Iptables: Difference between revisions
Jump to navigation
Jump to search
(Created page with "# !/bin/sh # apt-get update # apt-get install iptables # apt-get install iptables-persistent iptables -V iptables -I INPUT -p tcp -s 192.168.10.202 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 1912 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -j ACCEPT iptables -A INPUT -p tcp --dport 5432 -j ACCEPT iptables -A INPUT -p tcp -s 192.16...") |
No edit summary |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
# !/bin/sh | Berikut contoh script install iptables dan konfigurasinya : | ||
# apt-get update | # !/bin/sh | ||
# apt-get install iptables | # apt-get update | ||
# apt-get install iptables-persistent | # apt-get install iptables | ||
iptables -V | # apt-get install iptables-persistent | ||
iptables -I INPUT -p tcp -s 192.168.10.202 -j ACCEPT | iptables -V | ||
iptables -A INPUT -p tcp --dport 80 -j ACCEPT | iptables -I INPUT -p tcp -s 192.168.10.202 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | iptables -A INPUT -p tcp --dport 80 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 443 -j ACCEPT | iptables -A INPUT -p tcp --dport 22 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 1912 -j ACCEPT | iptables -A INPUT -p tcp --dport 443 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT | iptables -A INPUT -p tcp --dport 1912 -j ACCEPT | ||
iptables -A INPUT -p tcp --dport 5432 -j ACCEPT | iptables -A INPUT -p tcp --dport 3306 -j ACCEPT | ||
iptables -A INPUT -p tcp -s 192.168.10.0/24 -j DROP | iptables -A INPUT -p tcp --dport 5432 -j ACCEPT | ||
iptables -L | iptables -A INPUT -p tcp -s 192.168.10.0/24 -j DROP | ||
# iptables-save > /etc/iptables/rules.v4 | iptables -L | ||
# systemctl enable iptables-persistent | # iptables-save > /etc/iptables/rules.v4 | ||
# service iptables-persistent start | # systemctl enable iptables-persistent | ||
# blok port 22 dari ip 192.168.10.0/24 | # service iptables-persistent start | ||
echo "sshd: 192.168.10.0/255.255.255.0" >> /etc/hosts.deny | |||
# open port 22 dari ip 192.168.10.202 | Ini agar ketika di restart rule iptables tidak hilang | ||
echo "sshd: 192.168.10.202" >> /etc/hosts.allow | apt install iptables-persistent | ||
# open port 22 dari ip 192.168.10.36 | |||
echo "sshd: 192.168.10.36" >> /etc/hosts.allow | DDOS | ||
# open port 22 dari ip 192.168.10.29 | |||
echo "sshd: 192.168.10.29" >> /etc/hosts.allow | iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | ||
echo "sshd: 192.168.10.19" >> /etc/hosts.allow | iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | ||
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set | |||
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 20 --hitcount 10 -j DROP | |||
hanya ada 10 request dalam 20 detik | |||
refensi https://www.youtube.com/watch?v=oSTXOsE3vv8 | |||
Kalau ini manual : | |||
# blok port 22 dari ip 192.168.10.0/24 | |||
echo "sshd: 192.168.10.0/255.255.255.0" >> /etc/hosts.deny | |||
# open port 22 dari ip 192.168.10.202 | |||
echo "sshd: 192.168.10.202" >> /etc/hosts.allow | |||
# open port 22 dari ip 192.168.10.36 | |||
echo "sshd: 192.168.10.36" >> /etc/hosts.allow | |||
# open port 22 dari ip 192.168.10.29 | |||
echo "sshd: 192.168.10.29" >> /etc/hosts.allow | |||
echo "sshd: 192.168.10.19" >> /etc/hosts.allow |
Latest revision as of 06:44, 7 February 2024
Berikut contoh script install iptables dan konfigurasinya :
# !/bin/sh # apt-get update # apt-get install iptables # apt-get install iptables-persistent iptables -V iptables -I INPUT -p tcp -s 192.168.10.202 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 1912 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -j ACCEPT iptables -A INPUT -p tcp --dport 5432 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.10.0/24 -j DROP iptables -L # iptables-save > /etc/iptables/rules.v4 # systemctl enable iptables-persistent # service iptables-persistent start
Ini agar ketika di restart rule iptables tidak hilang
apt install iptables-persistent
DDOS
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 20 --hitcount 10 -j DROP
hanya ada 10 request dalam 20 detik
refensi https://www.youtube.com/watch?v=oSTXOsE3vv8
Kalau ini manual :
# blok port 22 dari ip 192.168.10.0/24 echo "sshd: 192.168.10.0/255.255.255.0" >> /etc/hosts.deny # open port 22 dari ip 192.168.10.202 echo "sshd: 192.168.10.202" >> /etc/hosts.allow # open port 22 dari ip 192.168.10.36 echo "sshd: 192.168.10.36" >> /etc/hosts.allow # open port 22 dari ip 192.168.10.29 echo "sshd: 192.168.10.29" >> /etc/hosts.allow echo "sshd: 192.168.10.19" >> /etc/hosts.allow