[tanya-jawab] rules iptables

[rianto]

dear all,

saya menggunakan iptables 1.3.3 dengan debian sarge. di perintah 
iptables saya menggunakan rule policy dibawah ini
-----------------------------------------------------------------
........
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
*iptables -P FORWARD DROP
iptables -t nat -A POSTROUTING -j ACCEPT*
iptables -t nat -A PREROUTING -j ACCEPT
iptables -t mangle -A INPUT -j ACCEPT
iptables -t mangle -A OUTPUT -j ACCEPT
iptables -t mangle -A FORWARD -j ACCEPT
iptables -t mangle -A PREROUTING -j ACCEPT
iptables -t mangle -A POSTROUTING -j ACCEPT
..........
---------------------------------------------------------------------
tapi kenapa ya kalau perintah yang ditebali hurufnya itu diaktifkan 
internetnya malah gak jalan tetapi kalau tidak diaktifkan malah bisa
kalau di iptables -nL hasilnya sama meski tidak diaktifkan maupun tidak!!!!
#iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:25 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:80 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:143 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:443 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:587 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:995 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:5050 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:8080 state NEW,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            202.6.224.xxx       tcp spts:1024:65535 dpt:10000 state NEW,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            202.6.224.xxx       state ESTABLISHED 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:25 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:80 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:110 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:143 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:443 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:587 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:995 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:5050 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:8080 dpts:1024:65535 state ESTABLISHED 
ACCEPT     tcp  --  202.6.224.xxx        0.0.0.0/0           tcp spt:10000 dpts:1024:65535 state ESTABLISHED 
ACCEPT     icmp --  202.6.224.xxx        0.0.0.0/0           state NEW,ESTABLISHED 







--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis