[tanya-jawab] bingung dengan rules blok facebook

Sun, 10 Jun 2012 21:01:28 -0700 

Dear teman - teman
Bingung dengan iptables, rules di bawah adalah untuk blok facebook, masalahnya bos minta di loloskan akses ke facebook. 


-A INPUT -m string ! -s 192.168.1.10/32 -j REJECT --reject-with 
icmp-port-unreachable  --string "facebook" --algo kmp --to 65535
-A FORWARD -m string ! -s 192.168.1.10/32 -j REJECT --reject-with 
icmp-port-unreachable  --string "facebook" --algo kmp --to 65535



bos   dengan  ip  192.168.1.10,  tolong  bagaimana    meloloskan  ip 
tersebut   agar bisa  akses ke  facebook



ini rules  lengkapnya

# Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012
*nat
:PREROUTING ACCEPT [1875:214478]
:POSTROUTING ACCEPT [2527:153654]
:OUTPUT ACCEPT [3198:238433]

-A PREROUTING -i eth1 -p udp -m udp -m multiport --dports 
80,3128,8080,8081 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth1 -p tcp -m tcp -m multiport --dports 
80,3128,8080,8081 -j REDIRECT --to-ports 3128

-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Apr 24 11:14:49 2012
# Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp -d 124.11.226.0/24 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 218.160.87.0/24 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 61.62.0.0/16 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 220.136.24.0/24 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 76.226.159.35/32 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 114.39.37.194/32 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 218.165.6.95/32 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 111.254.57.139/32 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 114.0.0.0/10 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 65.49.0.0/17 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 204.107.140.0/24 --dport 443 -j DROP
-A INPUT -p tcp -m tcp -d 59.112.117.159/32 --dport 443 -j DROP*

-A INPUT -m string ! -s 192.168.1.10/32 -j REJECT --reject-with 
icmp-port-unreachable  --string "facebook" --algo kmp --to 65535

-A INPUT -s 103.5.48.0/24 -j ACCEPT
-A INPUT -s 110.138.215.66/32 -j ACCEPT
-A INPUT -s 180.247.196.76/32 -j ACCEPT
-A INPUT -s 192.168.1.2/32 -j ACCEPT
-A INPUT -s 192.168.1.1/32 -j ACCEPT
-A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 5050 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.3/32 --dport 8670 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.10/32 -i eth1 --dport 443 -j ACCEPT
-A INPUT -i lo -j ACCEPT

-A FORWARD -p tcp -m tcp -m string --dport 443 -j DROP  --hex-string 
"|00040005000a00090064006200030006001300120063|" --algo bm --to 65535
-A FORWARD -p tcp -m tcp -m string --dport 443 -j LOG  --hex-string 
"|00040005000a00090064006200030006001300120063|" --algo bm --to 
65535 --log-prefix "ultrasurf: "

-A FORWARD -p tcp -m tcp -d 124.11.226.0/24 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 218.160.87.0/24 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 61.62.0.0/16 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 220.136.24.0/24 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 76.226.159.35/32 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 114.39.37.194/32 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 218.165.6.95/32 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 114.0.0.0/10 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 111.254.57.139/32 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 204.107.140.0/24 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 65.49.0.0/17 --dport 443 -j DROP
-A FORWARD -p tcp -m tcp -d 59.112.117.159/32 --dport 443 -j DROP

-A FORWARD -m string ! -s 192.168.1.10/32 -j REJECT --reject-with 
icmp-port-unreachable  --string "facebook" --algo kmp --to 65535

-A FORWARD -p tcp -m tcp -s 192.168.1.0/24 --dport 5050 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -m limit --limit 2/min --limit-burst 2 -j LOG  --log-prefix "** 
OUTPUT DROP ** "

-A FORWARD -p tcp -m tcp --dport 8888 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8670 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -m limit --limit 2/min --limit-burst 2 -j LOG  --log-prefix "** 
FORWARD DROP ** "
-A INPUT -m limit --limit 2/min --limit-burst 2 -j LOG  --log-prefix "** 
INPUT DROP ** "

COMMIT
# Completed on Tue Apr 24 11:14:49 2012
# Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012
*mangle
:PREROUTING ACCEPT [76151:22629733]
:INPUT ACCEPT [70425:20140581]
:FORWARD ACCEPT [5615:2468095]
:OUTPUT ACCEPT [77817:27939469]
:POSTROUTING ACCEPT [82406:30305176]
-A FORWARD -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff
-A OUTPUT -m tos --tos 0x80/0x3f -j MARK --set-xmark 0x4/0xffffffff
-A OUTPUT -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff
-A POSTROUTING -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff
COMMIT
# Completed on Tue Apr 24 11:14:49 2012


--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id
Arsip dan info milis selengkapnya di http://linux.or.id/milis























					Kirim email ke