Kongfigurasi IPTABLES
# To configure the set of iptables rules:
# /etc/rc.d/init.d/iptables stop
# source /etc/sysconfig/iptables-precursor
# To save the current set of iptables rules for use at next reboot:
# iptables-save > /etc/sysconfig/iptables
# To dynamically restart iptables after modifying
# /etc/rc.d/init.d/iptables restart
# Note that /etc/rc.d/init.d/iptables is a script. You can read it to
# gain understanding of how iptables uses iptables-restore to restore
# iptables firewall rules at reboot.
# To examine the current set of rules in effect:
# /etc/rc.d/init.d/iptables status
# However, I prefer to show the current set of rules via:
# iptables -nvL
# To configure iptables to be used at next system reboot:
# chkconfig --add iptables
# To see if iptables is currently configured to start at boot, do:
# chkconfig --list iptables
echo 0 > /proc/sys/net/ipv4/ip_forward
# load some modules (if needed)
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEP
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 80 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 443 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 22 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 993 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 110 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 21 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 20 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 25 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 143 --syn -j ACCEPT
iptables -A INPUT -s 0/0 -p icmp -j ACCEPT
iptables -A INPUT -p udp -s 0/0 -d 0/0 --destination-port 53 -j ACCEPT
# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Subscribe to:
Post Comments (Atom)
0 komentar:
Post a Comment