FSI/FIREWALL.sh

#!/bin/bash

source CONFIG.sh

IP_EXTERNAL="20.60.0.1"
IP_INTERNAL="10.60.0.1"

sudo ifconfig enp0s8 $IP_EXTERNAL netmask 255.255.255.0
sudo ifconfig enp0s9 $IP_INTERNAL netmask 255.255.255.0

# instalar mod security e apache
instalar epel-release
instalar httpd
instalar mod_security
instalar mod_security_crs
ativar_firewall

# nat
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -F
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
sudo iptables-save > /etc/sysconfig/iptables

sudo cp conf/httpd.conf /etc/httpd/httpd.conf

# apache
s enable --now httpd