Home

Firewall em FreeBSD

  Nos tempos atuais, segurança deixou de ser um item reservados às grandes redes e servidores para tornar-se um companheiro mais próximo no nosso dia-à-dia.  Nesse contexto, o uso de um firewall faz-se mais que necessário.
    Esse é o script de inicialização de firewall que usava em meu laptop, baseado em FreeBSD.  É bem simples e permite um bom nível de segurança.

    Para utilizar, basta copiar o conteúdo abaixo para o arquivo /etc/rc.firewall e adicionar a seguinte entrada em /etc/rc.conf:

firewall_enable="YES"
    Para baixar as regras do firewall e permitir a passagem de todos os pacotes, basta rodar "sh /etc/rc.firewall stop".

#! /bin/sh

fwcmd="/sbin/ipfw"
LOOPB="127.0.0.1/8"

${fwcmd} -f flush
#${fwcmd} add divert natd ip from any to any via ep0
${fwcmd} add allow all from any to any via lo0
${fwcmd} add deny log all from any to ${LOOPB}
${fwcmd} add deny log all from ${LOOPB} to any

${fwcmd} add allow tcp from any to any established
${fwcmd} add allow tcp from me to any keep-state
${fwcmd} add allow udp from me to any keep-state
${fwcmd} add allow udp from me to any 53 keep-state
${fwcmd} add allow icmp from me to any keep-state

${fwcmd} add allow tcp from any to me 21 keep-state
${fwcmd} add allow tcp from any to me 22 keep-state
${fwcmd} add allow tcp from any to me 23 setup
${fwcmd} add allow tcp from any to me 69 setup
${fwcmd} add allow udp from any to me 69 keep-state
${fwcmd} add allow tcp from any to me 80 setup
${fwcmd} add allow tcp from any to me 33434 setup
${fwcmd} add allow udp from any to me 33434 setup
#${fwcmd} add allow tcp from any to me 6000 setup

#${fwcmd} add allow icmp from any to me icmptype 11
${fwcmd} add allow icmp from any to me

${fwcmd} add deny tcp from any to me 135-139
${fwcmd} add deny udp from any to me 135-139
${fwcmd} add deny log all from any to me
${fwcmd} add allow all from any to any

case $1 in
         clean|clear|stop) ${fwcmd} -f flush
                           ${fwcmd} add divert natd ip from any to any via ep0
                           ${fwcmd} add allow all from any to any
         ;;
esac

Minha configuração .emacs

Emacs.  Dizem que ele faz tudo, até edita textos.  Umas das coisas mais complexas do Emacs é configurar o mesmo e conseguir manter as configurações.  Aqui está o arquivo de configuração que uso e que foi conseguido nos idos dos tempos do LCMI (atual DAS).  O autor original deve ser o prof. GB, mas se não me engano peguei de outra pessoa.

;;; initialization file for helio's emacs 
;;; 

; To debug something
; M-x set-variable RET debug-on-error RET t RET
; {Do whatever you do to produce the error.}
; C-x b *Backtrace* RET
;
; or define here.
;(setq debug-on-error t)

(setq user-full-name "Hélio Loureiro") 
(set-language-environment "Latin-1")
(setq auto-fill-mode)
(setq global-font-lock-mode)
 
;; kai dicas . mudei kai -> daniel
(setq default-input-method "portuguese-prefix")

(defun daniel-turn-on-default-input-method ()
 "Turn on the default input method, as defined in `default-input-method'."
 (interactive)
 (activate-input-method default-input-method))

; I call this function in the mode hook for each mode where I want this,
; for example 
(add-hook 'message-mode-hook 'helio-turn-on-default-input-method)
(add-hook 'mail-setup-hook 'helio-turn-on-default-input-method)
(add-hook 'LaTeX-mode-hook 'helio-turn-on-default-input-method)
(add-hook 'text-mode-hook 'helio-turn-on-default-input-method)
(add-hook 'fundamental-mode-hook 'helio-turn-on-default-input-method)
(add-hook 'gnus-summary-mode-hook 'helio-turn-on-default-input-method)
(add-hook 'gnus-article-mode-hook 'helio-turn-on-default-input-method)

;; changes in LaTeX-mode-hook
(add-hook 'LaTeX-mode-hook
 (lambda ()
 (iso-accents-mode 1)
 ;(iso-accents-customize "portuguese")
 (auto-fill-mode 1)
 (font-lock-fontify-buffer)))

; To automatically turn on the abbrev, auto-fill and font-lock features,
; add the following lines to your `.emacs' file as well:
 (setq default-input-method `portuguese-prefix)

;; Add to the load path this directory
;(setq load-path (cons "~/.emacs-lisp/" load-path))
 (add-hook 'fundamental-mode-hook
 (lambda ()
 (abbrev-mode 1)
 (auto-fill-mode 1)
 (if (eq window-system 'x)
 (font-lock-mode 1)))) 

;; lispdir.el --- Lisp Code Directory formatter and apropos
;; Last Modified On: Mon Mar 24 1997
;; Version : 4.5
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;- Add the following lines to ~/.emacs or an equivalent (w/o ";;-" !):
;;
 (autoload 'format-lisp-code-directory "lispdir" nil t)
 (autoload 'lisp-dir-apropos "lispdir" nil t)
 (autoload 'lisp-dir-retrieve "lispdir" nil t)
 (autoload 'lisp-dir-verify "lispdir" nil t)

;; default frame and color settings 
; invoke M-x list-colors-display to choose the colors 
; comment this if you want to see the default settings 
(setq default-frame-alist '((cursor-color . "black") 
 (background-color . "wheat")))

;fonts found on the mailing list, uncomment one at your convenience 
;;(font . "-*-Courier-normal-r-*-*-18-97-*-*-c-*-*-ansi-") 

;;(font . "-*-Courier-bold-r-*-*-18-97-*-*-c-*-*-ansi-") 
;(font . "-*-Terminal-normal-r-*-*-8-60-*-*-c-*-*-oem-") 
;(font . "-*-Terminal-normal-r-*-*-12-72-*-*-c-80-*-oem-") 
;(font . "-*-Terminal-normal-r-*-*-8-60-*-*-c-*-*-oem-") 
;(font . "-*-Terminal-normal-r-*-*-19-142-*-*-c-*-*-oem-") 
 
;; some interactive color settings by means of 
 M-x set-mouse-color RET magenta RET ;strange but this seems not to work.. 
 M-x set-cursor-color RET red RET 
 M-x set-background-color RET black RET 
 M-x set-foreground-color RET yelow RET 
 
;; add to the default path
(setq load-path (cons "~/documentos/latex/" load-path)) 
 
;;; AucTex options
;;(require 'tex-site)

;;; RefTeX options
;;;(setq reftex-plug-into-AUCTeX t)

;;;(add-hook 'LaTeX-mode-hook 'turn-on-reftex) ; with AUCTeX LaTeX mode
;;;(setq reftex-extra-bindings t) ; to use C-c r to references etc...
;;;(setq reftex-cite-format 'author-year) ;;; Nao testada
;;;(setq bib-cite-use-reftex-view-crossref t) ;;; Nao testada
 ;;; Tirar se der problema

;; Useful settings to make RefTeX faster for large (multifile)
;; documents include:
;; (setq reftex-enable-partial-scans t)
;; (setq reftex-save-parse-info t)
;; (setq reftex-use-multiple-selection-buffers t)
;;

;; Tem algum problema com isto aqui
;
; (TeX-add-style-hook "theo"
; (lambda ()
; (LaTeX-add-environments '("theorem" LaTeX-env-label))
; (if (featurep 'reftex)
; (reftex-add-to-label-alist
; '(("theorem" ?p "theo:" "~\\ref{%s}" t
; ("Theorem" "Theo.")))))))

;;; ange-ftp option to pass through the proxy server (in Melbourne)
;;;

;(setq ange-ftp-gateway-host "www-proxy.mame.mu.oz.au:3128")
;(setq ange-ftp-gateway-host "www-proxy.mame.mu.oz.au")
;(setq ange-ftp-gateway-host "sungear.mame.mu.oz.au")
;(setq ange-ftp-gateway-program "/dmart@sungear,mame.mu.oz.au:/usr/bin/telnet")
;(setq ange-ftp-smart-gateway t)

;; Diary support 
 
(setq european-calendar-style 't) 
(setq calendar-week-start-day 1) 
(setq display-time-24hr-format t) ; In 24 hour format 
(display-time) 
(add-hook 'diary-hook 'appt-make-list) 
 
;some useful additional settings 
(setq-default auto-fill-hook 'do-auto-fill) 
(setq fill-column 78) 
 
;; no startup message 
(setq inhibit-startup-message t) 
 
;; this just displays the current column number on the command line 
(setq line-number-mode t) 
 
;; this colorizes the fonts according to the major mode selected 
(global-font-lock-mode t) 
 
(put 'eval-expression 'disabled nil) 
 (setq text-mode-hook '(lambda() (auto-fill-mode 1))) 
 
;; Redefine some keys. 

;; To redefine Alt to Meta for example use
;;
;; >>> xmodmap -pke > .keyboard
;;
;; then edit the file .keyboard making the necessary changes and then
;; type
;;
;; >>> xmodmap .keyboard
;;
;; You can put this in your .login after this

(setq kill-whole-line t) ; Kill EOL too 
(global-set-key [kp-home] 'beginning-of-line) 
(global-set-key [kp-end] 'end-of-line) 
(global-set-key [home] 'beginning-of-line) 
(global-set-key [end] 'end-of-line) 
(global-set-key [C-home] 'beginning-of-buffer) 
(global-set-key [C-end] 'end-of-buffer) 
(global-set-key [S-delete] 'clipboard-kill-region) 
(global-set-key [S-insert] 'clipboard-yank) 
(global-set-key [C-insert] 'clipboard-kill-ring-save) 
(global-set-key [S-right] 'set-mark-command) 
(global-set-key [f1] 'goto-line) ; goto line 
(global-set-key (kbd "<f11>") 'tmm-menubar) ; buffer-menu (as well as F10)
(global-set-key [f11] 'tmm-menubar) ; buffer-menu (as well as F10)
;;;(setq LaTeX-math-abbrev-prefix '(kbd "<f5>") ) 
(setq LaTeX-math-abbrev-prefix '"[f5]")
;;;(setq LaTeX-math-abbrev-prefix '";")
;;;(setq LaTeX-math-abbrev-prefix '"(71)") ; buffer-menu (as well as F10)
;(define-key function-key-map [Alt] [Meta])


; Para o delete apagar para frente e nao para tras
;(global-set-key [delete] 'delete-char) ; delete character under cursor 
;(global-set-key [backspace] 'backspace) ; delete character under cursor 
; (global-set-key [f35] 'scroll-up) ; 
; (global-set-key [f29] 'scroll-down) ; 

; sasf

(global-set-key [f3] 'repeat-search) ; repeat search 
(global-set-key [f4] 'indent-three-spaces) ; indent 3 spaces 
(global-set-key [f8] 'kill-current-line) ; delete current line 
(global-set-key [?\C-z] 'undo); added here because I usually do kills by mistatke 
(global-set-key "\C-x\C-j" 'goto-line) ; Command prompts for linenumber to go to. 

;; Define function that indents three spaces. 
(defun indent-three-spaces () 
 "Indent three spaces." 
 (interactive) 
 (beginning-of-line) 
 (insert " ") 
 (next-line 1) 
) 

;; Define function that removes the current line. 
(setq kill-whole-line t) 
(defun kill-current-line () 
 "Delete the current line." 
 (interactive) 
 (beginning-of-line) 
 (kill-line) 
) 
 
;; prevent echoing ^M in the shell 
(add-hook 'comint-output-filter-functions 'shell-strip-ctrl-m nil t) 

;; printer configuration 
;;;(setq lpr-command "lpr") 
;;;(setq lpr-add-switches nil) 
;;;(setq lpr-switches '("-Plj2")) 
; fix up the menu bar to use lpr-buffer instead of print-buffer 
(define-key menu-bar-tools-menu [lpr-buffer] '("Lpr Buffer" . lpr-buffer)) 
(define-key menu-bar-tools-menu [lpr-region] '("lpr Region" . lpr-region)) 
;;(define-key menu-bar-tools-menu [print-buffer] nil) 
;;(define-key menu-bar-tools-menu [print-region] nil) 
 
;;; Set up POP3 stuff 
(setenv "MAILHOST" "mail.unix-sul.com.br")
(setenv "NNTPSERVER" "news.ufsc.br") 
 
; dynamically expand aliases that are stored in ~/.mailrc 
(add-hook 'mail-setup-hook 'mail-abbrevs-setup) 

;;;(setq mail-default-headers "BCC: helio AT loureiro DOT eng DOT br \nFCC: ~/Mail/Outbox\n") 
(setq mail-signature t)
 
(add-hook 'mail-setup-hook 
 '(lambda() 
 (auto-fill-mode t)
 (iso-accents-mode t) ;liga acentuacao 
 ))


;; fontification font-lock.el much better than the default hilit19.el 
 ;***************************** (for coloring) 
 ;;automatic Font Lock mode in TeX mode 
 ;(add-hook 'tex-mode-hook 'turn-on-font-lock) 
 ;;if Font Lock necessary for other than .tex files, uncomment following 
(global-font-lock-mode t) 
 
;Acentuando por default 
(add-hook 'text-mode-hook 
 '(lambda() 
 (turn-on-auto-fill) ;liga quebra automatica de linhas 
 )) 

;;;OCTAVE mode options
; To begin using this mode for all `.m' files that you edit, add the
; following lines to your `.emacs' file:
 (autoload 'octave-mode "octave-mod" nil t)

;;; I wiped out the function below to avoid conflict with Matlab.El
; (setq auto-mode-alist
; (cons '("\\.m$" . octave-mode) auto-mode-alist))

; To automatically turn on the abbrev, auto-fill and font-lock features,
; add the following lines to your `.emacs' file as well:
 (add-hook 'octave-mode-hook
 (lambda ()
 (abbrev-mode 1)
 (auto-fill-mode 1)
 (if (eq window-system 'x)
 (font-lock-mode 1))))

; (autoload 'octave-mode "octave-mod" nil t)
; (setq auto-mode-alist
; (cons '("\\.m$" . octave-mode) auto-mode-alist))

;; Calc options

;;; Commands added by calc-private-autoloads on Wed Jul 14 12:45:45 1999.
(autoload 'calc-dispatch "calc" "Calculator Options" t)
(autoload 'full-calc "calc" "Full-screen Calculator" t)
(autoload 'full-calc-keypad "calc" "Full-screen X Calculator" t)
(autoload 'calc-eval "calc" "Use Calculator from Lisp")
(autoload 'defmath "calc" nil t t)
(autoload 'calc "calc" "Calculator Mode" t)
(autoload 'quick-calc "calc" "Quick Calculator" t)
(autoload 'calc-keypad "calc" "X windows Calculator" t)
(autoload 'calc-embedded "calc" "Use Calc inside any buffer" t)
(autoload 'calc-embedded-activate "calc" "Activate =>'s in buffer" t)
(autoload 'calc-grab-region "calc" "Grab region of Calc data" t)
(autoload 'calc-grab-rectangle "calc" "Grab rectangle of data" t)
(setq load-path (nconc load-path (list "~/calc-2.02f")))
(global-set-key "\e#" 'calc-dispatch)
;;; End of Calc autoloads.

(custom-set-variables
 '(enable-multibyte-characters t))
(custom-set-faces)
(custom-set-variables)
(custom-set-faces)
(custom-set-variables)
(custom-set-faces)

;;; From rect-mark.el . We have to have rect-mark.el in the path
;;; beginning of definitions

;; Support for marking a rectangle of text with highlighting.
(define-key ctl-x-map "r\C-@" 'rm-set-mark)
(define-key ctl-x-map [?r ?\C-\ ] 'rm-set-mark)
(define-key ctl-x-map "r\C-x" 'rm-exchange-point-and-mark)
(define-key ctl-x-map "r\C-w" 'rm-kill-region)
(define-key ctl-x-map "r\M-w" 'rm-kill-ring-save)
(define-key global-map [S-down-mouse-1] 'rm-mouse-drag-region)
(autoload 'rm-set-mark "rect-mark"
 "Set mark for rectangle." t)
(autoload 'rm-exchange-point-and-mark "rect-mark"
 "Exchange point and mark for rectangle." t)
(autoload 'rm-kill-region "rect-mark"
 "Kill a rectangular region and save it in the kill ring." t)
(autoload 'rm-kill-ring-save "rect-mark"
 "Copy a rectangular region to the kill ring." t)
(autoload 'rm-mouse-drag-region "rect-mark"
 "Drag out a rectangular region with the mouse." t)

; Use this section in your "~/.emacs" to modify picture mode so that
; it automatically uses the rect-mark equivalents of many commands.

;; One vision of a better picture mode.
(add-hook 'picture-mode-hook 'rm-example-picture-mode-bindings)
(autoload 'rm-example-picture-mode-bindings "rect-mark"
 "Example rect-mark key and mouse bindings for picture mode.")
;;; end of definitions of rect-mark.el

;
; Mktable options
;

; Another option is to put the following elisp code inside your
; ``.emacs'' file. Just mark the region and press `C-c C-t'
; (Control-C and Control-t) to run mktable.

 ;;; contributed by Luiz Gonzaga da Silveira Jr.
 ;;; shortcut for make-latex-table
 (global-set-key "\C-c\C-t" 'make-latex-table)

 (defun make-latex-table nil
 "Make a LaTeX table using mktable."
 (interactive)
 (save-excursion
 (if (equal mark-active nil)
 (push-mark nil nil -1))
;;; (setq string
;;; (read-from-minibuffer "mktable [options]: " nil nil nil
;;; 'shell-command-history))
;;; (shell-command-on-region (region-beginning)
;;; (region-end)
;;; (concat "mktable " string) -1)
 (delete-char -1)
 ))
 ;;; cut here

;; Author: Xavier Decoret
;; Maintainer: Xavier Decoret <Xavier DOT Decoret AT imag DOT fr>
;; Created: 1 decembre 19999
;; Keywords: mail buffy
;; This file is not part of GNU Emacs.

;;;(load-file "~/.emacs-lisp/buffy.el")
;;;(setq buffy-spool-file "/var/spool/mail/dmartins")
;; -* with the correct spool file

;;; Babel options
;;(require 'babel)
(setq font-lock-maximum-size 5000000)

;;(require 'catdoc)
;;;(load-file "~/.emacs-lisp/rcp.el")

;;;;;-------Supercite 3.1--
(autoload 'sc-cite-original "supercite" "Supercite 3.1" t)
(autoload 'sc-submit-bug-report "supercite" "Supercite 3.1" t)
;(add-hook 'mail-yank-hooks 'sc-cite-original)
;(setq news-reply-mode-hook 'sc-perform-overloads) ;for GNUS prior to 5.6 ???
(setq message-cite-function 'sc-cite-original) ;for GNUS after 5.8
(add-hook 'mail-citation-hook 'sc-cite-original)
 
;; MATLAB.el options. May create conflict with Octave-Mode in the auto-mode-alist variable 
;;
(autoload 'matlab-mode "matlab" "Enter Matlab mode." t)
(setq auto-mode-alist (cons '("\\.m\\'" . matlab-mode) auto-mode-alist))
(autoload 'matlab-shell "matlab" "Interactive Matlab mode." t)

;; User Level customizations (You need not use them all):
;;;(setq matlab-indent-function t) ; if you want function bodies indented
;;;(setq matlab-verify-on-save-flag nil) ; turn off auto-verify on save
(defun my-matlab-mode-hook ()
 (setq fill-column 76)) ; where auto-fill should wrap
(add-hook 'matlab-mode-hook 'my-matlab-mode-hook)
(defun my-matlab-shell-mode-hook ()
 '())
(add-hook 'matlab-shell-mode-hook 'my-matlab-shell-mode-hook)
;;
;; Please read the mode help for matlab-mode for additional
;; configuration options.
;;
;; Syntax highlighting:
;; To get font-lock try adding this for older emacsen:
 (font-lock-mode 1)


;; Or for newer versions of Emacs:
 (global-font-lock-mode t)


;; To get hilit19 support try adding:

;; (matlab-mode-hilit)
;; (if window-system
;; (require 'font-latex))

;; To use compression on gnus
(require 'jka-compr)

;; To use xterm option when in a remote xterm
;;(require 'xterm-frobs)

;; PS-MODE Options
(autoload 'ps-mode "ps-mode" "Enter PS mode." t)
(setq auto-mode-alist (cons '("\\.ps\\'" . ps-mode) auto-mode-alist))

;;; Balance.el Options
(autoload 'balance-mode "balance")
(setq auto-mode-alist
 (append '(("\\.bal$" . balance-mode)) auto-mode-alist))

;;end .emacs 

PGP PUBLIC KEY

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAziHcBMAAAEEAM63G/tX+0avumYDGcWFEBOnw34naNF1l6XhoaPFJ+8Qp6MW
EwSeBiXHY/8u8NO4pQ7onby0WBXSIHeq2E1Y0Wn8vxUk7FnyacXyjPdRW9iLRuOQ
+9gbRep7xM1DMH6Ypu8zgWE/0aSdQ83C5exHUC9j183SxOC74bILOE/pD5O9AAUX
tCZoZWxpbyA8aGVsaW8ubG91cmVpcm9AZWRiLmVyaWNzc29uLnNlPokAlQMFEDrI
v3GyCzhP6Q+TvQEBBssD/0TI+qh+atJ2xqW0V20hi9TwCQk6Qz+rqPmColtSgkqh
1Kzq8cHBdHuaBlg94H44NjNUZ7YS/98oLBmEkZ3e/ADZ2C2kXEba7CUccVF4R7o2
5DMxvF/vW3UBWKwRzp8fk0AZZu1ML/2flEo8Uusm85gyj14caNmE95T67doUFUSq
tB1oZWxpbyA8aGVsaW9AbG91cmVpcm8uZW5nLmJyPokAlQMFEDrIv4qyCzhP6Q+T
vQEBOlID+QFoQxYXC83Mb+LZP85TC/0OjY8ciw485t0C1mfHfnXVEx/W6zXAgI7N
Rv5aQAMYX9keJtr2fse2PriMusYousrklJfREgUyZnVvOFkK9wSwsAgU7k9dKeNB
T4+sOZrYGFG1p6UtxVYBBC91s4qhqg/mYvzCHFgYowG6msg+XyYntCxIZWxpbyBM
b3VyZWlybyA8aGVsaW9fbG91cmVpcm9AZW5naW5lZXIuY29tPokAlQMFEDiHcBOy
CzhP6Q+TvQEB10MD/1AEva9/mCI+YEeRoOhQ4JeCG/CnL5IIePzIUkPW2DzJl7j2
F5ykwg2P0CEBzdQ+nm9TLGG0c3+n5A0OsYu5qSkEF6p9kVyBONS341GwhCcaaCYy
WUjmKsm9y4Q6/KWTfivhlPzHqs+sJJUYVeQf9bRQfozSTc6m62azRQ+YX95q
=SdFF
-----END PGP PUBLIC KEY BLOCK-----