Masalah di iptables

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
newbei
Posts: 80
Joined: 14 Jan 2013, 09:58

Masalah di iptables

Postby newbei » 27 Aug 2013, 09:48

Rekan2 minta tolong masukkan nya.
Saya ingin memblok user berdasarkan mac address nya di iptables, awalanya ini script lancar jaya. Tapi ngak tahu knp sekarang skrip ini ngak bisa lagi ngblok user. Tolong masukkan nya teman2
Scrip iptables saya:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:EE:D4 -j DROP
iptables -I FORWARD -m mac --mac-source 6C:F0:49:97:09:9E -j DROP
iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:1B:CB -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:EE:C5 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:69:18:DA -j DROP
iptables -I FORWARD -m mac --mca-source 48:5B:39:97:14:2B -j DROP
iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:18:2F -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:65:52:98 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:ED:64 -j DROP
iptables -I FORWARD -m mac --mac-source 48:5B:39:98:4C:40 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:67:F4:98 -j DROP


iptables -A INPUT -m string --algo kmp --string 4shared -j REJECT
iptables -A FORWARD -m string --algo kmp --string 4shared -j REJECT
iptables -A INPUT -m string --algo kmp --string torrent.net -j REJECT
iptables -A FORWARD -m string --algo kmp --string torrent.net -j REJECT
iptables -A INPUT -m string --algo kmp --string porn -j REJECT
iptables -A FORWARD -m string --algo kmp --string porn -j REJECT
iptables -A INPUT -m string --algo kmp --string torrent -j REJECT
iptables -A FORWARD -m string --algo kmp --string torrent -j REJECT
iptables -I FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP
iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 66.220.144.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 66.220.144.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 69.63.176.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 69.63.176.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 65.52.0.0/14 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 65.53.0.0/14 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP

iptables -I FORWARD -m tcp -p tcp -m
iptables -I FORWARD -d 69.171.224.0/19 -j DROP
iptables -I OUTPUT -d 69.171.224.0/19 -j DROP
iptables -I FORWARD -d 66.220.144.0/20 -j DROP
iptables -I OUTPUT -d 66.220.144.0/20 -J DROP
iptables -I FORWARD -d 69.63.176.0/20 -j DROP
iptables -I OUTPUT -d 69.63.176.0/20 -j DROP
iptables -I FORWARD -d 65.52.0.0/14 -j DROP
iptables -I OUTPUT -d 65.52.0.0/14 -j DROP

iptables -I FORWARD -m tcp -p tcp -d 69.171.228.70 --dport 443-j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

exit 0
User avatar
thrvers
Posts: 4458
Joined: 01 Jan 2010, 13:28
Location: Jombang, Indonesia
Contact:

Re: Masalah di iptables

Postby thrvers » 27 Aug 2013, 16:12

'
bagaimana bila dimasukkan bash skrip /home/USER/iptable.sh?

lalu masukkan rc.local
/bin/bash /home/USER/iptable.sh
exit 0
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Masalah di iptables

Postby q_p » 27 Aug 2013, 17:12

Nambahin dikit mas

Code: Select all

~# chmod +x /home/USER/iptable.sh
User avatar
newbei
Posts: 80
Joined: 14 Jan 2013, 09:58

Re: Masalah di iptables

Postby newbei » 28 Aug 2013, 09:34

Maaf bro thrvers,
Maksud nya kita buat membuat bash skrip di /home/USER/iptable.sh ?
Mohon penjelasan yang lebih.


salam
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Masalah di iptables

Postby q_p » 28 Aug 2013, 13:21

Iya betul, itu yang dimaksudkan oleh mas thrvers. Dan path file tsb dimaksukkan ke rc.local agar pada saat restart, skrip tsb otomatis di-eksekusi.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: Masalah di iptables

Postby sipelaut » 30 Aug 2013, 07:56

taruh skripnya di direktori /etc/ini.d/
buat executable

Code: Select all

# chmod +x /etc/init.d/proxy_gue.sh


buat biar startup saat booting

Code: Select all

# update-rc.d proxy_gue.sh defaults

teng to resa and thavers
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Masalah di iptables

Postby q_p » 30 Aug 2013, 08:55

[quote=sipelaut]taruh skripnya di direktori /etc/ini.d/
buat executable

Code: Select all

# chmod +x /etc/init.d/proxy_gue.sh


buat biar startup saat booting

Code: Select all

# update-rc.d proxy_gue.sh defaults

teng to resa and thavers

waduh [color:#3333FF]init.d[/color] itu tempat penampungan init-script/startup-script/daemon, lha kalau isinya "iptables-nya TS" bagaimana cara start/stop/restart seperti skrip lainnya dalam dir init.d ?
Sebenarnya bisa dibuat daemonize (reff = http://www.gentoo.org/ ) dengan membuat init-script terpisah dari iptables tsb, sehingga bisa menjalankan iptables dengan start/stop/restart/save. Secara default, iptables di ubuntu tidak dilengkapi dengan fitur untuk melakukan fungsi daemon yaitu start/stop/restart/save. Untuk men-siasati-nya dibuatkan script untuk menjalankan iptables secara daemon, agar berjalan sebelum network start (saat booting) dan berhenti setelah network stop pada saat halt/shutdown/reboot =

Code: Select all

~# update-rc.d iptables start 37 S . start 37 0 . start 37 6 .
~# sh /opt/script/iptables-rules  ## berisi rule2-iptables
~# /etc/init.d/iptables save      ## init-script