as dicas para esse iptables???
# COMPARTILHA A CONEXÃO
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# REDIRECIONAR PARA PORTA 3128 DO SERVIDOR PROXYS |||SQUID|||
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# BLOQUEIA PINGS E PROTEGE CONTRA IP SPOOLING E PACOTES INVALIDOS
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
# ABRE PARA A INTERFACE DE LOOPBACK E PARA A INTERFACE DE REDE LOCAL
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
#BLOQUEIA MSN
iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 1863 -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d loginnet.passport.com -j REJECT
# ACESSO REMOTO AO DVR
iptables -t nat -A PREROUTING -p tcp --dport 9191 -i eth1 -j DNAT --to 192.168.1.15:9191
iptables -A FORWARD -p tcp --dport 9191 -i eth1 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 37777 -i eth1 -j DNAT --to 192.168.1.15:37777
iptables -A FORWARD -p tcp --dport 37777 -i eth1 -j ACCEPT
# LIBERA PORTA PARA OPENVPN
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
# SERVIÇO POP3
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
# SERVIÇO SMTP
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
# SERVIÇOP DNS
iptables -A FORWARD -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
# LIBERA PORTA PARA SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# BLOQUEIA AS DEMAIAS CONEXOES, DEIXANDO PASSAR APENAS PACOTES DE RESPOSTA
iptables -A INPUT -p tcp --syn -j DROP
exit 0