Saturday, April 26, 2008

IPtables Startup Pada Ubuntu Linux

Alhamdulillah, dapet juga pemecahan masalah buat iptables startup di ubuntu. mulanya kirain aku pikir sama kayak bapak nya "Debian" yang cuman simpen script di if-up.d aja :) ini adalah script nya
yang sebenernya script ini diadopsi dari iptables script nya gentoo.


#!/bin/sh
#
#This is a ubuntu adapted iptables script from gentoo
#(http://www.gentoo.org) which was originally distributed
# under the terms of the GNU General Public License v2
#and was Copyrighted 1999-2004 by the Gentoo Foundation
#
#This adapted version was intended for and ad-hoc personal
#situation and as such no warranty is provided.

IPTABLES_SAVE=”/etc/default/iptables-rules”
SAVE_RESTORE_OPTIONS=”-c”
SAVE_ON_STOP=”yes”

checkrules() {
if [ ! -f ${IPTABLES_SAVE} ]
then
echo “Not starting iptables. First create some rules then run”
echo “\”/etc/init.d/iptables save\”"
return 1
fi
}

save() {
echo “Saving iptables state”
/sbin/iptables-save ${SAVE_RESTORE_OPTIONS} > ${IPTABLES_SAVE}
}

start(){
checkrules || return 1
echo “Loading iptables state and starting firewall”
echo -n “Restoring iptables ruleset”
start-stop-daemon –start –quiet –exec /sbin/iptables-restore — ${SAVE_RESTORE_OPTIONS} < ${IPTABLES_SAVE}
}

case “$1″ in
save)
save
echo “.”
;;

start)
start
echo “.”
;;
stop)
if [ “${SAVE_ON_STOP}” = “yes” ]; then
save || exit 1
fi
echo -n “Stopping firewall”
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a

if [ $a == nat ]; then
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
elif [ $a == mangle ]; then
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
elif [ $a == filter ]; then
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
fi
done
start-stop-daemon –stop –quiet –pidfile /var/run/iptables.pid –exec /sbin/iptables
echo “.”
;;

restart)
echo -n “Flushing firewall”
for a in `cat /proc/net/ip_tables_names`; do
/sbin/iptables -F -t $a
/sbin/iptables -X -t $a
done;
start
echo “.”
;;
*)
echo “Usage: /etc/init.d/iptables {start|stop|restart|save}” >&2
exit 1
;;
esac

exit 0

Moga Bermanfaat :)
Posted By : at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)