On Mon, Dec 21, 2009 at 07:24:31AM +0000, Arief Yudhawarman wrote: Ralat, tidak perlu sampai chain FORWARD, cukup sampai chain PREROUTING.
2. Script kecil di bawah akan menambah rule ke iptables untuk mencatat akses ke ip conficker: #!/bin/sh LAN_IFACE="eth0" IPTABLES="/usr/sbin/iptables" FIPCONFICKER="/etc/conficker/ip.conficker" while read IPCONFICKER do # only for kernel 2.6 for use with option -m comment # CHAIN PREROUTING # uncomment this to drop access to ip conficker #$IPTABLES -t nat -I PREROUTING -i $LAN_IFACE -d $IPCONFICKER -j DROP \ #-m comment --comment "IP Conficker" $IPTABLES -t nat -I PREROUTING -i $LAN_IFACE -d $IPCONFICKER -j LOG \ --log-prefix "CONFICKER" --log-ip-options done <$FIPCONFICKER Ini dari client akses ke ip conficker: y...@files:~$ ping 221.7.91.31 -c 1 PING 221.7.91.31 (221.7.91.31) 56(84) bytes of data. --- 221.7.91.31 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms y...@files:~$ telnet 221.7.91.31 80 Trying 221.7.91.31... y...@files:~$ Ini tampilan syslog: .... Dec 21 14:29:14 proxy kernel: CONFICKERIN=eth0 OUT= MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=11322 SEQ=1 Dec 21 14:29:34 proxy kernel: CONFICKERIN=eth0 OUT= MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=4679 DF PROTO=TCP SPT=40877 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Dec 21 14:29:37 proxy kernel: CONFICKERIN=eth0 OUT= MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=4680 DF PROTO=TCP SPT=40877 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 -- Terimakasih sebelumnya. Salam, ~~ Arief Yudhawarman ~~ -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis