-=[+SHC+]=-: CentOs + Iptables + Cloudflare for server security addon

Jom aku nk share salah 1 langkah untuk menambah security server korang..Gabungkan 3 komponen iaitu :

CentOs : Os server korg
Cloudflare : Dns firewall and acc ( wajib )
Iptables : Server setting ( wajib )

Penggunaan :

Setting DNS :
Daftar dulu kat cloudflare, Sini == > www.cloudflare.com . Setting seperti langkah cloudflare ( pastikan korg tukar nameserver k )..sehingga selesai..

Settting server :

Login ke SSH korg ( guna putty atau ape2 la )

1 - Pastikan korg install iptables k..
2 - Pastu..Deny all IP - Allow IP range..Ni script nye..

iptables -A INPUT -p tcp --destination-port 80 -j DROP

iptables -A OUTPUT -p tcp --destination-port 80 -j DROP



iptables -A INPUT -s 0.0.0.0 -j ACCEPT

iptables -A INPUT -s 127.0.0.1 -j ACCEPT



iptables -A OUTPUT -s 0.0.0.0 -j ACCEPT

iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT



iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT



iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT

iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT

iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT

iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT



copy n paste by line ok

pastu save dgn command ni == > service iptables save



PERHATIAN !! : Jika ada perubahan Ip, Pastikan korg ubah ip tu jugak



untuk start/stop/restart/save..guna command nie :

Save     == > service iptables save

Restart == >  service iptables restart

Start     == >  service iptables start

Stop     == >  service iptables stop



Script

  ni aku edit ikot logik aku, kalo sape yg masta, tulun tegur  

ea...kalau  korg guna banyak server, pastikan korg allow IP server korg 

 k..Dengan  cara ni, korg bole accelerate site korg ckit la dan menambah

  tahap  keselamatan..Kalo nk lagi filter, bole guna Dnp Firewall 

Gateway.  Kat  sini == >  Sini-Sini !

Credit To : Edan

-=[+SHC+]=-

Thursday, August 18, 2011

CentOs + Iptables + Cloudflare for server security addon

0 comments:

Post a Comment

Email subscribe

About Me

Partners

Popular Posts