gilangvperdana/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Note about IPTables on Linux

Commands


Flush existing ruleset:

iptables -F
iptables -t nat -F


Set reasonable policy defaults (that is, these are "reasonable" for an exposed firewall; you may decide that an input policy of ACCEPT is, well, acceptable in this particular scenario):

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT


You really don't want to stop loopback traffic with a DROP policy:

iptables -A INPUT -i lo -j ACCEPT


Allow existing sessions for both local and routed traffic:

iptables -A INPUT   -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT


If the INPUT policy is indeed DROP, add rules for relevant local services here; the example below handles SSH:

iptables -A INPUT -p tcp --dport 22 -m state --STATE NEW -j ACCEPT


Forward TCP port 1912 to 192.168.0.58:3398

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 1912 -j DNAT --to-destination 192.168.0.58:3389


Allow the forwarded packet through; remember to reference the translated IP address and portnumber, not the NATed ones:

iptables -A FORWARD -i eth1 -d 192.168.0.58 -p tcp --dport 3389 -j ACCEPT


Preserve return path by NATing behind 192.168.0.2 (eth1):

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.58 -p tcp --dport 3389 -j SNAT --to-source 192.168.0.2

Another Control Command


Check NAT List Rules

iptables -t nat -v -L -n --line-number


Delete NAT Rules

Assume you want to delete PREROUTING chain and 5 are number of rules line.


iptables -t nat --delete PREROUTING 5


Check all list Rules

iptables -L --line-numbers
/sbin/iptables -L -n -v --line


Delete Another Rules

Assume you want to delete FORWARD chain and 5 are number of rules line.


iptables --delete FORWARD 5

Make it Persistent

To make IPTables rules persistent, you can try :


Insert all Rules


Then :
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
iptables-save
ip6tables-save


You can delete your persistent rules with:
sudo apt-get remove --auto-remove iptables-persistent


## READMEid.md

      
    Raw
  

              READMEid.md
            
          
    =============================
MEMBUKA PORT YANG DIPERLUKAN
=============================
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -s 0/0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 0/0 -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -s 0/0 -j DROP

==================================
MENUTUP PORT YANG DOCKER CONTAINER
==================================
iptables -I DOCKER 1 -p tcp --dport 81 -j DROP
iptables --list DOCKER -n --line
iptables --list DOCKER-USER -n --line

MISAL KONTAINER RUNNING DI IP 172.17.0.2 DAN RUNNING PADA PORT DOCKER 80 KITA AKAN BLOK DARI LUAR/IP VM = 172.16.1.240
iptables -I FORWARD '!' -s 172.16.1.240 -d 172.17.0.2 -p tcp --dport 80 -j DROP
iptables --delete FORWARD 1

==================================
MEMBUKA PORT YANG DOCKER CONTAINER
==================================
iptables -I DOCKER 1 -p tcp --dport 81 -j ACCEPT
iptables --list DOCKER -n --line

===============================
MENUTUP PORT YANG GA DIPERLUKAN
===============================
iptables -A INPUT -s 0/0 -p tcp --destination-port 21 -j DROP
iptables -A INPUT -s 0/0 -p tcp --destination-port 22 -j DROP
iptables -A INPUT -s 0/0 -p tcp --destination-port 23 -j DROP
iptables -A INPUT -s 0/0 -p tcp --destination-port 80 -j DROP
iptables -A INPUT -s 0/0 -p tcp --destination-port 8282 -j DROP
iptables -A INPUT -s 0/0 -j ACCEPT

============================
MELIHAT RULES DAN MENGHAPUS RULES
============================
iptables -L -n -v --line-number
iptables --delete INPUT 1

=============================
MENGHAPUS RULES PADA IPTABLES
=============================
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

=============================
ACCEPT SEMUA RULES
=============================
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

=============================
MELIHAT RULES
=============================
iptables -nL

=============================
BACKUP RESTORE RULES
=============================
sudo iptables-save > iptables-export
sudo iptables-restore < /tmp/iptables-export