Hello Chandra, Thursday, April 20, 2006, 9:17:31 AM, you wrote:
> Dear All, > Saya coba buat rule sederhana dengan iptables, lalu jalankan perintah > iptables-save, sehingga muncul seperti dibawah ini: > ----------------------------------------------------------------------------------- > # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 > *nat > :PREROUTING ACCEPT [460:51574] > :POSTROUTING ACCEPT [5:289] > :OUTPUT ACCEPT [5:289] > COMMIT > # Completed on Thu Apr 20 08:14:59 2006 > # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 > *mangle > :PREROUTING ACCEPT [1596:237603] > :INPUT ACCEPT [1596:237603] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1185:393321] > :POSTROUTING ACCEPT [1185:393321] > COMMIT > # Completed on Thu Apr 20 08:14:59 2006 > # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 > *filter > :INPUT ACCEPT [617:135798] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1185:393321] > -A INPUT -p udp -m udp --dport 135 -j DROP > -A INPUT -p udp -m udp --dport 136 -j DROP > -A INPUT -p udp -m udp --dport 137 -j DROP > -A INPUT -p udp -m udp --dport 138 -j DROP > -A INPUT -p udp -m udp --dport 139 -j DROP > -A INPUT -p udp -m udp --dport 445 -j DROP > -A INPUT -p tcp -m tcp --dport 4444 -j DROP > -A INPUT -p tcp -m tcp --dport 135 -j DROP > -A INPUT -p tcp -m tcp --dport 138 -j DROP > -A INPUT -p tcp -m tcp --dport 139 -j DROP > -A INPUT -p tcp -m tcp --dport 445 -j DROP > -A INPUT -p udp -m udp --dport 69 -j DROP > COMMIT > # Completed on Thu Apr 20 08:14:59 2006 > ----------------------------------------------------------------------------------- > Tapi isi file di /etc/sysconfig/iptables tidak berubah dan isinya adalah > sebagai berikut: > ----------------------------------------------------------------------------------- > # Firewall configuration written by lokkit > # Manual customization of this file is not recommended. > # Note: ifup-post will punch the current nameservers through the > # firewall; such entries will *not* be listed here. > *filter > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :RH-Lokkit-0-50-INPUT - [0:0] > :OUTPUT ACCEPT [0:0] > -A INPUT -j RH-Lokkit-0-50-INPUT > -A FORWARD -j RH-Lokkit-0-50-INPUT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT --syn > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 -j ACCEPT --syn > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT --syn > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT --syn > -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 -j REJECT --syn > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 -j REJECT --syn > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT > -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 -j REJECT --syn > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 -j REJECT --syn > COMMIT > # Generated by webmin > *mangle > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed > # Generated by webmin > *nat > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > COMMIT > # Completed > ----------------------------------------------------------------------------------- > sehingga jika menggunakan perintah service iptables restart, maka yang > dijalankan adalah rule yang kedua. > Kenapa ya ? > Terima kasih, > Chandra Bukannya iptables-save > /etc/sysconfig/iptables pak ?? Atau kalau pakai service nya RedHat/Fedora bisa langsung service iptables save (kalau ga salah ingat) Nyoman.
pgpfZkCqBn93B.pgp
Description: PGP signature
