0 -j MASQUERADE
-A SLB_1_1_F_1 -s 192.168.15.0/24 -d 192.168.15.0/24 -j SLB_1_1
-A SLB_1_1_F_2 -s 178.238.171.12/32 -d 178.238.171.02/32 -j SLB_1_1
-A SLB_1_1_F_3 -s 10.22.136.0/20 -d 10.200.16.0/20 -j SLB_1_1
-A SNT -o rbr2.2 -j SNT_1_1
-A SNT -o rbr3.3 -j SNT_1_1
-A SNT -o ppp0 -j SNT_1_1
-A SNT_1_1 -o rbr2.2 -j MASQUERADE
-A SNT_1_1 -o rbr3.3 -j MASQUERADE
-A SNT_1_1 -o ppp0 -j MASQUERADE
-A TBR_M -d 178.238.171.12/32 -i ppp0 -j TBR_M_1_1_F_2
-A TBR_M -d 10.200.27.53/32 -i rbr2.2 -j TBR_M_1_1_F_3
-A TBR_M -d 192.168.15.1/32 -i rbr4.0 -j TBR_M_1_1_F_1
-A TBR_ME -d 178.138.171.12/32 -i ppp0 -j TBR_ME_1_1_F_2
-A TBR_ME -d 10.200.227.153/32 -i rbr2.2 -j TBR_ME_1_1_F_3
-A TBR_ME -d 192.168.15.1/32 -i rbr4.0 -j TBR_ME_1_1_F_1
-A TBR_ME_1_1_F_1 -j TBR_ME_1_1_L
-A TBR_ME_1_1_F_2 -j TBR_ME_1_1_W
-A TBR_ME_1_1_F_3 -j TBR_ME_1_1_W
-A TBR_ME_1_1_F_4 -j TBR_ME_1_1_W
-A TBR_ME_1_1_L -p tcp -m tcp --dport 22 -j ACCEPT
-A TBR_ME_1_1_W -p tcp -m tcp --dport 22 -j RETURN
-A TBR_ME_2_0_L -p tcp -m tcp --dport 22 -j ACCEPT
-A TBR_ME_2_0_W -p tcp -m tcp --dport 22 -j RETURN
-A TBR_M_1_1_F_1 -j TBR_M_1_1_L
-A TBR_M_1_1_F_2 -j TBR_M_1_1_W
-A TBR_M_1_1_F_3 -j TBR_M_1_1_W
-A TBR_M_1_1_F_4 -j TBR_M_1_1_W
-A TBR_M_1_1_L -p tcp -m tcp --dport 80 -j ACCEPT
-A TBR_M_1_1_L -p tcp -m tcp --dport 22 -j ACCEPT
-A TBR_M_1_1_L -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A TBR_M_1_1_W -p tcp -m tcp --dport 80 -j RETURN
-A TBR_M_1_1_W -p icmp -m icmp --icmp-type 8 -j RETURN
-A TBR_M_1_1_W -p tcp -m tcp --dport 22 -j RETURN
-A TBR_M_2_0_L -p tcp -m tcp --dport 80 -j ACCEPT
-A TBR_M_2_0_L -p tcp -m tcp --dport 22 -j ACCEPT
-A TBR_M_2_0_L -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A TBR_M_2_0_W -p tcp -m tcp --dport 80 -j RETURN
-A TBR_M_2_0_W -p tcp -m tcp --dport 22 -j RETURN
-A TBR_M_2_0_W -p icmp -m icmp --icmp-type 8 -j RETURN
-A TEF_S -i rbr2.2 -j TEF_S_1_1
-A TEF_S -i rbr3.3 -j TEF_S_1_1
-A TEF_S -i ppp0 -j TEF_S_1_1
-A TEF_S -i rbr4.0 -j TEF_S_1_1
-A TEF_S_1_1 -j RETURN
-A TEF_S_1_1 -j SHGW_PREROUTING
COMMIT
# Completed on Fri Jul  3 19:46:36 2020
# Generated by iptables-save v1.4.20 on Fri Jul  3 19:46:36 2020
*mangle
:PREROUTING ACCEPT [853:76347]
:INPUT ACCEPT [559:49150]
:FORWARD ACCEPT [101:8521]
:OUTPUT ACCEPT [721:93748]
:POSTROUTING ACCEPT [822:102269]
:QCL - [0:0]
:QCL_1_1_F_1 - [0:0]
:QCL_1_1_F_2 - [0:0]
:QCL_1_1_F_3 - [0:0]
:QCL_1_1_F_4 - [0:0]
:QCL_2_0_F_0 - [0:0]
:SHGW_PREROUTING - [0:0]
:TEF_S - [0:0]
:TEF_S_1_1 - [0:0]
:TEF_S_1_1_WL - [0:0]
-A PREROUTING -j TEF_S
-A OUTPUT -j QCL
-A QCL -o rbr2.2 -j QCL_1_1_F_3
-A QCL -o rbr2.2 -m mark --mark 0x0/0xffffe0f1 -j MARK --set-xmark 0x108/0x108
-A QCL -o rbr3.3 -j QCL_1_1_F_4
-A QCL -o rbr3.3 -m mark --mark 0x0/0xffffe0f1 -j MARK --set-xmark 0x108/0x108
-A QCL -o ppp0 -j QCL_1_1_F_2
-A QCL -o ppp0 -m mark --mark 0x0/0xffffe0f1 -j MARK --set-xmark 0x108/0x108
-A QCL -o rbr4.0 -j QCL_1_1_F_1
-A QCL -o rbr4.0 -m mark --mark 0x0/0xffffe0f1 -j MARK --set-xmark 0x108/0x108
-A TEF_S -i rbr4.0 -j TEF_S_1_1
-A TEF_S_1_1 -j RETURN
-A TEF_S_1_1 -j TEF_S_1_1_WL
-A TEF_S_1_1 -p udp -m udp --dport 53 -j SHGW_PREROUTING
-A TEF_S_1_1 -p tcp -m tcp --dport 53 -j SHGW_PREROUTING
-A TEF_S_1_1_WL -d 172.29.130.5/32 -j ACCEPT
-A TEF_S_1_1_WL -d 172.29.130.6/32 -j ACCEPT
-A TEF_S_1_1_WL -d 172.29.130.5/32 -j ACCEPT
-A TEF_S_1_1_WL -d 172.29.130.6/32 -j ACCEPT
COMMIT
# Completed on Fri Jul  3 19:46:36 2020
# Generated by iptables-save v1.4.20 on Fri Jul  3 19:46:36 2020
*filter
:INPUT ACCEPT [119:11521]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3559:444564]
:FIS - [0:0]
:FIS_L_1_1_R_0 - [0:0]
:FIS_L_2_0_R_1 - [0:0]
:FIS_W_1_1_R_0 - [0:0]
:FIS_W_2_0_R_1 - [0:0]
:FWL - [0:0]
:FWL_1_1 - [0:0]
:FWL_2_0 - [0:0]
:FWL_ADV_1_1_0 - [0:0]
:FWL_CHN_1_1_0 - [0:0]
:FWL_CHN_1_1_1 - [0:0]
:FWL_CHN_1_1_2 - [0:0]
:FWL_CHN_1_1_3 - [0:0]
:FWL_DEF - [0:0]
:FWL_HIGH - [0:0]
:FWL_LOW - [0:0]
:FWL_OFF - [0:0]
:IEX - [0:0]
:IEX_1_1 - [0:0]
:IEX_2_0 - [0:0]
:IPR - [0:0]
:MCL - [0:0]
:MCL_1_1 - [0:0]
:MCL_1_1_RULE - [0:0]
:MCL_2_0 - [0:0]
:MCL_2_0_RULE - [0:0]
:M_ETH - [0:0]
:M_WIFI_24G - [0:0]
:M_WIFI_5G - [0:0]
:OPR - [0:0]
:RIE - [0:0]
:SHGW_FORWARD - [0:0]
:TBR_M - [0:0]
:TBR_M_1_1_L - [0:0]
:TBR_M_1_1_SRC - [0:0]
:TBR_M_1_1_SRC_RULE - [0:0]
:TBR_M_1_1_W - [0:0]
:TBR_M_2_0_L - [0:0]
:TBR_M_2_0_SRC - [0:0]
:TBR_M_2_0_SRC_RULE - [0:0]
:TBR_M_2_0_W - [0:0]
:TEF_EI - [0:0]
:TEF_EI_1_1 - [0:0]
:TEF_EI_1_1_I - [0:0]
:TEF_EI_1_1_T - [0:0]
:TEF_EI_1_1_V - [0:0]
:TEF_EI_1_1_W - [0:0]
:TEF_EI_2_0 - [0:0]
:TEF_EI_2_0_I - [0:0]
:TEF_EI_2_0_T - [0:0]
:TEF_EI_2_0_V - [0:0]
:TEF_EI_2_0_W - [0:0]
:TEF_EO - [0:0]
:TEF_EO_1_1 - [0:0]
:TEF_EO_1_1_I - [0:0]
:TEF_EO_1_1_T - [0:0]
:TEF_EO_1_1_V - [0:0]
:TEF_EO_1_1_W - [0:0]
:TEF_EO_2_0 - [0:0]
:TEF_EO_2_0_I - [0:0]
:TEF_EO_2_0_T - [0:0]
:TEF_EO_2_0_V - [0:0]
:TEF_EO_2_0_W - [0:0]
:TEF_I - [0:0]
:TEF_I_1_1 - [0:0]
:TEF_I_1_1_I - [0:0]
:TEF_I_1_1_L - [0:0]
:TEF_I_1_1_LS - [0:0]
:TEF_I_1_1_W - [0:0]
:TEF_I_1_1_WS - [0:0]
:TEF_I_1_1_X - [0:0]
:TEF_I_2_0 - [0:0]
:TEF_I_2_0_I - [0:0]
:TEF_I_2_0_L - [0:0]
:TEF_I_2_0_LS - [0:0]
:TEF_I_2_0_W - [0:0]
:TEF_I_2_0_WS - [0:0]
:TEF_I_2_0_X - [0:0]
:TEF_O - [0:0]
:TEF_O_1_1 - [0:0]
:TEF_O_1_1_I - [0:0]
:TEF_O_1_1_L - [0:0]
:TEF_O_1_1_LS - [0:0]
:TEF_O_1_1_W - [0:0]
:TEF_O_1_1_WS - [0:0]
:TEF_O_1_1_X - [0:0]
:TEF_O_2_0 - [0:0]
:TEF_O_2_0_I - [0:0]
:TEF_O_2_0_L - [0:0]
:TEF_O_2_0_LS - [0:0]
:TEF_O_2_0_W - [0:0]
:TEF_O_2_0_WS - [0:0]
:TEF_O_2_0_X - [0:0]
:TEF_S - [0:0]
:TEF_S_1_1 - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j IEX
-A INPUT -j IPR
-A INPUT -j RIE
-A INPUT -j MCL
-A INPUT -j TBR_M
-A INPUT -j TEF_I
-A FORWARD -s 192.168.15.2/32 -j ACCEPT
-A FORWARD -d 192.168.15.2/32 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x0/0xf0000000 -j M_WIFI_5G
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x50000000/0xf0000000 -j M_WIFI_24G
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x40000000/0xf0000000 -j M_ETH
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x30000000/0xf0000000 -j M_ETH
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x20000000/0xf0000000 -j M_ETH
-A FORWARD -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m mark --mark 0x10000000/0xf0000000 -j M_ETH
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j FIS
-A FORWARD -j TEF_EI
-A FORWARD -j TEF_EO
-A FORWARD -j FWL
-A FORWARD -j TEF_I
-A FORWARD -j TEF_O
-A FORWARD -j TEF_S
-A OUTPUT -j TEF_O
-A OUTPUT -j OPR
-A FIS -i rbr2.2 -j FIS_W_1_1_R_0
-A FIS -i rbr3.3 -j FIS_W_1_1_R_0
-A FIS -i ppp0 -j FIS_W_1_1_R_0
-A FIS -i rbr4.0 -j FIS_L_1_1_R_0
-A FIS_L_1_1_R_0 -j RETURN
-A FIS_L_1_1_R_0 -o rbr4.0 -j DROP
-A FIS_L_2_0_R_1 -j RETURN
-A FIS_W_1_1_R_0
-A FIS_W_1_1_R_0 -o rbr2.2 -j DROP
-A FIS_W_1_1_R_0 -o rbr3.3 -j DROP
-A FIS_W_1_1_R_0 -o ppp0 -j DROP
-A FIS_W_2_0_R_1
-A FWL -i rbr2.2 -j FWL_1_1
-A FWL -i rbr3.3 -j FWL_1_1
-A FWL -i ppp0 -j FWL_1_1
-A FWL -i rbr4.0 -j FWL_1_1
-A FWL_1_1 -j FWL_DEF
-A FWL_1_1 -j FWL_ADV_1_1_0
-A FWL_2_0
-A FWL_2_0 -j FWL_OFF
-A FWL_ADV_1_1_0 -j FWL_CHN_1_1_0
-A FWL_ADV_1_1_0
-A FWL_ADV_1_1_0 -j RETURN
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0 -i rbr4.0 -o rbr2.2
-A FWL_CHN_1_1_0 -i rbr4.0 -o rbr2.2 -j ACCEPT
-A FWL_CHN_1_1_0 -i rbr4.0 -o rbr3.3
-A FWL_CHN_1_1_0 -i rbr4.0 -o rbr3.3 -j ACCEPT
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0 -j FWL_CHN_1_1_1
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0 -j FWL_CHN_1_1_3
-A FWL_CHN_1_1_0
-A FWL_CHN_1_1_0 -j FWL_CHN_1_1_2
-A FWL_CHN_1_1_1
-A FWL_CHN_1_1_2
-A FWL_CHN_1_1_3
-A FWL_CHN_1_1_3 -i rbr4.0 -o ppp0
-A FWL_CHN_1_1_3 -i rbr4.0 -o ppp0 -j ACCEPT
-A FWL_CHN_1_1_3 -d 192.168.15.2/32 -i ppp0 -o rbr4.0 -p tcp -m tcp --sport 10:65535 --dport 10:65535
-A FWL_CHN_1_1_3 -d 192.168.15.2/32 -i ppp0 -o rbr4.0 -p tcp -m tcp --sport 10:65535 --dport 10:65535 -j ACCEPT
-A FWL_CHN_1_1_3 -i ppp0 -o rbr4.0 -p tcp -m tcp --sport 80 --dport 80
-A FWL_CHN_1_1_3 -i ppp0 -o rbr4.0 -p tcp -m tcp --sport 80 --dport 80 -j DROP
-A FWL_HIGH -p tcp -m tcp --dport 1:1023 -j RETURN
-A FWL_HIGH -p udp -m udp --dport 1:1023 -j RETURN
-A FWL_HIGH -p tcp -m tcp --dport 8080 -j RETURN
-A FWL_HIGH -p tcp -m tcp --dport 8443 -j RETURN
-A FWL_HIGH -p icmp -j RETURN
-A FWL_HIGH -j DROP
-A FWL_LOW -p tcp -m tcp --dport 1:1023 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1:1023 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1080 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1220 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1293 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1293 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1352 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1512 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1512 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1701 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1719 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1720 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1723 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1723 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1755 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1755 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1812:1813 -j RETURN
-A FWL_LOW -p udp -m udp --dport 1812:1813 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1863 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 1935 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 2049 -j RETURN
-A FWL_LOW -p udp -m udp --dport 2049 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 2083 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 2727 -j RETURN
-A FWL_LOW -p udp -m udp --dport 2727 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 2944 -j RETURN
-A FWL_LOW -p udp -m udp --dport 2944 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 3074 -j RETURN
-A FWL_LOW -p udp -m udp --dport 3074 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 3260 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 3478 -j RETURN
-A FWL_LOW -p udp -m udp --dport 3478 -j RETURN
-A FWL_LOW -p udp -m udp --dport 4500 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5060 -j RETURN
-A FWL_LOW -p udp -m udp --dport 5060 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5061 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5190 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5349 -j RETURN
-A FWL_LOW -p udp -m udp --dport 5353 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5800 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 5900 -j RETURN
-A FWL_LOW -p udp -m udp --dport 5900 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 6665:6669 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 8080 -j RETURN
-A FWL_LOW -p tcp -m tcp --dport 8443 -j RETURN
-A FWL_LOW -p icmp -j RETURN
-A FWL_LOW -j DROP
-A FWL_OFF -j RETURN
-A IEX -i rbr2.2 -j IEX_1_1
-A IEX -i rbr3.3 -j IEX_1_1
-A IEX -i ppp0 -j IEX_1_1
-A IEX -i rbr4.0 -j IEX_1_1
-A IEX_1_1 -i ppp0 -p tcp -m tcp --dport 7547 -j ACCEPT
-A IPR ! -p icmp -m state --state INVALID -j DROP
-A IPR -p icmp -m icmp --icmp-type 8 -m limit --limit 100/sec -j RETURN
-A IPR -p icmp -m icmp --icmp-type 8 -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 100/sec -j RETURN
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,PSH,ACK -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A IPR -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A IPR -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A IPR -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A IPR -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A MCL -i rbr2.2 -j MCL_1_1
-A MCL -i rbr3.3 -j MCL_1_1
-A MCL -i ppp0 -j MCL_1_1
-A MCL -i rbr4.0 -j MCL_1_1
-A MCL_1_1 -p tcp -m tcp --dport 80 -j RETURN
-A MCL_1_1 -p tcp -m tcp --dport 443 -j RETURN
-A MCL_1_1 -p tcp -m tcp --dport 23 -j DROP
-A MCL_1_1 -p tcp -m tcp --dport 22 -j RETURN
-A MCL_1_1_RULE -j DROP
-A MCL_2_0 -p tcp -m tcp --dport 80 -j DROP
-A MCL_2_0 -p tcp -m tcp --dport 443 -j DROP
-A MCL_2_0 -p tcp -m tcp --dport 23 -j DROP
-A MCL_2_0 -p tcp -m tcp --dport 22 -j DROP
-A MCL_2_0_RULE -j DROP
-A M_ETH -m connlimit --connlimit-above 740 --connlimit-mask 32 -j DROP
-A M_WIFI_24G -m connlimit --connlimit-above 128 --connlimit-mask 32 -j DROP
-A M_WIFI_5G -m connlimit --connlimit-above 310 --connlimit-mask 32 -j DROP
-A OPR -p icmp -m icmp --icmp-type 3/3 -j DROP
-A RIE -i rbr2.2 -p icmp -m icmp --icmp-type 8 -j DROP
-A RIE -i rbr3.3 -p icmp -m icmp --icmp-type 8 -j DROP
-A RIE -i ppp0 -p icmp -m icmp --icmp-type 8 -j RETURN
-A RIE -i rbr4.0 -p icmp -m icmp --icmp-type 8 -j RETURN
-A TBR_M -i rbr2.2 -j TBR_M_1_1_W
-A TBR_M -i rbr3.3 -j TBR_M_1_1_W
-A TBR_M -i ppp0 -j TBR_M_1_1_W
-A TBR_M -i rbr4.0 -j TBR_M_1_1_L
-A TBR_M_1_1_L -p tcp -m tcp --dport 80 -j RETURN
-A TBR_M_1_1_L -p tcp -m tcp --dport 22 -j RETURN
-A TBR_M_1_1_L -p icmp -m icmp --icmp-type 8 -j RETURN
-A TBR_M_1_1_SRC -j TBR_M_1_1_SRC_RULE
-A TBR_M_1_1_SRC -j ACCEPT
-A TBR_M_1_1_W -p tcp -m tcp --dport 80 -j DROP
-A TBR_M_1_1_W -p icmp -m icmp --icmp-type 8 -j DROP
-A TBR_M_1_1_W -p tcp -m tcp --dport 22 -j DROP
-A TBR_M_2_0_L -p tcp -m tcp --dport 80 -j RETURN
-A TBR_M_2_0_L -p tcp -m tcp --dport 22 -j RETURN
-A TBR_M_2_0_L -p icmp -m icmp --icmp-type 8 -j RETURN
-A TBR_M_2_0_SRC -j TBR_M_2_0_SRC_RULE
-A TBR_M_2_0_SRC -j ACCEPT
-A TBR_M_2_0_W -p tcp -m tcp --dport 80 -j DROP
-A TBR_M_2_0_W -p tcp -m tcp --dport 22 -j DROP
-A TBR_M_2_0_W -p icmp -m icmp --icmp-type 8 -j DROP
-A TEF_EI -i rbr2.2 -j TEF_EI_1_1
-A TEF_EI -i rbr3.3 -j TEF_EI_1_1
-A TEF_EI -i ppp0 -j TEF_EI_1_1
-A TEF_EI -i rbr4.0 -j TEF_EI_1_1
-A TEF_EI_1_1 -i rbr3.3 -j TEF_EI_1_1_T
-A TEF_EI_1_1 -i rbr2.2 -j TEF_EI_1_1_V
-A TEF_EI_1_1 -i ppp0 -j TEF_EI_1_1_I
-A TEF_EI_1_1 -i rbr2.2 -j TEF_EI_1_1_W
-A TEF_EI_1_1 -i rbr3.3 -j TEF_EI_1_1_W
-A TEF_EI_1_1 -i ppp0 -j TEF_EI_1_1_W
-A TEF_EO -o rbr2.2 -j TEF_EO_1_1
-A TEF_EO -o rbr3.3 -j TEF_EO_1_1
-A TEF_EO -o ppp0 -j TEF_EO_1_1
-A TEF_EO -o rbr4.0 -j TEF_EO_1_1
-A TEF_EO_1_1 -o rbr3.3 -j TEF_EO_1_1_T
-A TEF_EO_1_1 -o rbr2.2 -j TEF_EO_1_1_V
-A TEF_EO_1_1 -o ppp0 -j TEF_EO_1_1_I
-A TEF_EO_1_1 -o rbr2.2 -j TEF_EO_1_1_W
-A TEF_EO_1_1 -o rbr3.3 -j TEF_EO_1_1_W
-A TEF_EO_1_1 -o ppp0 -j TEF_EO_1_1_W
-A TEF_I -i rbr2.2 -j TEF_I_1_1
-A TEF_I -i rbr3.3 -j TEF_I_1_1
-A TEF_I -i ppp0 -j TEF_I_1_1
-A TEF_I -i rbr4.0 -j TEF_I_1_1
-A TEF_I_1_1 -j TEF_I_1_1_I
-A TEF_I_1_1 -j TEF_I_1_1_LS
-A TEF_I_1_1 -j TEF_I_1_1_WS
-A TEF_I_1_1 -j TEF_I_1_1_X
-A TEF_I_1_1_LS -i rbr4.0 -j TEF_I_1_1_L
-A TEF_I_1_1_WS -i rbr2.2 -j TEF_I_1_1_W
-A TEF_I_1_1_WS -i rbr3.3 -j TEF_I_1_1_W
-A TEF_I_1_1_WS -i ppp0 -j TEF_I_1_1_W
-A TEF_I_2_0 -j TEF_I_2_0_I
-A TEF_I_2_0 -j TEF_I_2_0_LS
-A TEF_I_2_0 -j TEF_I_2_0_WS
-A TEF_I_2_0 -j TEF_I_2_0_X
-A TEF_O -o rbr2.2 -j TEF_O_1_1
-A TEF_O -o rbr3.3 -j TEF_O_1_1
-A TEF_O -o ppp0 -j TEF_O_1_1
-A TEF_O -o rbr4.0 -j TEF_O_1_1
-A TEF_O_1_1 -j TEF_O_1_1_I
-A TEF_O_1_1 -j TEF_O_1_1_LS
-A TEF_O_1_1 -j TEF_O_1_1_WS
-A TEF_O_1_1 -j TEF_O_1_1_X
-A TEF_O_1_1_LS -o rbr4.0 -j TEF_O_1_1_L
-A TEF_O_1_1_WS -o rbr2.2 -j TEF_O_1_1_W
-A TEF_O_1_1_WS -o rbr3.3 -j TEF_O_1_1_W
-A TEF_O_1_1_WS -o ppp0 -j TEF_O_1_1_W
-A TEF_O_2_0 -j TEF_O_2_0_I
-A TEF_O_2_0 -j TEF_O_2_0_LS
-A TEF_O_2_0 -j TEF_O_2_0_WS
-A TEF_O_2_0 -j TEF_O_2_0_X
-A TEF_S -i rbr2.2 -j TEF_S_1_1
-A TEF_S -i rbr3.3 -j TEF_S_1_1
-A TEF_S -i ppp0 -j TEF_S_1_1
-A TEF_S -i rbr4.0 -j TEF_S_1_1
-A TEF_S_1_1 -j RETURN
-A TEF_S_1_1 -j SHGW_FORWARD
COMMIT


Para melhorar o desempenho da Internet, no geral, vamos adicionar duas regrinhas básicas a este Firewall.

Primeiro temos que acessar o modem, por SSH (costumo usar o putty):














o usuário é 'support' a senha é xxxyyyzzz (vem colado atrás do modem).















Para ter acesso ao sistema tecle 'sh'













Agora vamos inserir duas regras básicas:













#iptables -t mangle -I PREROUTING -i ppp0 -p udp --sport 53 --dport 1024:65535 -j ACCEPT













#iptables -t mangle -I PREROUTING 2 -i ppp0 -p tcp --sport 80:443 --dport 1024:65535 -j ACCEPT












Para visualizar as regras 'iptables -t mangle -nvL'









Regras adicionadas, estão passando os pacotes por elas.

O Speedtest:















Apesar do NIC ser USB, está com uma velocidade melhor.


O porém, lado ruim do negócio, jamais desligue o modem da tomada, pois as regras estão na memória RAM, vão sumir a cada novo BOOT, é bom usar um Nobreak. Para solucionar isso, teria que personalizar uma firmware especifica, como as da openwrt, isso é uma coisa bem complexa de ser feito. Se o modem desligar, necessita inserir as regras novamente.



















Postado por às 3 comentários:
Assinar: Postagens (Atom)