Ini pake squid apa ngk? Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!
-----Original Message----- From: "Joko Prasetya" <jokopras.s...@gmail.com> Date: Mon, 11 Jun 2012 11:01:07 To: milis tanya jawab linux<tanya-jawab@linux.or.id> Reply-To: tanya-jawab@linux.or.id Subject: [tanya-jawab] bingung dengan rules blok facebook Dear teman - teman Bingung dengan iptables, rules di bawah adalah untuk blok facebook, masalahnya bos minta di loloskan akses ke facebook. -A INPUT -m string ! -s 192.168.1.10/32 -j REJECT --reject-with icmp-port-unreachable --string "facebook" --algo kmp --to 65535 -A FORWARD -m string ! -s 192.168.1.10/32 -j REJECT --reject-with icmp-port-unreachable --string "facebook" --algo kmp --to 65535 bos dengan ip 192.168.1.10, tolong bagaimana meloloskan ip tersebut agar bisa akses ke facebook ini rules lengkapnya # Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012 *nat :PREROUTING ACCEPT [1875:214478] :POSTROUTING ACCEPT [2527:153654] :OUTPUT ACCEPT [3198:238433] -A PREROUTING -i eth1 -p udp -m udp -m multiport --dports 80,3128,8080,8081 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth1 -p tcp -m tcp -m multiport --dports 80,3128,8080,8081 -j REDIRECT --to-ports 3128 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Apr 24 11:14:49 2012 # Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012 *filter :FORWARD DROP [0:0] :INPUT DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -p tcp -m tcp -d 124.11.226.0/24 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 218.160.87.0/24 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 61.62.0.0/16 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 220.136.24.0/24 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 76.226.159.35/32 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 114.39.37.194/32 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 218.165.6.95/32 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 111.254.57.139/32 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 114.0.0.0/10 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 65.49.0.0/17 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 204.107.140.0/24 --dport 443 -j DROP -A INPUT -p tcp -m tcp -d 59.112.117.159/32 --dport 443 -j DROP* -A INPUT -m string ! -s 192.168.1.10/32 -j REJECT --reject-with icmp-port-unreachable --string "facebook" --algo kmp --to 65535 -A INPUT -s 103.5.48.0/24 -j ACCEPT -A INPUT -s 110.138.215.66/32 -j ACCEPT -A INPUT -s 180.247.196.76/32 -j ACCEPT -A INPUT -s 192.168.1.2/32 -j ACCEPT -A INPUT -s 192.168.1.1/32 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 5050 -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.3/32 --dport 8670 -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.10/32 -i eth1 --dport 443 -j ACCEPT -A INPUT -i lo -j ACCEPT -A FORWARD -p tcp -m tcp -m string --dport 443 -j DROP --hex-string "|00040005000a00090064006200030006001300120063|" --algo bm --to 65535 -A FORWARD -p tcp -m tcp -m string --dport 443 -j LOG --hex-string "|00040005000a00090064006200030006001300120063|" --algo bm --to 65535 --log-prefix "ultrasurf: " -A FORWARD -p tcp -m tcp -d 124.11.226.0/24 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 218.160.87.0/24 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 61.62.0.0/16 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 220.136.24.0/24 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 76.226.159.35/32 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 114.39.37.194/32 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 218.165.6.95/32 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 114.0.0.0/10 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 111.254.57.139/32 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 204.107.140.0/24 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 65.49.0.0/17 --dport 443 -j DROP -A FORWARD -p tcp -m tcp -d 59.112.117.159/32 --dport 443 -j DROP -A FORWARD -m string ! -s 192.168.1.10/32 -j REJECT --reject-with icmp-port-unreachable --string "facebook" --algo kmp --to 65535 -A FORWARD -p tcp -m tcp -s 192.168.1.0/24 --dport 5050 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT -A FORWARD -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m limit --limit 2/min --limit-burst 2 -j LOG --log-prefix "** OUTPUT DROP ** " -A FORWARD -p tcp -m tcp --dport 8888 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 8670 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 1723 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m limit --limit 2/min --limit-burst 2 -j LOG --log-prefix "** FORWARD DROP ** " -A INPUT -m limit --limit 2/min --limit-burst 2 -j LOG --log-prefix "** INPUT DROP ** " COMMIT # Completed on Tue Apr 24 11:14:49 2012 # Generated by iptables-save v1.4.4 on Tue Apr 24 11:14:49 2012 *mangle :PREROUTING ACCEPT [76151:22629733] :INPUT ACCEPT [70425:20140581] :FORWARD ACCEPT [5615:2468095] :OUTPUT ACCEPT [77817:27939469] :POSTROUTING ACCEPT [82406:30305176] -A FORWARD -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff -A OUTPUT -m tos --tos 0x80/0x3f -j MARK --set-xmark 0x4/0xffffffff -A OUTPUT -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff -A POSTROUTING -m tos --tos 0x80/0xff -j MARK --set-xmark 0x4/0xffffffff COMMIT # Completed on Tue Apr 24 11:14:49 2012 -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
