http://noctkj.net/index.php?action=history&feed=atom&title=Debian_%3A_Firewall_%28IPTables_Attribut_Lengkap%29
Debian : Firewall (IPTables Attribut Lengkap) - Revision history
2026-05-18T15:13:16Z
Revision history for this page on the wiki
MediaWiki 1.41.1
http://noctkj.net/index.php?title=Debian_:_Firewall_(IPTables_Attribut_Lengkap)&diff=975&oldid=prev
Novy: Protected "Debian : Firewall (IPTables Attribut Lengkap)" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)) [cascading]
2025-10-31T13:36:20Z
<p>Protected "<a href="/index.php/Debian_:_Firewall_(IPTables_Attribut_Lengkap)" title="Debian : Firewall (IPTables Attribut Lengkap)">Debian : Firewall (IPTables Attribut Lengkap)</a>" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)) [cascading]</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 20:36, 31 October 2025</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Novy
http://noctkj.net/index.php?title=Debian_:_Firewall_(IPTables_Attribut_Lengkap)&diff=974&oldid=prev
Novy: Created page with "== Tabel Atribut / Parameter IPTables == === Atribut Dasar IPTables === {| class="wikitable" !Atribut / Opsi !Contoh !Keterangan |- |<code>-A</code> |<code>-A INPUT</code> |Menambahkan rule di akhir chain |- |<code>-I</code> |<code>-I INPUT 1</code> |Menyisipkan rule di baris tertentu |- |<code>-D</code> |<code>-D INPUT 3</code> |Menghapus rule tertentu |- |<code>-R</code> |<code>-R INPUT 2</code> |Mengganti rule di baris tertentu |- |<code>-L</code> |<code>-L -n -v</co..."
2025-10-31T13:36:12Z
<p>Created page with "== Tabel Atribut / Parameter IPTables == === Atribut Dasar IPTables === {| class="wikitable" !Atribut / Opsi !Contoh !Keterangan |- |<code>-A</code> |<code>-A INPUT</code> |Menambahkan rule di akhir chain |- |<code>-I</code> |<code>-I INPUT 1</code> |Menyisipkan rule di baris tertentu |- |<code>-D</code> |<code>-D INPUT 3</code> |Menghapus rule tertentu |- |<code>-R</code> |<code>-R INPUT 2</code> |Mengganti rule di baris tertentu |- |<code>-L</code> |<code>-L -n -v</co..."</p>
<p><b>New page</b></p><div>== Tabel Atribut / Parameter IPTables ==<br />
<br />
=== Atribut Dasar IPTables ===<br />
{| class="wikitable"<br />
!Atribut / Opsi<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>-A</code><br />
|<code>-A INPUT</code><br />
|Menambahkan rule di akhir chain<br />
|-<br />
|<code>-I</code><br />
|<code>-I INPUT 1</code><br />
|Menyisipkan rule di baris tertentu<br />
|-<br />
|<code>-D</code><br />
|<code>-D INPUT 3</code><br />
|Menghapus rule tertentu<br />
|-<br />
|<code>-R</code><br />
|<code>-R INPUT 2</code><br />
|Mengganti rule di baris tertentu<br />
|-<br />
|<code>-L</code><br />
|<code>-L -n -v</code><br />
|Menampilkan rules<br />
|-<br />
|<code>-F</code><br />
|<code>-F INPUT</code><br />
|Menghapus semua rule di chain<br />
|-<br />
|<code>-X</code><br />
|<code>-X mychain</code><br />
|Menghapus custom chain<br />
|-<br />
|<code>-P</code><br />
|<code>-P INPUT DROP</code><br />
|Set default policy (DROP/ACCEPT)<br />
|-<br />
|<code>-t</code><br />
|<code>-t nat</code><br />
|Memilih tabel (filter, nat, mangle, raw)<br />
|-<br />
|<code>-n</code><br />
|<code>iptables -L -n</code><br />
|Menampilkan IP/port dalam bentuk angka (lebih cepat)<br />
|-<br />
|<code>-v</code><br />
|<code>iptables -L -v</code><br />
|Menampilkan counter & detail<br />
|}<br />
<br />
=== Atribut untuk Filter Berdasarkan IP & Interface ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>-s</code><br />
|<code>-s 192.168.1.10</code><br />
|IP sumber (source)<br />
|-<br />
|<code>-d</code><br />
|<code>-d 8.8.8.8</code><br />
|IP tujuan (destination)<br />
|-<br />
|<code>-i</code><br />
|<code>-i eth0</code><br />
|Interface '''masuk'''<br />
|-<br />
|<code>-o</code><br />
|<code>-o eth1</code><br />
|Interface '''keluar'''<br />
|-<br />
|<code>-p</code><br />
|<code>-p tcp</code><br />
|Protokol (tcp/udp/icmp/all)<br />
|-<br />
|<code>-m</code><br />
|<code>-m state</code><br />
|Menggunakan modul tambahan<br />
|}<br />
<br />
=== Atribut untuk TCP ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--dport</code><br />
|<code>--dport 22</code><br />
|Port tujuan (SSH/HTTP/etc)<br />
|-<br />
|<code>--sport</code><br />
|<code>--sport 80</code><br />
|Port sumber<br />
|-<br />
|<code>--tcp-flags</code><br />
|<code>--tcp-flags SYN,ACK SYN</code><br />
|Filter berdasarkan flag TCP<br />
|-<br />
|<code>--syn</code><br />
|<code>-p tcp --syn</code><br />
|Menerima koneksi baru (flag SYN)<br />
|}<br />
<br />
=== Atribut untuk UDP ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--dport</code><br />
|<code>--dport 53</code><br />
|Port tujuan UDP (DNS)<br />
|-<br />
|<code>--sport</code><br />
|<code>--sport 123</code><br />
|Port sumber UDP<br />
|}<br />
<br />
=== Atribut untuk ICMP (Ping) ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--icmp-type</code><br />
|<code>--icmp-type 8</code><br />
|Jenis ICMP (8 = echo request)<br />
|}<br />
Jenis ICMP umum:<br />
{| class="wikitable"<br />
!Type<br />
!Fungsi<br />
|-<br />
|0<br />
|Echo Reply<br />
|-<br />
|8<br />
|Echo Request (ping)<br />
|-<br />
|3<br />
|Destination Unreachable<br />
|-<br />
|5<br />
|Redirect<br />
|-<br />
|11<br />
|Time Exceeded<br />
|}<br />
<br />
=== Atribut untuk Connection Tracking (<code>-m state</code> / <code>-m conntrack</code>) ===<br />
Digunakan untuk firewall stateful<br />
{| class="wikitable"<br />
!State<br />
!Keterangan<br />
|-<br />
|<code>NEW</code><br />
|Koneksi baru<br />
|-<br />
|<code>ESTABLISHED</code><br />
|Koneksi aktif / sudah berjalan<br />
|-<br />
|<code>RELATED</code><br />
|Koneksi terkait (FTP passive, ICMP error)<br />
|-<br />
|<code>INVALID</code><br />
|Paket rusak / tidak valid<br />
|}<br />
Contoh:<syntaxhighlight lang="shell"><br />
-m state --state ESTABLISHED,RELATED -j ACCEPT<br />
</syntaxhighlight><br />
<br />
=== Atribut NAT Table (PREROUTING, POSTROUTING, OUTPUT) ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--to</code><br />
|<code>--to 192.168.1.10</code><br />
|DNAT ke IP tertentu<br />
|-<br />
|<code>--to-port</code><br />
|<code>--to-port 22</code><br />
|DNAT ke port tertentu<br />
|-<br />
|<code>-j MASQUERADE</code><br />
|<br />
|NAT otomatis untuk IP dinamis (typical router)<br />
|-<br />
|<code>-j SNAT</code><br />
|<code>--to-source 1.2.3.4</code><br />
|NAT manual untuk IP statis<br />
|-<br />
|<code>-j DNAT</code><br />
|<br />
|Port forwarding masuk<br />
|}<br />
Contoh Src.NAT:<syntaxhighlight lang="shell"><br />
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
</syntaxhighlight>Contoh Dst.NAT (port forwarding):<syntaxhighlight lang="shell"><br />
iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.1.50:22<br />
</syntaxhighlight><br />
<br />
=== Atribut Mangle Table (QoS, TTL, Marking) ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>-j MARK</code><br />
|<code>--set-mark 1</code><br />
|Menandai paket<br />
|-<br />
|<code>--ttl-set</code><br />
|<code>--ttl-set 64</code><br />
|Mengatur TTL<br />
|-<br />
|<code>--ttl-inc</code><br />
|<code>--ttl-inc 1</code><br />
|Menambah TTL<br />
|-<br />
|<code>--ttl-dec</code><br />
|<code>--ttl-dec 1</code><br />
|Mengurangi TTL<br />
|}<br />
Contoh:<syntaxhighlight lang="shell"><br />
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 10<br />
</syntaxhighlight><br />
<br />
=== Atribut Logging ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>-j LOG</code><br />
|<br />
|Melog paket yang cocok<br />
|-<br />
|<code>--log-prefix</code><br />
|<code>"DROP: "</code><br />
|Tambahkan teks prefix ke log<br />
|-<br />
|<code>--log-level</code><br />
|<code>4</code><br />
|Level logging (info/warning/etc)<br />
|}<br />
Contoh :<syntaxhighlight lang="shell"><br />
iptables -A INPUT -j LOG --log-prefix "IPTABLES-DROP: "<br />
</syntaxhighlight><br />
<br />
=== Atribut Rate-Limiting / Anti Brute-Force ===<br />
Modul: <code>-m limit</code><br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--limit</code><br />
|<code>--limit 5/minute</code><br />
|Membatasi jumlah paket<br />
|-<br />
|<code>--limit-burst</code><br />
|<code>--limit-burst 10</code><br />
|Paket awal yang diizinkan<br />
|}<br />
Modul: <code>-m recent</code><br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>--set</code><br />
|<br />
|Menandai IP<br />
|-<br />
|<code>--update</code><br />
|<br />
|Cek aktivitas IP<br />
|-<br />
|<code>--seconds</code><br />
|<code>--seconds 60</code><br />
|Waktu blok<br />
|-<br />
|<code>--hitcount</code><br />
|<code>--hitcount 5</code><br />
|Jumlah percobaan<br />
|}<br />
Contoh anti brute-force SSH:<syntaxhighlight lang="shell"><br />
iptables -A INPUT -p tcp --dport 22 -m recent --set<br />
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 -j DROP<br />
</syntaxhighlight><br />
<br />
=== Atribut Misc / Lainnya ===<br />
{| class="wikitable"<br />
!Atribut<br />
!Contoh<br />
!Keterangan<br />
|-<br />
|<code>-j ACCEPT</code><br />
|<br />
|Menerima paket<br />
|-<br />
|<code>-j DROP</code><br />
|<br />
|Membuang paket '''tanpa pesan'''<br />
|-<br />
|<code>-j REJECT</code><br />
|<br />
|Menolak paket '''dengan pesan ICMP'''<br />
|-<br />
|<code>-j RETURN</code><br />
|<br />
|Keluar dari chain dan kembali ke chain pemanggil<br />
|}</div>
Novy