Rules List of Iptables ~ ./Rdw Notes

oke balik lagi nih sama ane Clound,manusia tampan tiada tara
klo kemaren ane udah share pengertian dari Iptables..

sekarang ane mau share list dari beberapa Rules Iptables..
udah pada paham kan rules itu apa ?

oke langsung aja cekdidot,..

# --- ATURAN PACKET STANDARD
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT

# --- Membersihkan Semua Aturan/Chain Rule
$IPT -F
$IPT -t nat -F
$IPT -X
$IPT -t nat -X
$IPT -Z
$IPT -t nat -Z

# --- Memberikan Status Koneksi Apabila Sudah Terbentuk
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# --- Mencegah Serangan Port Scaner /Nmap
$IPT -A INPUT -f -j LOG --log-level 7 --log-prefix "TCP FRAGMENT: "
$IPT -A INPUT -f -j DROP

# --- SSH Dictionary Attack
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
$IPT -A SSH_CHECK -m recent --set --name SSH
$IPT -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

# --- Koneksi OpenVPN
#Port Vpn : 1194
$IPT -A INPUT -p udp --dport 1194 -m state --state NEW -s 0/0 -j ACCEPT
$IPT -A INPUT -p udp --dport 1194 -j LOG --log-level 7 --log-prefix "VPN
PORT 1194 UDP:"

# --- SSH REMOTE Server-Client
## - Dari Koneksi Internet RADNET
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 202.154.24.48/29 -j ACCEPT

## - Koneksi Jaringan Internal Bhinneka Group dengan Tunnel
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 10.22.0.0/24 -j ACCEPT
$IPT -A INPUT -p udp --dport 22 -j LOG --log-level 7 --log-prefix "SSH
Detected:"

# --- DNS Server
$IPT -A INPUT -p udp -s 0/0 --dport 53 -j ACCEPT
$IPT -A INPUT -p udp --dport 53 -j LOG --log-level 7 --log-prefix "DNS
Detected:"

# --- Rules SAMBA
$IPT -A INPUT -p tcp --dport 139 -m state --state NEW -s 0/0 -j ACCEPT
$IPT -A INPUT -p udp --dport 139 -j LOG --log-level 7 --log-prefix
"SAMBA Detected"

# ---- Rules MYSQL
$IPT -A INPUT -p tcp --dport 3306 -m state --state NEW -s 10.22.0.0/24 -j ACCEPT
$IPT -A INPUT -p udp --dport 3306 -j LOG --log-level 7 --log-prefix
"MYSQL Detected:"

# --- Rules HTTP
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -s 10.22.0.0/24 -j ACCEPT
$IPT -A INPUT -p udp --dport 80 -j LOG --log-level 7 --log-prefix
"HTTP Detected"

# --- Rules OpenVPN
$IPT -A OUTPUT -o eth0 -j ACCEPT
$IPT -A OUTPUT -o eth1 -j ACCEPT
$IPT -A OUTPUT -o tun0 -j ACCEPT
$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# --- ICMP Packet
$IPT -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type 8 -j LOG --log-level 7 --log-prefix
"PING Detected:"

oke ane rasa segitu udah cukup :)
selamat mempelajari

salam dari ane Clound

./Rdw Notes

Bridging complex technology with a simple way through shared experience.

Sabtu, 06 Juli 2013

Rules List of Iptables