IPTABLES dan FTP Server
Dari IGNwiki
Revisi per 24 Mei 2011 05.01 oleh Ns (bicara | kontrib) (←Membuat halaman berisi 'Muat modul: modprobe nf_conntrack_ftp Tambahkan ke /etc/rc.d/rc.local echo "modprobe nf_conntrack_ftp" >> /etc/rc.d/rc.local Tambahkan entri: /etc/sysconfig/iptables-…')
Muat modul:
modprobe nf_conntrack_ftp
Tambahkan ke /etc/rc.d/rc.local
echo "modprobe nf_conntrack_ftp" >> /etc/rc.d/rc.local
Tambahkan entri: /etc/sysconfig/iptables-config"
IPTABLES_MODULES="nf_conntrack_ftp"
Salin dan paste konfigurasi di bawah ini ke /etc/sysconfig/iptables
# /etc/sysconfig/iptables # Generated by iptables-save v1.4.1.1 on Tue May 24 11:28:49 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [11535:1203162] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -d 224.0.0.251/32 -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -p tcp -m state --state NEW -m tcp --sport 20 -j ACCEPT COMMIT # Completed on Tue May 24 11:28:49 2011
Taut:
