“Firewall”
KONFIGURASI
FIRAWALL
1.install iptables
apt-get install iptables
setelah proses selesai Done kita
lanjut ke tahap kedua
2.configure script bin/sh firewall
disini buat sebuah script dimana
nantinya akan berfungsi sebagai pengontrol iptables (menghidup matikan
firewall) pertama-tama cd /sbin nano firewall nama file.
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"
checkrules() {
if [ ! -f ${IPTABLES_SAVE} ]
then
echo "Tidak Bisa start iptables.
Silahkan Buat Rule Seting Iptables"
echo ""/etc/init.d/iptables
save""
return 1
fi
}
save() {
echo "Saving iptables state "
/sbin/iptables-save
${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}
start(){
checkrules || return 1
echo "Loading and starting firewall
"
echo -n "Firewall Start Protect Your
Server"
start-stop-daemon --start --quiet --exec
/sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}
case "$1" in
save)
save
echo "."
;;
start)
start
echo "."
;;
stop)
if [ "${SAVE_ON_STOP}" =
"yes" ]; then
save || exit 1
fi
echo -n "Peringatan firewall
Berhenti"
for a in `cat /proc/net/ip_tables_names`;
do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
if [ $a == nat ]; then
/sbin/iptables -t nat -P PREROUTING
ACCEPT
/sbin/iptables -t nat -P POSTROUTING
ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
elif [ $a == mangle ]; then
/sbin/iptables -t mangle -P PREROUTING
ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD
ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING
ACCEPT
elif [ $a == filter ]; then
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD
ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
fi
done
start-stop-daemon --stop --quiet
--pidfile /var/run/iptables.pid --exec /sbin/iptables
echo "."
;;
restart)
echo -n "Flushing firewall"
for a in `cat /proc/net/ip_tables_names`;
do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
done;
start
echo "."
;;
*)
echo "Gunakan: firewall
{start|stop|restart|save}" >&2
exit 1
;;
esac
exit 0
3.Ruleset iptables
cara membuat rule iptables kita anda
dapat menggunakan perintah : sudo iptables -A INPUT ...
setelah memasukan rule iptables
jangan lupa ketik perintah : firewall save (bertujuan untuk menyimpan rule
iptables)
# Generated by iptables-save v1.3.3 on
Fri Jul 6 15:33:21 2007
*mangle
REROUTING ACCEPT [774:59782]
:INPUT ACCEPT [774:59782]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
OSTROUTING ACCEPT [477:81340]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on
Fri Jul 6 15:33:21 2007
*filter
:INPUT ACCEPT [596:44876]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
[178:14906] -A INPUT -p icmp -m icmp
--icmp-type 8 -j DROP
[0:0] -A INPUT -p udp -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 21
-j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 53
-j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 110
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 113
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 465
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 993
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 995
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 143
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 80
-j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306
-j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 8080
-j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on
Fri Jul 6 15:33:21 2007
*nat
REROUTING ACCEPT [184:15226]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
Tidak ada komentar:
Posting Komentar