iptables tidak jalan

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
Post Reply
User avatar
newbei

iptables tidak jalan

Post 04 Sep 2013, 10:03

Mohon bantuannya mas bro/sis semua.
scrip iptables saya yang ada di /etc/rc.local seperti di bawah ini.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A OUTPUT -p tcp -dport 7777 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:EE:D4 -j DROP
iptables -I FORWARD -m mac --mac-source 6C:F0:49:97:09:9E -j DROP
iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:1B:CB -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:EE:C5 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:69:18:DA -j DROP
iptables -I FORWARD -m mac --mca-source 48:5B:39:97:14:2B -j DROP
iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:18:2F -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:65:52:98 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:64:ED:64 -j DROP
iptables -I FORWARD -m mac --mac-source 48:5B:39:98:4C:40 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:67:F4:98 -j DROP
iptables -I FORWARD -m mac --mac-source 1C:6F:65:AF:5A:7F -j DROP

iptables -A INPUT -m string --algo kmp --string 4shared -j REJECT
iptables -A FORWARD -m string --algo kmp --string 4shared -j REJECT

iptables -A INPUT -m string --algo kmp --string torrent.net -j REJECT
iptables -A FORWARD -m string --algo kmp --string torrent.net -j REJECT

iptables -A INPUT -m string --algo kmp --string porn -j REJECT
iptables -A FORWARD -m string --algo kmp --string porn -j REJECT

iptables -A INPUT -m string --algo kmp --string torrent -j REJECT # utk memblok torrent
iptables -A FORWARD -m string --algo kmp --string torrent -j REJECT #utk blok torrent
iptables -I FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP

iptables -A FORWARD -p tcp -d 69.171.224.0/19 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 69.171.224.0/19 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 66.220.144.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 66.220.144.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 69.63.176.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 69.63.176.0/20 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A FORWARD -p tcp -d 65.52.0.0/14 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP
iptables -A OUTPUT -p tcp -d 65.53.0.0/14 -m time --timestart 06:00:00 --timestop 22:00:00 -j DROP

iptables -I FORWARD -m tcp -p tcp -m
iptables -I FORWARD -d 69.171.224.0/19 -j DROP
iptables -I OUTPUT -d 69.171.224.0/19 -j DROP
iptables -I FORWARD -d 66.220.144.0/20 -j DROP
iptables -I OUTPUT -d 66.220.144.0/20 -J DROP
iptables -I FORWARD -d 69.63.176.0/20 -j DROP
iptables -I OUTPUT -d 69.63.176.0/20 -j DROP
iptables -I FORWARD -d 65.52.0.0/14 -j DROP
iptables -I OUTPUT -d 65.52.0.0/14 -j DROP
iptables -I FORWARD -m tcp -p tcp -d 69.171.228.70 --dport 443-j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

exit 0

Tapi waktu saya mau cek apakah ini berjalan atau tidak dengan perintah
#iptables -L-v
Hasil nya:
Chain INPUT (policy ACCEPT 1195K packets, 714M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 30M packets, 17G bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1361K packets, 817M bytes)
pkts bytes target prot opt in out source destination

Mohon bantuan dan koreksinya.

Salam


User avatar
q_p
Contact:

Post 04 Sep 2013, 10:37

pkts bytes target prot opt in out source destination
Kayaknya belum jalan mas.
  1. Misalnya ini =

    Code: Select all

    ...
    iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:1B:CB -j DROP
    ...
    masak cuma segitu ?
  2. Dan yang ini =

    Code: Select all

    ...
    ...--mca-source ...
    ...
    bukannya --mac-source ?
cmiiw


User avatar
newbei

Post 04 Sep 2013, 11:31

Pragola_Pati wrote:
pkts bytes target prot opt in out source destination
Kayaknya belum jalan mas.
  1. Misalnya ini =

    Code: Select all

    ...
    iptables -I FORWARD -m mac --mca-source 1C:6F:65:69:1B:CB -j DROP
    ...
    masak cuma segitu ?

    Maaf mas, bukan begitu perintah utk memblok mac address?
    Mohon penjelasan nya?
  2. Dan yang ini =

    Code: Select all

    ...
    ...--mca-source ...
    ...
    bukannya --mac-source ?
Yang ini sudah saya rubah mas menjadi --mac.... :)
cmiiw


Post Reply

Who is online

Users browsing this forum: No registered users and 24 guests