*filter
:INPUT ACCEPT [368:102354]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [92952:20764374]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
COMMIT
sudo iptables -xvL
Chain INPUT (policy ACCEPT 24 packets, 1776 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 1316 bytes)
pkts bytes target prot opt in out source destination
sudo iptables-restore < /etc/iptables.rules
sudo iptables -xvL
root@server2:/mnt/gluster# sudo iptables -xvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
148 10272 ACCEPT tcp — any any anywhere anywhere tcp dpt:ssh
35 1820 ACCEPT tcp — any any anywhere anywhere tcp dpt:24007
0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
34 1768 ACCEPT all — any any anywhere anywhere state RELATED,ESTABLISHED
5 515 DROP all — any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 190 packets, 16880 bytes)
pkts bytes target prot opt in out source destination
nano /etc/iptables.shutdown
echo “Stopping Firewall….”
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
chmod 755 /etc/iptables.shutdown
Kedua buat script untuk startupnya
sudo nano /etc/init.d/iptables
#!/bin/bash
if [[ $1 == start ]] ; then
sudo iptables-restore < /etc/iptables.rules
else
sudo /etc/iptables.shutdown
fi
sudo chmod 755 /etc/init.d/iptables
sudo update-rc.d iptables start 20 2 3 4 5 . stop 99 0 1 6 .
sudo vi /etc/rc.local
/etc/init.d/iptables start
exit 0
Simpan dan buat simbolik link
sudo ln -sf /etc/rc0.d/k99iptables /etc/init.d/iptables
sudo ln -sf /etc/rc6.d/k99iptables /etc/init.d/iptables
sudo chmod 755 /etc/rc0.d/k99iptables
sudo chmod 755 /etc/rc6.d/k99iptables
sudo service iptables start