iptables - proteksi

--utk catat log yg drop

/sbin/iptables -N LOGDROP

/sbin/iptables -A LOGDROP -j LOG

/sbin/iptables -A LOGDROP -j DROP

 

 

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j LOGDROP




--lihat log

cat /var/log/kern.log




--permanent

iptables-save > /etc/iptables.up.rules

editor /etc/network/if-pre-up.d/iptables

--tulis ini disana:

#!/bin/sh
 /sbin/iptables-restore < /etc/iptables.up.rules

--chmod x

chmod +x /etc/network/if-pre-up.d/iptables 




iptables block range ip

# cat /etc/iptables/rules.v4
----------------------------------------------
# Generated by xtables-save v1.8.2 on Thu Jul  9 02:55:34 2020
*filter
:INPUT ACCEPT [755:72126]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1164:142504]
-A INPUT -f -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 39000 -j ACCEPT
-A INPUT -s 185.0.0.0/8 -j DROP
-A INPUT -s 46.0.0.0/8 -j DROP
COMMIT
# Completed on Thu Jul  9 02:55:34 2020