www.sekuritionline.net
-= Home =- -= Contact =- -= Register =- -= Manifesto =- -= Forum =- -= Baju SO =- -= FreeMail =-
T-Shirt S-O
Baju-SO
Login Panel
Username:
Password:
Remember Me

Not registered?
Register now!

Forgot your password?
FreeMail
Email Login :
Password :
New users
sign up!!!
powered by Everyone.net
Users Online
Online Now: 2
0 Members | 2 Guests
Our IRC Channel
IRC Channel:
#sekuritionline

IRC Nettwork:
irc.dal.net

Connect to channel
Banner Motd
sekuritionline.net



 
 
Bangga mendukung terlaksananya idsecconf 2008
Linker kami
Copy & paste Coding Dibawah ini
Untuk Banner kami
==================================
<a href="http://www.sekuritionline.net/"
target="_blank"><img src=
"http://www.sekuritionline.net/
banner/banner.gif" width="125" height="75"
alt="sekuritionline.net" title="SO-Te@m"
border="0" /></a>
Best View

Best View : 1024 x 768

IP

Page Ranking Tool
Simple Counter
2919
Exploits

--------------------------------

Info

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Untuk artikel yang memang membutuhkan gambar / foto sekiranya rekan-rekan dapat
mengirim artikel memakai file berbentuk .ZIP atau .RAR dan di email ke artikel@sekuritionline.net
Perhatian Pengiriman Artikel diharuskan melakukan Registrasi terlebih dahulu....
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
New !!! dapatkan FreeMail namakamu@sekuritionline.net Klik Disini


PWD
Crack

Base64
Crack

MD5
Crack

Test
Speed


Thanks : OurFamily, All Indonesian Community Underground ....

irc.dal.net #sekuritionline

SAVE PALESTINE
#So
"Dalam dunia digital aku berdiri diatas Aliran bit yang penuh dengan keindahan ,
semua diciptakan dengan perasaan tanpa beban dan tanpa paksaan ,
tidak berdiri diatas keangkuhan semata tetapi menunduk dibawah kebenaran …
"

 

Search Engine
Key Word(s): Search By:  
Current Time/Date
January 26, 2009, 6:09 pm
Articles
By letjen
Published: July 6, 2007
Print    Email

Hai, dah lama kaga nulis2

tgl, 6 juli 2007 order server selesai duh ternyata salah order maklum bukan order sendiri. OS ubuntu, seting server selesai. nah gitu mau seting firewall (iptables) ada masalah dikit ternyata iptables di Ubuntu beda nih ama Linux hmmm. tenang kita pelajarin dulu hehehe...

brb idupin rokok 3 menit berselang hmmm bingung nih tanpa putus asa go go go ...

configure awal

1.install iptables
2.configure script bin/sh firewall
3.ruleset iptables

work now heheh

1. install iptables pada server ubuntu anda

Commandnya: apt-get install iptables

setelah proses selesai Done

kita lanjut ke tahap kedua ...

2.configure script bin/sh firewall

disini saya membuat sebuah script !/bin/sh dimana nantinya akan berfungsi sebagai pengontrol iptables (menghidup matikan firewall)

pertama-tama

cd /sbin

nano firewall <== nama file script yg saya buat

masukan configure script ini

=============================================================================================

#!/bin/sh
#
# Letjen Seting Iptables for ubuntu OS
# http://malanghack.net, http://sekuritionline.net
# and was Copyrighted 2007 by the Letjen

IPTABLES_SAVE="/etc/default/iptables-rules"
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"

checkrules() {
if [ ! -f ${IPTABLES_SAVE} ]
then
echo "Tidak Bisa start iptables. Silahkan Buat Rule Seting Iptables"
echo ""/etc/init.d/iptables save""
return 1
fi
}

save() {
echo "Saving iptables state "
/sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}

start(){
checkrules || return 1
echo "Loading and starting firewall "
echo -n "Firewall Start Protect Your Server"
start-stop-daemon --start --quiet --exec /sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}

case "$1" in
save)
save
echo "."
;;

start)
start
echo "."
;;
stop)
if [ "${SAVE_ON_STOP}" = "yes" ]; then
save || exit 1
fi
echo -n "Peringatan firewall Berhenti"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a

if [ $a == nat ]; then
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
elif [ $a == mangle ]; then
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
elif [ $a == filter ]; then
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
fi
done
start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables
echo "."
;;

restart)
echo -n "Flushing firewall"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
done;
start
echo "."
;;
*)
echo "Gunakan: firewall {start|stop|restart|save}" >&2
exit 1
;;
esac

exit 0

=============================================================================================

Perhatikan (IPTABLES_SAVE="/etc/default/iptables-rules" ini merupakan script default yg akan menyimpan
rule iptables yg nantinya kita buat

tahap kedua udah lese now go to last sesion

3.Ruleset iptables

a.cara membuat rule iptables kita

anda dapat menggunakan perintah : sudo iptables -A INPUT ...

setelah memasukan rule iptables jangan lupa ketik perintah : firewall save (bertujuan untuk menyimpan rule iptables)

b.Cara kedua yg bisa kita pakai juga ialah dengan mengedit iptables-rules yg terdapat pada directory /etc/default/

contoh rule iptables ketik : nano /etc/default/
=-==============================================================================================
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*mangle
REROUTING ACCEPT [774:59782]
:INPUT ACCEPT [774:59782]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
OSTROUTING ACCEPT [477:81340]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*filter
:INPUT ACCEPT [596:44876]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
[178:14906] -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
[0:0] -A INPUT -p udp -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 110 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 465 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 993 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 143 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*nat
REROUTING ACCEPT [184:15226]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007

=================================================================================================

Nah kita bisa mengedit dan menambahkan rule yg kita mau di sana

finis move : firewal start

Loading and starting firewall
Firewall Start Protect Your Server.

Selesai sudah Untuk memeriksa rule list apa saja yg berjalan kita tinggal mengetik : iptables -L

=================================================================================================================
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp echo-request
DROP udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
REJECT tcp -- anywhere anywhere tcp dpt:pop3 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ssmtp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:imaps reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:pop3s reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:imap2 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:www
REJECT tcp -- anywhere anywhere tcp dpt:mysql reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:webcache reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==================================================================================================================

he3x selesai sudah. Ternyata gampang ga perlu susah2 + bingung

semoga pengalaman saya ini dapat membantu teman2 yg lain


Copyrighted 2007 by the Letjen thks buat ayah,ibu,adikku dan buat teman2 yg selalu mensuport saya selama ini
.:: Dont Change This Copyright ::.

View Comments (1)