Wasu suna ganin ni mara mutunci ne idan ya shafi tsaro, shi ya sa amfani da bango yana da mahimmanci a wurina. A kwamfutar tafi-da-gidanka na da bayanai masu mahimmanci, masu matukar mahimmanci a gare ni; kuma saboda Firewall na PC ne kamar makulli ko lafiya a gare mu, tare da tuna cewa a kan kwamfutar muna adana kalmomin shiga na imel, bayanan asusun banki (duk wanda ke da su), bayanan sabar, da sauran bayanan kamala waɗanda kai tsaye suke shafar rayuwarmu ta zahiri ... da kyau, ba tare da wata shakka ba cikin hanyar sadarwa ba tare da Tacewar zaɓi da aka saita, ba tare da ingantaccen tsaro akan kwamfutarmu ba abu ne wanda ake bada shawara ba.
Wani lokaci da suka gabata na nuna muku yadda ake fara dokokin iptables ta atomatik akan distros kamar Debian, Ubuntu ko wasu masu dauke da fileet /etc/rc.local, duk da haka a cikin ArchLinux kamar yadda tsarin yake amfani da wannan fayil ɗin babu shi.
Don haka, hanyar da na samo don kayan kwalliyar tawa don daidaitawa kamar yadda nake fata ita ce ƙirƙirar rubutun bash wanda ke daidaita abubuwa masu amfani, sannan kuma gyara /usr/lib/systemd/system/iptables.service file ... amma, bari mu shiga sassan 🙂
1. Dole ne mu ƙirƙirar rubutun bash dauke da dokokinmu masu kyau, wani abu kamar haka: Misalin rubutun Bash + iptables
2. Bayan ƙirƙirar rubutun, rubuta dokokinmu a ciki da ba shi izinin aiwatarwa, za mu ci gaba da shirya sabis ɗin iptables na sabis:
sudo nano /usr/lib/systemd/system/iptables.service
Zamu ci karo da wani abu kamar haka:
[Unit] Bayani = Tsarin Tsabtace Faket [Sabis] Nau'in = wadanda akeyinsu ExecStart = / usr / bin / iptables-restore /etc/iptables/iptables.rules ExecReload = / usr / bin / iptables-restore /etc/iptables/iptables.rules ExecStop = / usr / lib / systemd / scripts / iptables-danza RemainAfterExit = eh [Shigar] WantedBy = multi-user.target
3. Da yake cewa rubutun da muka ƙirƙira a baya yana cikin /home/myuser/script-iptables.sh sannan zamu bar fayil ɗin iptables.service ɗin da muke buɗe kamar haka:
[Unit] Bayani = Tsarin Tsabtace Faket [Sabis] Nau'in = wadanda aka kashe ExecStart = / gida / myuser / script-iptables.sh ExecReload = / home / myuser / script-iptables.sh ExecStop = / usr / lib / systemd / scripts / iptables -flush RemainAfterExit = eh [Shigar] WantedBy = multi-user.target
4. Sannan muna buƙatar tabbatar da cewa abubuwan buɗe ido suna farawa kai tsaye:
sudo systemctl enable iptables
5. Mun fara shi:
sudo systemctl start iptables
6. Kuma zamu iya bincika dokoki:
sudo iptables -nL
Wannan ita ce hanya mafi sauki da na samo ga (1) na sami rubutun kaina wanda yake tsara min abubuwa masu mahimmanci, kuma (2) cewa dokokin suna farawa kai tsaye kuma a ƙarshe (3) cewa rubutun da kansa wani abu ne mai zaman kansa, ma'ana, cewa idan gobe ina son amfani da shi a cikin Debian din da na girka (misali) Ba lallai bane in sake fasalin abubuwa da yawa.
Koyaya, Ina fata kun same shi da amfani 🙂
gaisuwa
Abin sha'awa….
Ba zai zama da sauƙi a gyara fayil ɗin iptables.rules ba, idan kun riga kuna da damar samun dama tare da sudo yana da daraja a gyara shi, dama?
Ina yin hakan ta wata hanya daban, kodayake kuma ina amfani da rubutun da kuka loda don ƙaddamar da dokoki.
1- Mun ƙaddamar da sabis ɗin (idan ba mu yi ba tukuna):
# systemctl enable iptables.service# systemctl start iptables.service
2- Munga wadanne irin ka'idoji muke dasu (muna zaton cewa komai a bude yake idan bamu tabo komai ba)
sudo iptables -nvL3- Mun canza zuwa dokokin da muke so, ƙaddamar da rubutun sanyi:
# sh /home/miusuario/script-iptables.sh4- Bari mu ga yadda dokoki masu aiki suka canza:
# iptables -nvL5- Muna adana sabon kayan kwalliyar kwalliya don sake dawowa nan gaba:
# iptables-save > /etc/iptables/iptables.rules5b- Idan muka gyara fayil /etc/iptables/iptables.rules da hannu don canza dokoki, dole ne mu sake shigar da sanyi:
# systemctl reload iptablesAƙalla a gare ni ya fi sauƙi ta wannan hanyar. Ina ƙoƙarin koyon wasu abubuwa masu ƙima da kdialog don gudanar da saitunan ta hanyar da ta fi ta zane. Daga baya zanyi kokarin yin wani abu mai cikakke tare da qtcreator misali, don samun damar samun samfuran sanyi da yawa dangane da kayan aikin da muke daidaitawa (router, PC, da sauransu ...) don ganin ko ya fito.
Abubuwan dubawa da nake tunani abu ne kamar haka.
Arch
http://i1178.photobucket.com/albums/x380/beatfenix/kortafuegos_arch_zpscec2122d.jpeg
Debian
http://i1178.photobucket.com/albums/x380/beatfenix/kortafuegos_deb_zps75ada7c4.jpeg
Wannan captcha ɗin don maganganun yana damun bug, don Allah canza zuwa wani ko sabunta wannan saboda yana jin haushi bayan ƙoƙari da yawa.
Daidai ne yayi da humanOS yayi amfani da shi, Firefoxmanía .. wataƙila wani abu ne tare da ma'ajiyar ajiya.
Da kyau, ban ma yi sharhi a kan waɗannan biyun ba kuma.
Na gode,
Wannan maudu'i ne mai matukar amfani.
Babu shakka ga waɗanda suke da sha'awar tsaro na bayanan da aka adana akan PC ɗinmu; "Abubuwan al'ajabi" na ɗaya daga cikin kayan aikin da dole ne a koya amfani da su; kodayake, ta muhimmancin kansa yana da ɗan rikitarwa koya.
Na samo wannan bidiyon ne a kan batun wanda nake fatan za ku ba ni damar raba adireshin imel ɗin ku "http://www.youtube.com/watch?v=Z6a-K_8FT_Y"; Abin mamaki shine, cewa wani abu ne daban da abin da yake game da anan. Amma duk da haka, ina tsammanin zai kasance ne saboda yawan rarrabawar da GNU / Linux ke da shi (ARCH, DEBIAN, SUSE, da sauransu), dole ne mu koya ta wata hanya.