menampilkan daftar semua rules iptables pada sistem
iptables -L
menampilkan rules tertentu iptables pada sistemiptables -L [JENIS_RULE]
menampilkan daftar rules iptables beserta index rules/ tampilkan lebih detailiptables -t filter -L [rules] --line-numbers -n -v
menghapus rules iptables pada sistemiptables -F
konfigurasi setting default iptablesiptables -P INPUT [DROP|ACCEPT] iptables -P FORWARD [DROP|ACCEPT] iptables -P OUTPUT [DROP|ACCEPT]membuka port tertentu (contoh membuka port 80)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
blokir sistem agar tidak dapat mengakses situs atau ip tertentuiptables -A OUTPUT -p tcp -d [ip_atau_url] -j DROP
white list ip address atau subnet jaringan tertentuiptables -I INPUT -s [ip_address]/[CIDR] -j ACCEPT iptables -I OUTPUT -d [ip_address]/[CIDR] -j ACCEPTmengijinkan protokol ICMP / ping DARI luar pada system sistem
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
mengijinkan protokol ICMP / ping KE luar pada system sistemiptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
forward port public ip ke private ipiptables -t nat -A PREROUTING -p tcp -d [public_ip] --dport [port_public_machine] -j DNAT --to [private_ip]:[port_machine]
mengijinkan port tertentu untuk mengakses sistemiptables -I INPUT -i docker0 -j ACCEPT
menambahkan rules mengijinkan port tertentu untuk mengakses sistemiptables -I INPUT [nomor_rule] -i docker0 -j ACCEPT
Backup dan Restore konfigurasi iptables
backup konfigurasi iptables
iptables-save > /etc/iptables/rules.v4
restore konfigurasi iptablesiptables-restore < /etc/iptables/rules.v4
Referensi :
- https://upcloud.com/community/tutorials/configure-iptables-debian/
- https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently
- https://serverfault.com/a/529400
- https://tecadmin.net/enable-logging-in-iptables-on-linux
- https://gemaroprek.com/cara-whitelist-ip-pada-iptables/
- https://www.unix-ninja.com/p/An_iptables_cheat-sheet
- https://unix.stackexchange.com/q/106890
- https://www.cyberciti.biz/faq/linux-iptables-insert-rule-at-top-of-tables-prepend-rule/
- https://www.cyberciti.biz/tips/linux-iptables-12-how-to-block-or-open-dnsbind-service-port-53.html
No comments:
Post a Comment