Jom aku nk share salah 1 langkah untuk menambah security server korang..Gabungkan 3 komponen iaitu :
CentOs : Os server korg
Cloudflare : Dns firewall and acc ( wajib )
Iptables : Server setting ( wajib )
Penggunaan :
Setting DNS :
Daftar dulu kat cloudflare, Sini == > www.cloudflare.com . Setting seperti langkah cloudflare ( pastikan korg tukar nameserver k )..sehingga selesai..
Settting server :
Login ke SSH korg ( guna putty atau ape2 la )
1 - Pastikan korg install iptables k..
2 - Pastu..Deny all IP - Allow IP range..Ni script nye..
iptables -A INPUT -p tcp --destination-port 80 -j DROP
iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
iptables -A INPUT -s 0.0.0.0 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 0.0.0.0 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT
copy n paste by line ok
pastu save dgn command ni == > service iptables save
PERHATIAN !! : Jika ada perubahan Ip, Pastikan korg ubah ip tu jugak
untuk start/stop/restart/save..guna command nie :
Save == > service iptables save
Restart == > service iptables restart
Start == > service iptables start
Stop == > service iptables stop
CentOs : Os server korg
Cloudflare : Dns firewall and acc ( wajib )
Iptables : Server setting ( wajib )
Penggunaan :
Setting DNS :
Daftar dulu kat cloudflare, Sini == > www.cloudflare.com . Setting seperti langkah cloudflare ( pastikan korg tukar nameserver k )..sehingga selesai..
Settting server :
Login ke SSH korg ( guna putty atau ape2 la )
1 - Pastikan korg install iptables k..
2 - Pastu..Deny all IP - Allow IP range..Ni script nye..
iptables -A INPUT -p tcp --destination-port 80 -j DROP
iptables -A OUTPUT -p tcp --destination-port 80 -j DROP
iptables -A INPUT -s 0.0.0.0 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s 0.0.0.0 -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 199.27.128.0-199.27.135.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.240.0-204.93.240.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 204.93.177.0-204.93.177.255 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 80 -m iprange --src-range 173.245.48.0-173.245.63.255 -j ACCEPT
copy n paste by line ok
pastu save dgn command ni == > service iptables save
PERHATIAN !! : Jika ada perubahan Ip, Pastikan korg ubah ip tu jugak
untuk start/stop/restart/save..guna command nie :
Save == > service iptables save
Restart == > service iptables restart
Start == > service iptables start
Stop == > service iptables stop
No comments:
Post a Comment