|
|
|
|
Online Now: 2 0 Members | 2 Guests |
|
|
|
|
|
|
Copy & paste Coding Dibawah ini Untuk Banner kami ================================== <a href="http://www.sekuritionline.net/" target="_blank"><img src= "http://www.sekuritionline.net/ banner/banner.gif" width="125" height="75" alt="sekuritionline.net" title="SO-Te@m" border="0" /></a> |
|
|
|
|
|
|
| -------------------------------- |
|
|
|
|
|
|
|
| January 26, 2009, 6:09 pm |
|
|
|
|
By letjen
Published: July 6, 2007
Print
Email
Hai, dah lama kaga nulis2 
tgl, 6 juli 2007 order server selesai duh ternyata salah order
maklum bukan order sendiri. OS ubuntu, seting server selesai. nah gitu
mau seting firewall (iptables) ada masalah dikit ternyata iptables di
Ubuntu beda nih ama Linux hmmm. tenang kita pelajarin dulu hehehe...
brb idupin rokok 3 menit berselang hmmm bingung nih tanpa putus asa go go go ...
configure awal
1.install iptables 2.configure script bin/sh firewall 3.ruleset iptables
work now heheh
1. install iptables pada server ubuntu anda
Commandnya: apt-get install iptables
setelah proses selesai Done
kita lanjut ke tahap kedua ...
2.configure script bin/sh firewall
disini
saya membuat sebuah script !/bin/sh dimana nantinya akan berfungsi
sebagai pengontrol iptables (menghidup matikan firewall)
pertama-tama
cd /sbin
nano firewall <== nama file script yg saya buat
masukan configure script ini
=============================================================================================
#!/bin/sh # # Letjen Seting Iptables for ubuntu OS # http://malanghack.net, http://sekuritionline.net # and was Copyrighted 2007 by the Letjen
IPTABLES_SAVE="/etc/default/iptables-rules" SAVE_RESTORE_OPTIONS="-c" SAVE_ON_STOP="yes"
checkrules() { if [ ! -f ${IPTABLES_SAVE} ] then echo "Tidak Bisa start iptables. Silahkan Buat Rule Seting Iptables" echo ""/etc/init.d/iptables save"" return 1 fi }
save() { echo "Saving iptables state " /sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE} }
start(){ checkrules || return 1 echo "Loading and starting firewall " echo -n "Firewall Start Protect Your Server" start-stop-daemon --start --quiet --exec /sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE} }
case "$1" in save) save echo "." ;;
start) start echo "." ;; stop) if [ "${SAVE_ON_STOP}" = "yes" ]; then save || exit 1 fi echo -n "Peringatan firewall Berhenti" for a in `cat /proc/net/ip_tables_names`; do /sbin/iptables -F -t $a /sbin/iptables -X -t $a
if [ $a == nat ]; then /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT elif [ $a == mangle ]; then /sbin/iptables -t mangle -P PREROUTING ACCEPT /sbin/iptables -t mangle -P INPUT ACCEPT /sbin/iptables -t mangle -P FORWARD ACCEPT /sbin/iptables -t mangle -P OUTPUT ACCEPT /sbin/iptables -t mangle -P POSTROUTING ACCEPT elif [ $a == filter ]; then /sbin/iptables -t filter -P INPUT ACCEPT /sbin/iptables -t filter -P FORWARD ACCEPT /sbin/iptables -t filter -P OUTPUT ACCEPT fi done start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables echo "." ;;
restart) echo -n "Flushing firewall" for a in `cat /proc/net/ip_tables_names`; do /sbin/iptables -F -t $a /sbin/iptables -X -t $a done; start echo "." ;; *) echo "Gunakan: firewall {start|stop|restart|save}" >&2 exit 1 ;; esac
exit 0
=============================================================================================
Perhatikan (IPTABLES_SAVE="/etc/default/iptables-rules" ini merupakan script default yg akan menyimpan rule iptables yg nantinya kita buat
tahap kedua udah lese now go to last sesion
3.Ruleset iptables
a.cara membuat rule iptables kita
anda dapat menggunakan perintah : sudo iptables -A INPUT ...
setelah memasukan rule iptables jangan lupa ketik perintah : firewall save (bertujuan untuk menyimpan rule iptables)
b.Cara kedua yg bisa kita pakai juga ialah dengan mengedit iptables-rules yg terdapat pada directory /etc/default/
contoh rule iptables ketik : nano /etc/default/ =-============================================================================================== # Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007 *mangle
REROUTING ACCEPT [774:59782] :INPUT ACCEPT [774:59782] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [477:81340]
OSTROUTING ACCEPT [477:81340] COMMIT # Completed on Fri Jul 6 15:33:21 2007 # Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007 *filter :INPUT ACCEPT [596:44876] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [477:81340] [178:14906] -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP [0:0] -A INPUT -p udp -j DROP [0:0] -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 110 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 465 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 993 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 143 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable [0:0] -A INPUT -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Fri Jul 6 15:33:21 2007 # Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007 *nat
REROUTING ACCEPT [184:15226]
OSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Fri Jul 6 15:33:21 2007
=================================================================================================
Nah kita bisa mengedit dan menambahkan rule yg kita mau di sana
finis move : firewal start
Loading and starting firewall Firewall Start Protect Your Server.
Selesai sudah Untuk memeriksa rule list apa saja yg berjalan kita tinggal mengetik : iptables -L
================================================================================================================= Chain INPUT (policy ACCEPT) target prot opt source destination DROP icmp -- anywhere anywhere icmp echo-request DROP udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ftp REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:domain REJECT tcp -- anywhere anywhere tcp dpt:pop3 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:ssmtp reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:imaps reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:pop3s reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:imap2 reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:www REJECT tcp -- anywhere anywhere tcp dpt:mysql reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:webcache reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination ==================================================================================================================
he3x selesai sudah. Ternyata gampang ga perlu susah2 + bingung
semoga pengalaman saya ini dapat membantu teman2 yg lain 
Copyrighted 2007 by the Letjen thks buat ayah,ibu,adikku dan buat teman2 yg selalu mensuport saya selama ini .:: Dont Change This Copyright ::.
View Comments (1)
|
|
|
|
|
tengkiu2 tutornya...