Feed on Posts or Comments 09 July 2008

Category ArchiveFirewall



Distro & Firewall IWaN RySTiONo on 06 Sep 2007

pfSense Firewall

About
pfSense is a open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD’s ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features.

As with the software itself, this website is still a work in progress, but we’re actively working on improving and completing it.

Minimum hardware requirements

  1. All platforms: 128 megabytes of RAM.
  2. Embedded: 128 megabyte compact flash card.
  3. Full installation: 2Gb hard drive or larger.
  4. LiveCD: USB Keychain for configuration storage.

Download
You can get pfSense for free at here.

Tutorial?
There are many tutorial for this stuff at oficial website. Or you can find a few at my blog. This is the tutorial that can i give for this moment. All in Indonesian language.

  1. Instalasi pfSense
  2. pfSense Traffic Shapper
  3. pfSense PPPoE server & client (coming soon…)

Comments (1)

Firewall IWaN RySTiONo on 29 Jun 2007

[Iptables] Blocking Port untuk Worm-worm

Temen-temen yang sebel kenapa internetnya lambat dan selalu ada traffic padahal komputer gak ada yang make, bisa coba deh block beberapa port yang dipake oleh Worm ini.

#!/bin/bash
IPT=`which iptables`
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 1 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 1 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 5 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 5 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 11 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 11 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 13 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 13 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 17 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 17 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 18 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 18 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 19 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 19 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 69 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 69 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 135 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 135 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 445 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 445 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 12345 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 12345 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 27374 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 27374 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 31337:31338 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 31337:31338 -j DROP
$IPT -I INPUT -p tcp -s 0/0 -d 0/0 –dport 65000 -j DROP
$IPT -I INPUT -p udp -s 0/0 -d 0/0 –dport 65000 -j DROP

Ini adalah skrip sederhana, sudah jadi dan dapat langsung dieksekusi.

Ok, selamat mencoba…. :-)

Comments (0)