04 March 2006

Konfigurasi - Iptables

# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*filter
:INPUT ACCEPT [54445800:23826333200]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [62795642:29017166036]
[0:0] -A INPUT -s 222.124.30.84 -p tcp -m multiport --dports 80,3128,222 -j ACCEPT
[0:0] -A INPUT -s 222.124.30.84 -p udp -m multiport --dports 80,3128,222 -j ACCEPT
[0:0] -A INPUT -s 203.130.255.196 -p tcp -m multiport --dports 80,222 -j ACCEPT
[0:0] -A INPUT -s 222.124.45.215 -j DROP
[0:0] -A INPUT -s 202.162.218.193 -j DROP
[0:0] -A INPUT -s 204.10.31.12 -j DROP
[0:0] -A INPUT -s 203.130.237.155 -j DROP
[0:0] -A INPUT -s 202.53.243.42 -j DROP
[0:0] -A INPUT -s 200.161.16.189 -j DROP
[0:0] -A INPUT -s 203.128.81.26 -j DROP
[53:2600] -A INPUT -i eth0 -p tcp -m multiport --dports 135,137,138,139,445,143,10000,4559,111,3128,80,23 -j DROP
[61:6751] -A INPUT -i eth0 -p udp -m multiport --dports 135,137,138,139,445,143,4559,111,3128,10000,80,23 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 199,3632,222,81,3130,110 -j DROP
[9:1021] -A INPUT -i eth0 -p udp -m multiport --dports 199,3632,222,81,3130,110 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 3312,3412,3512,1215,1315,4661,4672,5555,4242,3306,2323 -j DROP
[0:0] -A INPUT -i eth0 -p tcp -m multiport --dports 7778,1863,6346,6257,6699,4661,4672,1214,6881,6889 -j DROP
[0:0] -A INPUT -i eth0 -p udp -m multiport --dports 4661,4672,6881,6889,1214,4661,4672,6257,6699,6346,3312,3412,3512,1215,1315 -j DROP
[0:0] -A INPUT -i eth1 -p tcp -m multiport --dports 135,137,138,139,113 -j DROP
[589:70987] -A INPUT -i eth1 -p udp -m multiport --dports 135,137,138,139,113 -j DROP
[76333:14307628] -A INPUT -i eth1 -j ACCEPT
[0:0] -A INPUT -m iprange --src-range 10.10.10.100-10.10.10.200 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.201-10.10.10.233 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.235-10.10.10.254 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.32-10.10.10.99 -j DROP
[0:0] -A INPUT -m iprange --src-range 10.10.10.21-10.10.10.30 -j DROP
[15510367:3346522673] -A FORWARD -i ! eth0 -o eth0 -j ACCEPT
[14265281:4511345821] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -f -j ACCEPT
#[0:0] -A FORWARD -o eth1 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A FORWARD -o eth0 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A FORWARD -o eth0 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
#[0:0] -A OUTPUT -o eth1 -p tcp -m tcp --sport 31337 --dport 31337 -j DROP
COMMIT
# Completed on Mon Feb 20 15:34:03 2006
# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*mangle
:PREROUTING ACCEPT [84465749:31710532148]
:INPUT ACCEPT [54611282:23847630554]
:FORWARD ACCEPT [29775648:7857868494]
:OUTPUT ACCEPT [62796270:29017241181]
:POSTROUTING ACCEPT [93021182:36884094955]
COMMIT
# Completed on Mon Feb 20 15:34:03 2006
# Generated by iptables-save v1.2.9 on Mon Feb 20 15:34:03 2006
*nat
:PREROUTING ACCEPT [844595:65841060]
:POSTROUTING ACCEPT [35876:2688756]
:OUTPUT ACCEPT [1728235:105494341]
[1236:59328] -A PREROUTING -s 10.10.10.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.10.1:81
[0:0] -A PREROUTING -s 10.10.10.0/255.255.255.0 -p udp -m udp --dport 80 -j DNAT --to-destination 10.10.10.1:81
[0:0] -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3128
[185790:11017927] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Feb 20 15:34:03 2006

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)