Barkan ku dai baki daya, a nan na kawo muku karami mai sauki, don kirkirar * bango * ta hanyar amfani da wani sauki shirin mai suna ** Firehol **.
Dalilin haka kuwa shine samar wa kwamfutocinmu wani dan karamin tsaro a hanyoyin mu na Intanet, wanda ba zai cutar da su ba.
Menene Firehol?
Amma da farko menene Firehol:
> Firehol, karamin aikace-aikace ne wanda yake taimaka mana wajen sarrafa bangon bango wanda aka haɗa cikin kwaya da kayan aikinta. Firehol ba shi da zane-zane, duk daidaitawa dole ne a yi shi ta hanyar fayilolin rubutu, amma duk da wannan, daidaitawar har yanzu mai sauƙi ne ga masu amfani da ƙwarewa, ko kuma iko ga waɗanda ke neman zaɓuɓɓukan ci gaba. Duk abin da Firehol keyi shine sauƙaƙe ƙirƙirar ƙa'idodin ƙaura kamar yadda zai yiwu kuma yana ba da kyakkyawan katangar wuta ga tsarinmu.
Tare da waccan gabatarwar ga abin da Firehol yake kuma yake yi, bari mu shiga yadda ake girka shi akan tsarinmu. Bari mu buɗe m kuma rubuta:
Sanya Firehol akan Debian da abubuwan da suka samo asali
Mun buɗe m kuma sanya:
`` sudo dace-samun shigar wuta '
Yadda ake saita Firehol
Da zarar an shigar da wuta, zamu ci gaba da buɗe fayil ɗin sanyi na wuta, wanda yake a * / etc / firehol / firehol.conf *, saboda wannan zamu iya amfani da editan rubutu da kuka zaɓa (gedit, medit, leafpad)
`` sudo nano / etc / firehol / firehol.conf`
Da zarar & can, zamu iya ci gaba don sanya waɗannan abubuwan masu zuwa:
# $ Id: abokin ciniki-all.conf, v 1.2 2002/12/31 15:44:34 ktsaou Exp $ # # Wannan fayil ɗin daidaitawa zai ba da damar duk buƙatun da suka samo asali daga mashin din # gida don aikawa ta duk hanyoyin sadarwa. # # Ba a ba da izinin buƙatu su zo daga cibiyar sadarwar ba. Mai gida za'a sata gaba daya! Ba zai amsa komai ba, kuma ba zai zama mai pinging ba, kodayake zai iya samo asalin komai # (har ma da pings ga sauran masu masaukin). # sigar 5 # Tana karɓar duk wata zirga-zirga mai shigowa daga wata hanyar da ke amfani da ita a duk duniya # Manufar Samun Dama, DROP, wato, ƙin yarda da duk manufofin fakiti masu shigowa # Duk manufofin kariya masu aiki, na taimaka wajan kauce wa hare-hare kamar Ruwan Ruwa na SYN, Arp Poison, da sauransu kariya duk manufofin # Server, Sabis-sabis da zasuyi aiki (Yanar gizo, Wasiku, MSN, Irc, Jabber, P2P) # Sai kawai ga sabobin, idan kana son gyara ko kirkirar sabbin ayyuka, tashoshin jiragen ruwa da ladabi # karanta littafin wuta. #server "http https" karba #server "imap imaps" karba #server "pop3 pop3s" karba #server "smtp smtps" karban #server irc ya karbi #server jabber ya karbi #server msn ya karba #server p2p ya karbi # manufofin Abokin ciniki, duk masu fita zirga-zirga an karɓa abokin ciniki duk karɓa
Wannan lambar mai sauki ta fi isa ga kariya ta asali ta kwamfutocinmu, & don haka sai mu adana ta kuma mu fita daga editan rubutu.
Yanzu dole ne mu sanya wuta ta fara ta atomatik a cikin kowane taya, kuma saboda wannan muna & je fayil ɗin * / sauransu / tsoho / firehol *, inda za mu canza layi tare da lambar mai zuwa:
`` START_FIREHOL = eh '
Muna adana canje-canje ga fayil ɗin, kuma yanzu muna aiwatarwa:
`` fara sudo / sbin / wuta
Shirya !!! Da wannan kayan wuta an riga an fara aiki kuma sun kirkiri dokokin firewall da ake buƙata, kuma ganin cewa hakan haka ne, kawai gudu:
`` sudo iptables -L '
Don rashin hankali, zaku iya zuwa shafin ShieldUP! kuma gwada sabon katangar ta, tabbas zasu ci gwajin.
Ina fatan zai taimaka.
Kyakkyawan koyawa, mai sauƙi da tasiri, tambaya ɗaya, inda zan iya ganin wanda yayi ƙoƙari don samun dama ko yin buƙata zuwa kwamfutata, an sanya wutar wuta
https://blog.desdelinux.net/firehol-iptables-for-human-beings-arch/
Don Arch 🙂
Yi haƙuri, amma wannan ya fi kuskuren gyara kayan magana.
Na fahimci kyakkyawar niyya amma shara ce.
Gaisuwa daga mara hankali.
Baya ga ku kasancewa mai haɓaka kayan aiki, wanda zan yaba. Smallaramar yanayin zane ba za ta munana ba. Kodayake yana da laushi kamar yadda ake yi a cikin wasan.
Na gode, yi haƙuri da kuma gaisuwa mafi kyau.
BA MU SON Zagi, BANZA KO MADARA A CIKIN WANNAN RUWAYAR !!!!
BA KARI !!!
Shin ba suna tace maganganun bane?
@sinnerman a kwantar da hankula, bisa manufa @ zetaka01 sharhin bai bata min rai ba, kuma bana tsammanin hakan ya batawa asalin marubucin labarin rai. Kuna da 'yancin bayyana ra'ayinku, koda kuwa baku da ra'ayin sa. Idan da gaske yana da damuwa ta kowace hanya, sharhinku zai tafi zuwa / dev / null. 😉
Ban sami bayanin sharrin madara ba. A cikin RedHat na ga cewa waɗannan hanyoyin suna wanzu. Ba shi da wahalar koyan abubuwa, karanta wannan shafin kaɗan zaka sami rubutun.
Mafi sharri ne daga gyaran abubuwan kwalliya? To idan wannan shine abin da kuke tunani, ina girmama shi. Amma ina tsammanin babu shakka mafi kyau shine a rubuta:
saba "http https" karba
kuma suna da tashoshi 80 da 443 a bude don iya amfani da apache ko wani sabar yanar gizo, dole ne ka rubuta:
iptables -A INPUT -i eth0 -p tcp -dport 80 -m state –state NEW, Kafa -j KYAUTA
iptables -A INPUT -i eth0 -p tcp -dport 443 -m state –state NEW, Kafa -j KYAUTA
Kuma koda kuwa an canza tashoshin jiragen ruwa, yana da sauƙin aiwatarwa a cikin Firehol don yin waɗannan canje-canje.
Ah amma tare da kayan kwalliya kuna da sassauci da yawa. Idan abin da kuke so wani abu ne na hoto don abokin ciniki, zaku iya amfani da wani abu kamar mai ba da labari.
@Hugo tare da wuta ba zaka rasa ko wane irin zaɓi ba, tunda a wannan lokacin yana bayar da cikakken tallafi ga duk zaɓukan iptables, gami da IPv6.
Game da sassauci, Firehol ya cika cikakke a wannan yanki, yana barin NAT, DNAT, ma'anar bayyananniyar ƙa'idodi ga kowane mahaɗa a cikin tsarin, takamaiman aikin tashoshin jiragen ruwa ta adiresoshin IP da MAC, yana ba ku damar yin QOS, kafa DMZ, ɓoye ɓoye, bayyananne rarraba zirga-zirga, har ma da sarrafa yawan zirga-zirgar hanyoyin haɗin da kuke da su.
A takaice; Firehol yana da ƙarfi, kuma tabbas bashi da ma'amala, amma an fi maida hankali ne akan ɓangaren uwar garke inda Xs basu da mahimmanci ko masu amfani da ci gaba waɗanda basa son ɗaukar bango na hoto.
Ga waɗanda suke amfani da Debian Jessie, ƙaunataccen / ƙiyayya mai tsari yana farawa ta hanyar fara rubutun wuta yadda yakamata (wani lokacin yakan ɗauki sakan 30 kawai yana farawa da bango), don haka ina ba da shawarar a kashe maemon tare da systemctl disable firehol, sannan a shigar da kayan kwalliyar- fakiti mai ɗorewa, da adana bayanan bangon ta amfani da wannan hanyar.
Kyakkyawan matsayi ... Elav, jagorar tana aiki ne don abubuwan Ubuntu? Sako daga FIREWALL (PF) don tsarin FreeBSD wanda yake rubutu shima zaiyi kyau.
Firehol yana aiki akan Debian kuma an sami cikakkun abubuwa.