Cara Membuat FIREWALL Di LINUX
1.install iptables
2.configure script bin/sh firewall
3.ruleset iptables
===================================================================
1. install iptables pada server ubuntu anda
Commandnya: apt-get install iptables
setelah proses selesai Done
kita lanjut ke tahap kedua ...
2.configure script bin/sh firewall
disini saya membuat sebuah script !/bin/sh dimana nantinya akan berfungsi sebagai pengontrol iptables (menghidup matikan firewall)
pertama-tama
cd /sbin
nano firewall <== nama file script yg saya buat
masukan configure script ini
=============================================================================================
#!/bin/sh
#
# Letjen Seting Iptables for ubuntu OS
# http://malanghack.net, http://sekuritionline.net
# and was Copyrighted 2007 by the Letjen
IPTABLES_SAVE="/etc/default/iptables-rules"
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"
checkrules() {
if [ ! -f ${IPTABLES_SAVE} ]
then
echo "Tidak Bisa start iptables. Silahkan Buat Rule Seting Iptables"
echo ""/etc/init.d/iptables save""
return 1
fi
}
save() {
echo "Saving iptables state "
/sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}
start(){
checkrules || return 1
echo "Loading and starting firewall "
echo -n "Firewall Start Protect Your Server"
start-stop-daemon --start --quiet --exec /sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}
case "$1" in
save)
save
echo "."
;;
start)
start
echo "."
;;
stop)
if [ "${SAVE_ON_STOP}" = "yes" ]; then
save || exit 1
fi
echo -n "Peringatan firewall Berhenti"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
if [ $a == nat ]; then
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
elif [ $a == mangle ]; then
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
elif [ $a == filter ]; then
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
fi
done
start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables
echo "."
;;
restart)
echo -n "Flushing firewall"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
done;
start
echo "."
;;
*)
echo "Gunakan: firewall {start|stop|restart|save}" >&2
exit 1
;;
esac
exit 0
=============================================================================================
Perhatikan (IPTABLES_SAVE="/etc/default/iptables-rules" ini merupakan script default yg akan menyimpan
rule iptables yg nantinya kita buat
tahap kedua udah lese now go to last sesion
3.Ruleset iptables
a.cara membuat rule iptables kita
anda dapat menggunakan perintah : sudo iptables -A INPUT ...
setelah memasukan rule iptables jangan lupa ketik perintah : firewall save (bertujuan untuk menyimpan rule iptables)
b.Cara kedua yg bisa kita pakai juga ialah dengan mengedit iptables-rules yg terdapat pada directory /etc/default/
contoh rule iptables ketik : nano /etc/default/
=-==============================================================================================
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*mangle
REROUTING ACCEPT [774:59782]
:INPUT ACCEPT [774:59782]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
OSTROUTING ACCEPT [477:81340]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*filter
:INPUT ACCEPT [596:44876]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
[178:14906] -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
[0:0] -A INPUT -p udp -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 110 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 465 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 993 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 143 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*nat
REROUTING ACCEPT [184:15226]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
=================================================================================================
Nah kita bisa mengedit dan menambahkan rule yg kita mau di sana
finis move : firewal start
Loading and starting firewall
Firewall Start Protect Your Server
2.configure script bin/sh firewall
3.ruleset iptables
===================================================================
1. install iptables pada server ubuntu anda
Commandnya: apt-get install iptables
setelah proses selesai Done
kita lanjut ke tahap kedua ...
2.configure script bin/sh firewall
disini saya membuat sebuah script !/bin/sh dimana nantinya akan berfungsi sebagai pengontrol iptables (menghidup matikan firewall)
pertama-tama
cd /sbin
nano firewall <== nama file script yg saya buat
masukan configure script ini
=============================================================================================
#!/bin/sh
#
# Letjen Seting Iptables for ubuntu OS
# http://malanghack.net, http://sekuritionline.net
# and was Copyrighted 2007 by the Letjen
IPTABLES_SAVE="/etc/default/iptables-rules"
SAVE_RESTORE_OPTIONS="-c"
SAVE_ON_STOP="yes"
checkrules() {
if [ ! -f ${IPTABLES_SAVE} ]
then
echo "Tidak Bisa start iptables. Silahkan Buat Rule Seting Iptables"
echo ""/etc/init.d/iptables save""
return 1
fi
}
save() {
echo "Saving iptables state "
/sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}
start(){
checkrules || return 1
echo "Loading and starting firewall "
echo -n "Firewall Start Protect Your Server"
start-stop-daemon --start --quiet --exec /sbin/iptables-restore -- ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}
case "$1" in
save)
save
echo "."
;;
start)
start
echo "."
;;
stop)
if [ "${SAVE_ON_STOP}" = "yes" ]; then
save || exit 1
fi
echo -n "Peringatan firewall Berhenti"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
if [ $a == nat ]; then
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
elif [ $a == mangle ]; then
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
elif [ $a == filter ]; then
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
fi
done
start-stop-daemon --stop --quiet --pidfile /var/run/iptables.pid --exec /sbin/iptables
echo "."
;;
restart)
echo -n "Flushing firewall"
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
done;
start
echo "."
;;
*)
echo "Gunakan: firewall {start|stop|restart|save}" >&2
exit 1
;;
esac
exit 0
=============================================================================================
Perhatikan (IPTABLES_SAVE="/etc/default/iptables-rules" ini merupakan script default yg akan menyimpan
rule iptables yg nantinya kita buat
tahap kedua udah lese now go to last sesion
3.Ruleset iptables
a.cara membuat rule iptables kita
anda dapat menggunakan perintah : sudo iptables -A INPUT ...
setelah memasukan rule iptables jangan lupa ketik perintah : firewall save (bertujuan untuk menyimpan rule iptables)
b.Cara kedua yg bisa kita pakai juga ialah dengan mengedit iptables-rules yg terdapat pada directory /etc/default/
contoh rule iptables ketik : nano /etc/default/
=-==============================================================================================
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*mangle
REROUTING ACCEPT [774:59782]
:INPUT ACCEPT [774:59782]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
OSTROUTING ACCEPT [477:81340]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*filter
:INPUT ACCEPT [596:44876]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [477:81340]
[178:14906] -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
[0:0] -A INPUT -p udp -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 110 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 465 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 993 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 995 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 143 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A INPUT -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
# Generated by iptables-save v1.3.3 on Fri Jul 6 15:33:21 2007
*nat
REROUTING ACCEPT [184:15226]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jul 6 15:33:21 2007
=================================================================================================
Nah kita bisa mengedit dan menambahkan rule yg kita mau di sana
finis move : firewal start
Loading and starting firewall
Firewall Start Protect Your Server