Dear All, Saya coba buat rule sederhana dengan iptables, lalu jalankan perintah iptables-save, sehingga muncul seperti dibawah ini:
----------------------------------------------------------------------------------- # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 *nat :PREROUTING ACCEPT [460:51574] :POSTROUTING ACCEPT [5:289] :OUTPUT ACCEPT [5:289] COMMIT # Completed on Thu Apr 20 08:14:59 2006 # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 *mangle :PREROUTING ACCEPT [1596:237603] :INPUT ACCEPT [1596:237603] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1185:393321] :POSTROUTING ACCEPT [1185:393321] COMMIT # Completed on Thu Apr 20 08:14:59 2006 # Generated by iptables-save v1.2.7a on Thu Apr 20 08:14:59 2006 *filter :INPUT ACCEPT [617:135798] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1185:393321] -A INPUT -p udp -m udp --dport 135 -j DROP -A INPUT -p udp -m udp --dport 136 -j DROP -A INPUT -p udp -m udp --dport 137 -j DROP -A INPUT -p udp -m udp --dport 138 -j DROP -A INPUT -p udp -m udp --dport 139 -j DROP -A INPUT -p udp -m udp --dport 445 -j DROP -A INPUT -p tcp -m tcp --dport 4444 -j DROP -A INPUT -p tcp -m tcp --dport 135 -j DROP -A INPUT -p tcp -m tcp --dport 138 -j DROP -A INPUT -p tcp -m tcp --dport 139 -j DROP -A INPUT -p tcp -m tcp --dport 445 -j DROP -A INPUT -p udp -m udp --dport 69 -j DROP COMMIT # Completed on Thu Apr 20 08:14:59 2006 ----------------------------------------------------------------------------------- Tapi isi file di /etc/sysconfig/iptables tidak berubah dan isinya adalah sebagai berikut: ----------------------------------------------------------------------------------- # Firewall configuration written by lokkit # Manual customization of this file is not recommended. # Note: ifup-post will punch the current nameservers through the # firewall; such entries will *not* be listed here. *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :RH-Lokkit-0-50-INPUT - [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A FORWARD -j RH-Lokkit-0-50-INPUT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT --syn -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 -j ACCEPT --syn -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT --syn -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT --syn -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 -j REJECT --syn -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 -j REJECT --syn -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 -j REJECT --syn -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 -j REJECT --syn COMMIT # Generated by webmin *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed ----------------------------------------------------------------------------------- sehingga jika menggunakan perintah service iptables restart, maka yang dijalankan adalah rule yang kedua. Kenapa ya ? Terima kasih, Chandra __________________________________________________ Apakah Anda Yahoo!? Lelah menerima spam? Surat Yahoo! memiliki perlindungan terbaik terhadap spam http://id.mail.yahoo.com -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [EMAIL PROTECTED] Arsip dan info milis selengkapnya di http://linux.or.id/milis
