Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh -e
- #
- # rc.local
- #
- # This script is executed at the end of each multiuser runlevel.
- # Make sure that the script will "exit 0" on success or any other
- # value on error.
- #
- # In order to enable or disable this script just change the execution
- # bits.
- #
- # By default this script does nothing.
- #flashing
- iptables -F
- iptables -t nat -F
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT DROP
- # paket ( ini adalah filtering paket yang masuk )
- iptables -A INPUT -m state --state NEW -i eth1 -j ACCEPT
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT -m state --state NEW,INVALID -i eth1 -j DROP
- iptables -A FORWARD -m state --state NEW -j ACCEPT
- iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A FORWARD -m state --state NEW,INVALID -j DROP
- iptables -A OUTPUT -m state --state NEW -j ACCEPT
- iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A OUTPUT -m state --state NEW,INVALID -j DROP
- # netbios ( DROP untuk netbios )
- iptables -A FORWARD -p udp --sport 137:139 -j DROP
- # ping ( action ACCEPT berarti dapat ping, kalau action DROP berati tidak dapat di ping)
- iptables -A INPUT -p icmp -j ACCEPT
- iptables -A FORWARD -p icmp -j ACCEPT
- iptables -A OUTPUT -p icmp -j ACCEPT
- # browser ( action ACCEPT berarti dapat mengakses web, kalau action DROP berati tidak dapat access web )
- iptables -A INPUT -p tcp -m multiport --ports 80 -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --ports 80 -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --ports 80 -j ACCEPT
- # dns ( action ACCEPT berarti dns bisa di nslookup, kalau actions DROP maka dns tdk bisa di nslookup )
- iptables -A INPUT -m state --state NEW -p tcp -m multiport --ports 53 -j ACCEPT
- iptables -A FORWARD -p udp -m multiport --ports 53 -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --ports 53 -j ACCEPT
- iptables -A INPUT -p udp -m multiport --ports 53 -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --ports 53 -j ACCEPT
- iptables -A OUTPUT -p udp -m multiport --ports 53 -j ACCEPT
- # smtp ( actions ACCEPT berarti dapat mengirim email, kalau action DROP maka tidak dapat )
- iptables -A INPUT -p tcp -m multiport --ports 25 -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --ports 25 -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --ports 25 -j ACCEPT
- # pop3 ( action ACCEPT berarti dapat melihat masuk pesan email, kalau action DROP maka tidak )
- iptables -A INPUT -p tcp -m multiport --ports 110 -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --ports 110 -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --ports 110 -j ACCEPT
- #imap ( action ACCEPT berarti port smtp dapat diakses, dan action DROP sebaliknya )
- iptables -A INPUT -p tcp -m multiport --ports 143 -j ACCEPT
- iptables -A FORWARD -p tcp -m multiport --ports 143 -j ACCEPT
- iptables -A OUTPUT -p tcp -m multiport --ports 143 -j ACCEPT
- #ntp server ( action ACCEPT berarti port network time protokol dapat dilalui #untuk update time, dan action DROP sebailnya)
- iptables -A INPUT -p udp -m multiport --ports 123 -j ACCEPT
- iptables -A FORWARD -p udp -m multiport --ports 123 -j ACCEPT
- iptables -A OUTPUT -p udp -m multiport --ports 123 -j ACCEPT
- # routing table
- iptables -t nat -A POSTROUTING -o eth0 -s 172.16.1.0/29 -j MASQUERADE
- # redirect ke server proxy
- iptables -t nat -A PREROUTING -p tcp -m multiport --dport 80 -i eth1 -s 172.16.4.0/24 -j DNAT --to-destination 192.168.4.1:8080
- # catatan : semua file rc.local kita taruh saja di router, karena router berfungsi untuk merouting semua paket.
- # bagi temen2 semua, tolong di koreksi, kalau kurang monggo di tambah, kalau lebih tetep di tambah aja.
- # jangan lupa di restart dengan perintah /etc/init.d/rc.local start
- # dan didupkan net.ipv4.ip_forward = 1
- # oke.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement