IP TABLES Sebagai firewal

bagaimana nge block port dan ngeblock layanan lainnya mari kita bahas, dibawah ini adalah contoh dari ip tables untuk ngeblock beberapa chat client dan bisa di pake untuk block yang lainya tinggal di cari port mana yang akan di block atau website mana yang tidak bisa di akses oleh user.

#:.Block AIM:
iptables -A FORWARD -d login.oscar.aol.com -j REJECT
#:.Block ICQ:
iptables -A FORWARD -s 192.168.1.0/24 -p tcp –dport 5190 -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d login.icq.com -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d go.icq.com -j DROP
#:.Block MSN:
iptables -A OUTPUT -s 192.168.1.0/24 -p TCP –dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d messenger.hotmail.com -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d login.passport.com -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d rad.msn.com -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs160.msgr.hotmail.com -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d baym-cs157.msgr.hotmail.com -j DROP
#:.Block Yahoo Messenger:
iptables -A FORWARD -s 192.168.1.0/24 -d cs.yahoo.com -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d scsa.yahoo.com -j REJECT
#:.iMesh:
iptables -A FORWARD -s 192.168.1.0/24 -d 216.35.208.0/24 -j REJECT
#:.BearShare:
iptables -A FORWARD -p TCP –dport 6346 -j REJECT
#:.ToadNode:
iptables -A FORWARD -p TCP –dport 6346 -j REJECT
#:.WinMX:
iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#:.Napigator:
iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#:.Morpheus:
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -p TCP –dport 1214 -j REJECT
#:.KaZaA:
iptables -t filter -A INPUT -i ppp0 -p tcp –dport http -m string –string “kazaa” -j DROP
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -p TCP –dport 1214 -j REJECT
iptables -A FORWARD -m string –string “X-Kazaa-Username:” -j DROP
iptables -A FORWARD -m string –string “X-Kazaa-Network:” -j DROP
iptables -A FORWARD -m string –string “X-Kazaa-IP:” -j DROP
iptables -A FORWARD -m string –string “X-Kazaa-SupernodeIP” -j DROP
iptables -A FORWARD -m string –string “Kazaa” -j DROP
#iptables -A FORWARD -m string –string “msn.” -j DROP
iptables -A FORWARD -m string –string “.mp3” -j DROP
#:.Limewire:
iptables -A FORWARD -p TCP –dport 6346 -j REJECT
#:.Audiogalaxy:
iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
iptables -A FORWARD -m unclean -j DROP
iptables -A INPUT -p tcp –syn -j DROP
# Blocking Blaster\Sasser
iptables -A INPUT -p tcp -i eth0 -s 0/0 –dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 –dport 135 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 –dport 139 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 –dport 139 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 –dport 445 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 –dport 445 -j DROP
#Windows Media Service
iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d mediasrv-2.ig.com.br -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d volstag2.uol.com.br -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d 200.221.5.17 -j DROP

iptables -A FORWARD -p UDP –dport 6346 -j REJECT

iptables -A INPUT –mac-source 00:0B:DB:45:56:42 -j DROP

[root@dj-avu root]# iptables -h
iptables v1.2.7a

Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Commands:
Either long or short options are allowed.
–append  -A chain            Append to chain
–delete  -D chain            Delete matching rule from chain
–delete  -D chain rulenum
Delete rule rulenum (1 = first) from chain
–insert  -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
–replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
–list    -L [chain]          List the rules in a chain or all chains
–flush   -F [chain]          Delete all rules in  chain or all chains
–zero    -Z [chain]          Zero counters in chain or all chains
–new     -N chain            Create a new user-defined chain
–delete-chain
-X [chain]          Delete a user-defined chain
–policy  -P chain target
Change policy on chain to target
–rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
–proto       -p [!] proto    protocol: by number or name, eg. `tcp’
–source      -s [!] address[/mask]
source specification
–destination -d [!] address[/mask]
destination specification
–in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
–jump        -j target
target for rule (may load target extension)
–match       -m match
extended match (may load extension)
–numeric     -n              numeric output of addresses and ports
–out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
–table       -t table        table to manipulate (default: `filter’)
–verbose     -v              verbose mode
–line-numbers                print line numbers when listing
–exact       -x              expand numbers (display exact values)
[!] –fragment  -f              match second or further fragments only
–modprobe=<command>          try to insert modules using this command
–set-counters PKTS BYTES     set the counter during insert/append
[!] –version   -V              print package version.
[root@dj-avu root]#

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s