Setting IP

install iptables sesuai distro

kalo kaga command

apt-get install iptables OR yum install iptables

cd /etc/sysconfig/

nah pada directory ini lo bikin file iptables

nano iptables

kalo udah di sana loe masukin rule nya contoh :

+-(root@lvps212-241-196-154.vps.webfusion.co.uk)(09:25:10)
+-($ Mb)(~)-> cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.9 on Sat Mar 3 23:07:59 2007
*mangle
:PREROUTING ACCEPT [117:19386]
:INPUT ACCEPT [117:19386]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [107:8369]
:POSTROUTING ACCEPT [107:8369]
COMMIT
# Completed on Sat Mar 3 23:07:59 2007
# Generated by iptables-save v1.2.9 on Sat Mar 3 23:07:59 2007
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -j REJECT
-A INPUT -p icmp --icmp-type echo-request -j DROP
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 10000 -j REJECT
-A INPUT -p tcp --dport 25 -j REJECT
-A INPUT -p udp --dport 53 -j ACCEPT
-A INPUT -p tcp --dport 2020 -j ACCEPT
-A INPUT -p tcp --dport 110 -j REJECT
-A INPUT -p tcp --dport 113 -j REJECT
-A INPUT -p tcp --dport 465 -j REJECT
-A INPUT -p tcp --dport 993 -j REJECT
-A INPUT -p tcp --dport 995 -j REJECT
-A INPUT -p tcp --dport 143 -j REJECT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 3306 -j REJECT
-A INPUT -p tcp --dport 8080 -j REJECT
COMMIT
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

--------------------------------

nah kalo udah save lalu iptables-save

service iptables restart

+-(root@lvps212-241-196-154.vps.webfusion.co.uk)(09:25:19)
+-($ Mb)(~)-> service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter nat [ OK ]
Applying iptables firewall rules: [ OK ]


-----------------------------------------------------------------------------------------------------

untuk mengetahui apakah rule kita berjalan dengan benar cek statusnya

+-(root@lvps212-241-196-154.vps.webfusion.co.uk)(09:26:26)
+-($ Mb)(~)-> service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
REJECT tcp -- anywhere anywhere tcp dpt:10000 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:2020
REJECT tcp -- anywhere anywhere tcp dpt:pop3 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smtps reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:imaps reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:pop3s reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:imap reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:http
REJECT tcp -- anywhere anywhere tcp dpt:mysql reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:webcache reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

-------------------------------------

Finis cek List rule : iptables -L

Wink