Re: [admin] iptables *******

sugi Tue, 16 Apr 2002 00:09:01 -0700

jimmy carter writes:

> koq ketika di jalankan ada akses web yag bisa dibuka
> kenapa ya??
> #!/bin/sh
> . /etc/config
> 
> # Stopping forwarding 
> #
> echo "0" > /proc/sys/net/ipv4/ip_forward
> 
> #
> # Flushing the chains.
> #
> iptables -F
> iptables -t nat -F
> iptables -X
> iptables -Z   # zero all counters
> 
> #
> # Policy for chains DROP everything
> #
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
> 
> #
> # Good old masquerading.
> #
> iptables -t nat -A POSTROUTING -o  ${OUTSIDE_DEV} -j
> MASQUERADE
> 
> #
> 
> 
> iptables -A FORWARD -j ACCEPT -p tcp -s 192.168.0.3
-i
> eth1 -d 0/0 --destination-port 80 -o eth0
> 
> # Keep state.
> #
> iptables -A FORWARD -m state --state NEW -i
> ${INSIDE_DEV} -j DROP
> iptables -A FORWARD -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m state --state NEW -i
> ${OUTSIDE_DEV} -j ACCEPT
> 
> 
> #
> # We don't like the NetBIOS and Samba leaking..
> #
> iptables -t nat -A PREROUTING -p TCP -i
${INSIDE_DEV}
> --dport 135:139 -j DROP
> iptables -t nat -A PREROUTING -p UDP -i
${INSIDE_DEV}
> --dport 137:139 -j DROP
> 
> #
> # We would like to ask for names from our floppyfw
box
> #
> iptables -A INPUT -m state --state
ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A OUTPUT -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> 
> 
> # And also, DHCP, but we can basically accept
anything
> from the inside.
> #iptables -A INPUT -i ${INSIDE_DEV} -j ACCEPT
> #iptables -A OUTPUT -o ${INSIDE_DEV} -j ACCEPT
> 
> 
> #
> #Show iptables 
> #
> #iptables -L
> 
> #
> # This enables dynamic IP address following
> #
> echo 7 > /proc/sys/net/ipv4/ip_dynaddr
> 
> #
> # Rules set, we can enable forwarding in the kernel.
> #
> echo "Enabling IP forwarding."
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
>hermawan wrote:
>coba di hilangkan perintah echo "1" >
/proc/sys/net/ipv4/ip_forward
>cmiiw
>semoga  membantu


Kalo' menurut sayah mah, kalo echo "1" -nya diilangin,
bukannya malah nggak ngeforward apapun.
Jadi sama aja dong nggak pake' iptables. sepertinya
saudara Jimmy ingin sebagian ip saja yang nggak
diforward.

cmiiw


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

-- 
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3

Re: [admin] iptables *******

Kirim email ke