jimmy carter writes:
> koq ketika di jalankan ada akses web yag bisa dibuka
> kenapa ya??
> #!/bin/sh
> . /etc/config
>
> # Stopping forwarding
> #
> echo "0" > /proc/sys/net/ipv4/ip_forward
>
> #
> # Flushing the chains.
> #
> iptables -F
> iptables -t nat -F
> iptables -X
> iptables -Z # zero all counters
>
> #
> # Policy for chains DROP everything
> #
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> #
> # Good old masquerading.
> #
> iptables -t nat -A POSTROUTING -o ${OUTSIDE_DEV} -j
> MASQUERADE
>
> #
>
>
> iptables -A FORWARD -j ACCEPT -p tcp -s 192.168.0.3 -i
> eth1 -d 0/0 --destination-port 80 -o eth0
>
> # Keep state.
> #
> iptables -A FORWARD -m state --state NEW -i
> ${INSIDE_DEV} -j DROP
> iptables -A FORWARD -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m state --state NEW -i
> ${OUTSIDE_DEV} -j ACCEPT
>
>
> #
> # We don't like the NetBIOS and Samba leaking..
> #
> iptables -t nat -A PREROUTING -p TCP -i ${INSIDE_DEV}
> --dport 135:139 -j DROP
> iptables -t nat -A PREROUTING -p UDP -i ${INSIDE_DEV}
> --dport 137:139 -j DROP
>
> #
> # We would like to ask for names from our floppyfw box
> #
> iptables -A INPUT -m state --state ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A OUTPUT -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
>
> # And also, DHCP, but we can basically accept anything
> from the inside.
> #iptables -A INPUT -i ${INSIDE_DEV} -j ACCEPT
> #iptables -A OUTPUT -o ${INSIDE_DEV} -j ACCEPT
>
>
> #
> #Show iptables
> #
> #iptables -L
>
> #
> # This enables dynamic IP address following
> #
> echo 7 > /proc/sys/net/ipv4/ip_dynaddr
>
> #
> # Rules set, we can enable forwarding in the kernel.
> #
> echo "Enabling IP forwarding."
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
coba di hilangkan perintah echo "1" > /proc/sys/net/ipv4/ip_forward
cmiiw
semoga membantu
hermawans
--
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
