{"id":709,"date":"2019-02-09T16:13:57","date_gmt":"2019-02-09T09:13:57","guid":{"rendered":"http:\/\/notes.opikdesign.com\/?p=709"},"modified":"2019-02-22T01:47:28","modified_gmt":"2019-02-21T18:47:28","slug":"menggantikan-firewalld-ke-iptables-di-centos-7","status":"publish","type":"post","link":"https:\/\/notes.opikdesign.com\/index.php\/2019\/02\/09\/networking\/menggantikan-firewalld-ke-iptables-di-centos-7\/","title":{"rendered":"Menggantikan FirewallD ke IPTables di CentOS 7"},"content":{"rendered":"\n<p>Pada dasarnya FirewallD menggunakan IPTables juga namun yang tidak terbiasa seperti penulis ini, kurang familiar terhadap command -nya.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Install IPTables&#8230;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@localhost ~]# yum install system-config-firewall system-config-firewall-tui iptables-services<br><\/pre>\n\n\n\n<p>kemudian matikan FirewallD dan jangan lupa auto-run saat booting&#8230;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@localhost ~]# systemctl stop firewalld &amp;&amp; systemctl disable firewalld<br><\/pre>\n\n\n\n<p>sebelum mengaktifkan IPTables, melakukan config dasar rules -nya, ini contoh untuk server DNS, edit file <em>\/etc\/sysconfig\/iptables<\/em>, karena ini contoh yang hanya membuka port SSH, DNS dan SNMP, rubah sesuaikan keperluannya&#8230;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">*filter<br>:INPUT ACCEPT [0:0]<br>:FORWARD ACCEPT [0:0]<br>:OUTPUT ACCEPT [0:0]<br>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br>-A INPUT -p icmp -j ACCEPT<br>-A INPUT -i lo -j ACCEPT<br>-A INPUT -m state --state NEW -m multiport -p tcp --dports 22,53 -j ACCEPT<br>-A INPUT -m state --state NEW -m multiport -p udp --dports 53,161 -j ACCEPT<br>-A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP<br>-A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br>-A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<br>-A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP<br>-A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP<br>-A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP<br>-A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP<br>-A INPUT -p tcp --tcp-flags ALL FIN -j DROP<br>-A INPUT -p tcp --tcp-flags ALL NONE -j DROP<br>-A INPUT -p tcp --tcp-flags ALL PSH,FIN -j DROP<br>-A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j DROP<br>-A INPUT -p tcp --syn --dport 113 -j REJECT --reject-with tcp-reset<br>-A INPUT -p tcp -m tcp --dport 139 -j DROP<br>-A INPUT -s 255.255.255.255\/32 -j DROP<br>-A INPUT -s 10.0.0.0\/8 -j DROP<br>-A INPUT -s 172.16.0.0\/12 -j DROP<br>-A INPUT -s 192.168.0.0\/16 -j DROP<br>-A INPUT -s 169.254.0.0\/16 -j DROP<br>-A INPUT -s 224.0.0.0\/4 -j DROP<br>-A INPUT -d 224.0.0.0\/4 -j DROP<br>-A INPUT -s 240.0.0.0\/5 -j DROP<br>-A INPUT -d 240.0.0.0\/5 -j DROP<br>-A INPUT -d 0.0.0.0\/8 -j DROP<br>-A INPUT -d 239.255.255.0\/24 -j DROP<br>-A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP<br>-A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP<br>-A INPUT -m state --state INVALID -j DROP<br>-A INPUT -j REJECT --reject-with icmp-host-prohibited<br>-A FORWARD -j REJECT --reject-with icmp-host-prohibited<br>COMMIT<\/pre>\n\n\n\n<p>terakhir mengaktifkan IPTables dan akan selalu auto-run saat booting pertama kali<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@localhost ~]# systemctl start iptables &amp;&amp; systemctl enable iptables<br><\/pre>\n\n\n\n<p>untuk mengecek rules IPTables yang berjalan&#8230;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@localhost ~]# iptales -t filter -L<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Pada dasarnya FirewallD menggunakan IPTables juga namun yang tidak terbiasa seperti penulis ini, kurang familiar terhadap command -nya.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,4],"tags":[60,59,58],"class_list":["post-709","post","type-post","status-publish","format-standard","hentry","category-networking","category-sys-admin","tag-centos-7","tag-firewalld","tag-iptables"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/comments?post=709"}],"version-history":[{"count":1,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/709\/revisions"}],"predecessor-version":[{"id":710,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/posts\/709\/revisions\/710"}],"wp:attachment":[{"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/media?parent=709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/categories?post=709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/notes.opikdesign.com\/index.php\/wp-json\/wp\/v2\/tags?post=709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}