{ Berbagi, Menulis, Dan Mengajar } Ilmu… » 7. Operating System » source Bineri code firewall_stars.c
source Bineri code firewall_stars.c
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(){
printf(“#——————————————————————–# \n”);
printf(“# Skenario: – Eth1 ( Card di Jaringan LAN) # \n”);
printf(“# – ppp0 ( Interface Dial Up(Internet)) # \n”);
printf(“# Firewall Script ini,akan Melakukan Rule NAT Terhadap Jaringan, # \n”);
printf(“# Kemudian PC yang ada Dijaringan Dipaksa-kan untuk Melewati Mesin # \n”);
printf(“# Proxy Jika Mereka Akan Mengakses Port 80,8080,3128 # \n”);
printf(“# Info : dms@ikc.co.id # \n”);
printf(“#——————————————————————–# \n”);
system(“\n”);
system(“echo -e ‘SETTING UP IPTABLES PROXY…'”);
system(“echo INTIF=’eth0′”);
system(“echo EXTIF=’ppp0′”);
system(“echo IPTABLES=/sbin/iptables “);
system(“echo LAN=’192.168.0.0/24′ “);
system(“echo SERVER=’192.168.0.90′”);
system(“echo EXTIP=’36.74.73.157′”);
system(“echo nameserver1=’202.134.0.155′”);
system(“echo nameserver2=’202.134.1.10′”);
system(“echo ‘Loading required stateful/NAT kernel modules…'”);
system(“/sbin/depmod -a”);
system(“/sbin/modprobe ip_tables”);
system(“/sbin/modprobe ip_conntrack”);
system(“/sbin/modprobe ip_conntrack_ftp”);
system(“/sbin/modprobe ip_conntrack_irc”);
system(“/sbin/modprobe iptable_nat”);
system(“/sbin/modprobe ip_nat_ftp”);
system(“/sbin/modprobe ip_nat_irc”);
system(” echo ‘1’ > /proc/sys/net/ipv4/tcp_syncookies”);
system(” echo ‘0’ > /proc/sys/net/ipv4/conf/all/accept_source_route”);
system(” echo ‘0’ > /proc/sys/net/ipv4/tcp_timestamps”);
system(” echo ‘0’ > /proc/sys/net/ipv4/conf/all/accept_redirects”);
system(” echo ‘32768 61000′ > /proc/sys/net/ipv4/ip_local_port_range”);
system(” echo ’30’ > /proc/sys/net/ipv4/tcp_fin_timeout”);
system(” echo ‘2400’ > /proc/sys/net/ipv4/tcp_keepalive_time”);
system(” echo ‘0’ > /proc/sys/net/ipv4/tcp_window_scaling”);
system(” echo ‘0’ > /proc/sys/net/ipv4/tcp_sack”);
system(” echo ‘ Enabling IP forwarding…'”);
system(” echo ‘1’ > /proc/sys/net/ipv4/ip_forward”);
system(” echo ‘1’ > /proc/sys/net/ipv4/ip_dynaddr”);
system(” echo ‘ External interface: ppp0′”);
system(” echo ‘ External interface IP address is: 36.74.73.157′”);
system(” echo ‘ Loading proxy server rules…'”);
system(“/sbin/iptables –flush “);
system(“/sbin/iptables –table nat –flush “);
system(“/sbin/iptables –delete-chain “);
system(“/sbin/iptables –table nat –delete-chain “);
system(“/sbin/iptables -N MACtest “);
system(“/sbin/iptables -F “);
system(“/sbin/iptables -X “);
system(“/sbin/iptables -t nat -F “);
system(“/sbin/iptables -t nat -X “);
system(“/sbin/iptables -t mangle -F “);
system(“/sbin/iptables -t mangle -X “);
system(“/sbin/iptables -P INPUT ACCEPT “);
system(“/sbin/iptables -F INPUT “);
system(“/sbin/iptables -P OUTPUT ACCEPT “);
system(“/sbin/iptables -F OUTPUT “);
system(“/sbin/iptables -P FORWARD DROP “);
system(“/sbin/iptables -F FORWARD “);
system(“/sbin/iptables -A INPUT -i ppp0 -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE “);
system(“/sbin/iptables -t nat -A PREROUTING -p tcp -d 36.74.73.157 –dport 88 -j DNAT –to 192.168.0.1:80 “);
system(“/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p tcp –destination-port 80 -j ACCEPT “);
system(“/sbin/iptables -t nat -A PREROUTING -p tcp -d 36.74.73.157 –dport 25 -j DNAT –to 192.168.0.200:25 “);
system(“/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p tcp –destination-port 25 -j ACCEPT “);
system(“/sbin/iptables -t nat -A PREROUTING -p tcp -d 36.74.73.157 –dport 110 -j DNAT –to 192.168.0.200:110 “);
system(“/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p tcp –destination-port 110 -j ACCEPT “);
system(“/sbin/iptables -t nat -A PREROUTING -p tcp -d 36.74.73.157 –dport 143 -j DNAT –to 192.168.0.200:143 “);
system(“/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p tcp –destination-port 143 -j ACCEPT “);
system(“/sbin/iptables -A OUTPUT -m state –state NEW,RELATED,ESTABLISHED “);
system(“/sbin/iptables -t nat -A PREROUTING -p tcp -d 36.74.73.157 –dport 8025 -j DNAT –to 192.168.0.200:80 “);
system(“/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p tcp –destination-port 80 -j ACCEPT “);
system(“/sbin/iptables -A OUTPUT -m state –state NEW,RELATED,ESTABLISHED “);
/* #transparent Proxy TCP*/
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 8080 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 3128 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 8080 -j REDIRECT –to-port 8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 3128 -j REDIRECT –to-port 8080 “);
/* #transparent Proxy UDP*/
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 53 -j DNAT –to 202.134.0.155:53 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 53 -j DNAT –to 202.134.0.155:53 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 53 -j DNAT –to 202.134.1.10:53 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 53 -j DNAT –to 202.134.1.10:53 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 80 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 8080 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 3128 -j DNAT –to 192.168.0.90:8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 80 -j REDIRECT –to-port 8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 8080 -j REDIRECT –to-port 8080 “);
system(“/sbin/iptables -t nat -A PREROUTING -i eth0 -p udp –dport 3128 -j REDIRECT –to-port 8080 “);
/*
#————–INPUT ROLES—————-#
#$IPTABLES -I INPUT -p tcp -i eth0 –dport 00000:65000 -j DROP
#$IPTABLES -I INPUT -p udp -i eth0 –dport 00000:65000 -j DROP
*/
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 22 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 22 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 25 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 25 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 53 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 53 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 80 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 80 -j ACCEPT “);
/* #$IPTABLES -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 81 -j ACCEPT
#$IPTABLES -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 81 -j ACCEPT
#$IPTABLES -t INPUT -p tcp -m state –state NEW –dport 81 -i eth0 -j ACCEPT
*/
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 143 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 143 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 445 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 445 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 3306 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 3306 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 8080 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 8080 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 10000 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 10000 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p tcp -i eth0 -s 0/0 -d 0/0 –dport 88 -j ACCEPT “);
system(“/sbin/iptables -I INPUT -p udp -i eth0 -s 0/0 -d 0/0 –dport 88 -j ACCEPT “);
/*
#————–FORWARD ROLES—————#
# FWD: Allow all connections OUT and only existing and related ones IN
*/
system(“/sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT “);
/*
#$IPTABLES -A FORWARD -p tcp –dport 00000:65000 -j DROP
#$IPTABLES -A FORWARD -p udp –dport 00000:65000 -j DROP
*/
system(“/sbin/iptables -A FORWARD -p tcp -m multiport –dport 21,22,25,80,81,53,110,143,5050,443,10000 -i eth0 -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -p udp -m multiport –dport 21,22,25,80,81,53,110,143,5050,443,10000 -i eth0 -j ACCEPT “);
system(“/sbin/iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT “);
/* #————–DROPING PORT————-# */
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 139 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 139 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 113 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 113 -j DROP “);
/*
#$IPTABLES -I INPUT -p tcp -s 0/0 -d 0/0 –dport 81 -j ACCEPT
#$IPTABLES -I INPUT -p udp -s 0/0 -d 0/0 –dport 81 -j ACCEPT
*/
/*
#$IPTABLES -I INPUT -p tcp -s 0/0 -d 0/0 –dport 25 -j DROP
#$IPTABLES -I INPUT -p udp -s 0/0 -d 0/0 –dport 25 -j DROP
*/
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 2049 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 2049 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 111 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 111 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 826 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 826 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -s 0/0 -d 0/0 –dport 1723 -j DROP “);
system(“/sbin/iptables -I INPUT -p udp -s 0/0 -d 0/0 –dport 1723 -j DROP “);
system(“/sbin/iptables -A OUTPUT -o ppp0 -d 66.163.181.180 -j DROP “);
/*
#$IPTABLES -I FORWARD -p tcp -s 0/0 -d 0/0 –dport 25 -j DROP
#$IPTABLES -I FORWARD -p udp -s 0/0 -d 0/0 –dport 25 -j DROP
*/
system(“/sbin/iptables -I FORWARD -p tcp -s 0/0 -d 0/0 -m multiport –dport 3135,3514,3587,4033,4661,5427,6581,9104,6881:6999 -j DROP “);
system(“/sbin/iptables -I FORWARD -p udp -s 0/0 -d 0/0 -m multiport –dport 3135,3514,3587,4033,4661,5427,6581,9104,6881:6999 -j DROP “);
/*
#$IPTABLES -I INPUT -p udp -i ppp0 –dport 22 -j DROP
#$IPTABLES -I INPUT -p tcp -i ppp0 –dport 22 -j DROP
*/
system(“/sbin/iptables -I INPUT -p udp -i ppp0 –dport 21 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 21 -j DROP “);
/*
#$IPTABLES -I INPUT -p tcp -i ppp0 –dport 25 -j DROP
*/
system(“/sbin/iptables -I INPUT -p udp -i ppp0 –dport 53 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 53 -j DROP “);
/*
#$IPTABLES -I INPUT -p udp -i ppp0 –dport 80 -j DROP
#$IPTABLES -I INPUT -p tcp -i ppp0 –dport 80 -j DROP
*/
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 106 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 110 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 111 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 113 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 139 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 143 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 443 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 445 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 826 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 901 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 993 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 995 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 3306 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 10000 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 1723 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 2049 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 –dport 54045 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i ppp0 -s 125.161.170.142/32 -d 0/0 –dport 80 -j DROP “);
system(“/sbin/iptables -I INPUT -p tcp -i eth2 -s 125.161.170.142/32 -d 0/0 –dport 80 -j DROP “);
system(“/sbin/iptables -I INPUT -s 24.10.129.59/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 67.175.251.207/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 89.142.169.18/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 24.176.80.10/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 70.55.20.174/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 75.72.78.238/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 71.234.160.25/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 75.216.230.107/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 98.30.94.174/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 195.50.191.14/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 68.198.229.137/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 66.74.232.167/32 -j DROP “);
system(“/sbin/iptables -I INPUT -s 89.114.232.0/21 -j DROP “);
system(“/sbin/iptables -I INPUT -s 174.127.73.230 -j DROP “);
/*
#/root/script/ip.drop
#/script/mac.drop
*/
/* #!/bin/bash */
system(” killall -9 gammu-smsd “);
system(” /usr/local/bin/gammu-smsd –config /etc/gammu-star –daemon “);
/* #/usr/local/bin/gammu-smsd –config /etc/gammu-star2 –daemon*/
return 0 ;
}
Filed under: 7. Operating System