Chekutanga pane zvese, zvese zvikwereti zvinoenda kune @YukiteruAmano, nekuti ichi chinyorwa chinoenderana ne Tutorial iwe wakatumira pane iyo forum. Musiyano ndewekuti ini ndiri kuenda kuzotarisa pane Arch, kunyange ichizoshandira mamwe ma distros akavakirwa pa systemd.
Chii chinonzi Firehol?
firehol, chishandiso chidiki chinotibatsira kubata iyo firewall yakabatanidzwa mune kernel uye chishandiso chayo iptables. Firehol haina graphical interface, zvese zvigadziriso zvinofanirwa kuitwa kuburikidza nemavara mafaira, asi kunyangwe izvi, iyo gadziriso ichiri nyore kune vashandisi veavice, kana simba kune avo vari kutsvaga kumberi sarudzo. Zvese zvinoitwa naFirehol kurerutsa kugadzirwa kwemitemo yeptables sezvinobvira uye inogonesa yakanaka firewall yeedu system.
Kuiswa uye kumisikidzwa
Firehol haisi mumahofisi eArch repamutemo, saka isu tichareva AUR.
yaourt -S firehol
Ipapo tinoenda kune iyo faira yekumisikidza.
sudo nano /etc/firehol/firehol.conf
Uye isu tinowedzera iyo mitemo ipapo, iwe yaunogona kushandisa he.
Ramba uchiita Firehol kune yega yega yekutanga. Yakanaka yakapusa ne systemd.
sudo systemctl enable firehol
Takatanga Firehol.
sudo systemctl start firehol
Pakupedzisira tinoona kuti iyo iptables mitemo yakagadzirwa uye yakatakurwa nemazvo.
sudo iptables -L
Dzinga IPv6
Sezvo firehol isingabate ip6table uye sezvo mazhinji ekubatana kwedu asina rutsigiro rwe IPv6, kurudziro yangu ndeyekudzima.
En Arch tinowedzera ipv6.disable = 1 kune iyo kernel mutsara mu / etc / default / grub faira
...
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="rw ipv6.disable=1"
GRUB_CMDLINE_LINUX=""
...
Zvino isu tinogadzirisazve iyo grub.cfg:
sudo grub-mkconfig -o /boot/grub/grub.cfg
En Debian zvakakwana ne:
sudo echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
Handinzwisise. Iwe unotevera iyo dzidziso uye iwe watove neiyo Firewall inomhanya uye yakavharira kubatana kwese? Chimwe chinhu Chidzidzo cheArch chakaoma, semuenzaniso handina kumbobvira ndashandisa Sudo kana yaourt Firewall. Zvisinei zvinonzwisiswa. Kana pamwe mumwe munhu mutsva anonyora yaourt uye anowana kukanganisa. ZveManjaro ndizvo chaizvo.
Sezvaunotaura @felipe, uchitevera dzidziso uye kuisa mu /etc/firehol/firehol.conf faira iyo mirawo yakapihwa na @cookie mupepa, unenge uine firewall yakapfava yekudzivirira iyo system padanho rekutanga. Kugadziriswa uku kunoshandira chero distro kwaunogona kuisa Firehol, iine peculiarity yedunhu rega yega inobata masevhisi ayo nenzira dzakasiyana (Debian kuburikidza sysvinit, Arch ine systemd) uye nezve kuisirwa, munhu wese anoziva izvo zvaainazvo, muArch iwe unofanirwa shandisa iyo AUR uye yaourt repos, muDebian iwo epamutemo akakwana, uye saka mune mamwe akawanda, iwe unongofanirwa kutsvaga zvishoma muzvitoro uye kugadzirisa iyo yekumisikidza kuraira.
Ini ndinofunga Yukiteru yatove kujekesa kusahadzika kwako.
Zvino, nezve Sudo neyourt, yechangu chikamu Ini handifunge Sudo sedambudziko, ingoona kuti zvinouya nekutadza kana iwe ukaisa Arch's base system; uye yaourt inosarudzika, unogona kurodha pasi tarball, unzip uye kumisikidza ne makepkg -si.
ndatenda, ndinocherekedza.
Chinhu chandakakanganwa kuwedzera kune iyo positi, asi ini handikwanise kuigadzirisa.
https://www.grc.com/x/ne.dll?bh0bkyd2
Pane iyo saiti iwe unogona kuyedza firewall yako 😉 (ndatenda zvakare kuYukiteru).
Ndakamhanyisa bvunzo idzodzo paXubuntu yangu uye zvese zvakabuda zvakakwana! Zvinofadza sei kushandisa Linux !!! 😀
Zvese izvo zvakanaka kwazvo ... asi chinhu chakakosha chiripo; Iwe unofanirwa kutsanangura magadzirirwo emitemo !!, zvazvinoreva, maumbirwo matsva ... Kana izvo zvisina kutsanangurwa, izvo iwe zvaunoisa hazvibatsiri: - /
Kugadzira mirau mitsva iri nyore, zvinyorwa zvemoto zvakajeka uye zvakanyatsojeka maererano nekugadzira tsika tsika, saka kuverenga zvishoma kuchaita kuti zvive nyore kwauri kuti uzvigadzirise uye uzvigadzirise kune zvaunoda.
Ini ndinofunga kuti chikonzero chekutanga che @cookie post senge yangu muforum, yaive yekupa vashandisi uye vaverengi chishandiso chinovatendera kuti vape makomputa avo chengetedzo zvishoma, zvese padanho rekutanga. Izvo zvakasara zvasara kuti iwe uchinjike kune zvaunoda.
Kana iwe ukaverenga iyo link kune iyo Yukiteru dzidziso, iwe unozoona kuti chinangwa ndechekushambadzira kunyorera uye kumisikidzwa kweiyo yekutanga firewall. Ndakajekesa kuti yangu positi yaingova kopi yakanangana neArch.
Uye izvi ndezve 'vanhu'? o_O
Edza Gufw paArch: https://aur.archlinux.org/packages/gufw/ >> Dzvanya paMamiriro. Kana ufw kana uchida terminal: Sudo ufw inogonesa
Iwe watove wakachengetedzwa kana uri mushandisi zvakajairika. Izvo ndezve 'zvevanhu'
Firehol chaizvo ndeye Kumberi-Kuguma kweIPTables uye kana tikazvienzanisa neyekupedzisira, ndeyevanhu 😀
Ini ndinofunga ufw (Gufw ingori chinongedzo chayo) senzira yakaipa maererano nesecurity. Chikonzero: kune mimwe mitemo yekuchengetedza yandakanyora muUFW, ini handina kukwanisa kuzvidzivirira mumiyedzo yewangu firewall zvese kuburikidza neWebhu uye neavo vandakaita ndichishandisa nmap, masevhisi akadai sai ava-daemon uye exim4 aizoonekwa akavhurika, uye chete "kubira" kurwisa kwaive kwakakwana kuziva zvidiki zvidiki zveyangu system, kernel uye masevhisi ayo akamhanya, chimwe chinhu chisina kuitika kwandiri ndichishandisa firehol kana arno's firewall.
Zvakanaka, ini handizive nezvako, asi sekunyora kwandakaita pamusoro, ini ndinoshandisa Xubuntu uye firewall yangu inoenda neGUFW uye ndakapasa YOSE miedzo yeiyo link yakaiswa nemunyori pasina matambudziko. Kubira kwese. Hapana chakavhurwa. Saka, mune yangu ruzivo ufw (uye nekudaro gufw) ivo vakanaka kwandiri. Ini handisi kushoropodza kushandisa mamwe mafirewall ekudzora modes, asi gufw inoshanda zvisina chaanopa uye inopa yakakura kuchengetedzeka mhedzisiro.
Kana iwe uine bvunzo dzaunofunga kuti dzinogona kukanda kusagadzikana mune yangu system, ndiudze zvavari uye ndichafara kumhanya navo pano uye ndikuudze iwe mhedzisiro.
Pazasi ini ndinotaura chimwe chinhu pamusoro penyaya yeufw, kwandinoti iko kukanganisa kwandakaona muna 2008, ndichishandisa Ubuntu 8.04 Hardy Heron. Chii chavakatogadzirisa? Chinhu chinonyanya kuitika ndechekuti zvakadaro, saka hapana chikonzero chekushushikana, asi kunyangwe zvakadaro, izvo hazvireve kuti chipembenene chaivepo uye ndaigona kuzvipupurira, kunyange hazvo chaisave chinhu chakaipa kufa, ndakangomisa madhimoni avahi-daemon uye ex4, uye ratogadziriswa dambudziko. Chinhu chakashamisa pane zvese ndechekuti iwo maitiro maviri chete ndiwo aive nedambudziko.
Ini ndakataura ichocho seyangu anecdote, uye ndakapa pfungwa imwecheteyo pandakati: "Ini ndinofunga ..."
Kwaziso 🙂
+1
@Yukiteru: Wakaedza kubva pakombuta yako wega? Kana iwe uri kutarisa kubva kuPC yako, zvakajairika kuti iwe unogona kuwana iyo X sevhisi chiteshi, sezvo traffic yakavharirwa ndeyeyeye network, kwete localhost:
http://www.ubuntu-es.org/node/140650#.UgJZ3cUyYZg
https://answers.launchpad.net/gui-ufw/+question/194272
Kana zvisiri, ndokumbira utaure nezve bug
Kwaziso 🙂
Kubva pane imwe komputa uchishandisa Lan network mune nmap, uye kuburikidza neWebhu uchishandisa iri peji https://www.grc.com/x/ne.dll?bh0bkyd2Uchishandisa yakasarudzika chiteshi sarudzo, vese vakabvumirana kuti avahi uye exim4 vanga vachiteerera kubva mumambure kunyangwe ufw yaive yavo yekuvharira yakagadziriswa.
Ini ndakagadzirisa iyo diki diki yevahi-daemon uye exim4 nekungoremadza masevhisi uye ndizvozvo ... Ini handina kumhan'arira bug panguva iyoyo, uye ndinofunga hazvina musoro kuzviita izvozvi, nekuti izvo zvaive kumashure muna 2008, ndichishandisa Hardy.
2008 yaive makore mashanu apfuura; kubva Hardy Heron kusvika Raring Ringtail pane gumi * buntus. Bvunzo imwe chete pane yangu Xubuntu, yakaitwa nezuro uye yakadzokororwa nhasi (Nyamavhuvhu 5) inopa yakakwana mune zvese. Uye ini ndinongoshandisa UFW chete.
Ini ndinodzokorora: Iwe une chero mimwe bvunzo yekuita? Nemufaro ndinozviita uye ndinoshuma zvinobuda kudivi iri.
Ita SYN uye IDLE scan yePC yako uchishandisa nmap, izvo zvinokupa zano rekuti system yako yakachengeteka sei.
Iye nmap murume ane anopfuura 3000 mitsara. Kana iwe ukandipa iwo mirairo yekuita nemufaro, ini ndichazviita uye ini ndichamhan'arira mhedzisiro.
Hmm, ini ndanga ndisingazive nezve mazana matatu emapeji emurume nmap. asi zenmap inobatsira kuita izvo zvandinokuudza, iko kumberi-kumagumo kweiyo nmap, asi zvakadaro sarudzo yeSYN scan ne nmap iri -sS, nepo sarudzo yekusaita scan iri -sI, Asi rairo chairo Ndichave.
Gadzira iyo scan kubva kune mumwe muchina unongedzera kune ip yemuchina wako neubuntu, usazviita kubva kune yako pc, nekuti handiyo mashandiro ayo.
LOL!! Kanganiso yangu pamapeji mazana matatu, iwo aive mitsara 😛
Ini handizive asi ini ndinofunga kuti GUI yeiyo iri muGNU / Linux yekugadzirisa firewall ingave yakangwara uye isingasiye zvese zvakafumurwa sezviri mu ubuntu kana zvese zvakafukidzwa senge mu fedora, iwe unofanirwa kuve wakanaka xD, kana chimwe chinhu kugadzirisa iyo yakashata mhondi dzimwe nzira xD hjahjahjaja Izvo zvine zvishoma zvekuti ini ndinorwa navo uye iyo yakavhurika jdk asi mukupedzisira iwe zvakare unofanirwa kuchengetedza mutemo wekutsvoda
Kutenda kune zvese zvinogumburwa zvakaitika kare nema iptables, nhasi ndinogona kunzwisisa niverl mbishi, ndiko kuti, taura zvakananga kwaari sezvazvinouya kubva kufekitori.
Uye hachisi chinhu chakaomarara, zviri nyore kwazvo kudzidza.
Kana iye munyori wepositi akandibvumidza, ini ndichatumira chikamu cheiyo firewall script yandinoshandisa izvozvi.
# # Mitemo yekuchenesa
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
# # Gadza default mutemo: DROP
iptables -P INPUT DROP
iptables -P CHIMWE CHINOKUDZWA
iptables -P PAMUSORO DROP
# Unoshanda pane localhost pasina zviyero
iptables -A INPUT -i lo -j Bvuma
iptables -A CHITSAUKO -o lo -j Bvuma
# Rega muchina uende pawebhu
iptables -A INPUT -p tcp -m tcp -port 80 -m kugadziriswa - nzvimbo yakatarisana, YAKASIMBISWA -j Bvuma
iptables -A OUTPUT -p tcp -m tcp -port 80 -j Bvuma
# Nechekarewo kuchengetedza mawebhusaiti
iptables -A INPUT -p tcp -m tcp -port 443 -m kugadziriswa - nzvimbo yakatarisana, YAKASIMBISWA -j Bvuma
iptables -A OUTPUT -p tcp -m tcp -port 443 -j Bvuma
# Rega ping kubva mukati nekunze
iptables -A OUTPUT -p icmp -icmp-mhando echo-chikumbiro -j Bvuma
iptables -A INPUT -p icmp –icmp-mhando echo-pindura -j Bvuma
# Kudzivirirwa kweSSH
#iptables -I INPUT -p tcp -dport 22 -m kugumbusa-ststate NEW -m muganho - gumisa 30 / miniti -limit-burst 5 -m comment -mhinduro "SSH-kick" -j BATIRA
#iptables -A INPUT -p tcp -m tcp -port 22 -j LOG -log-prefix "SSH KUSVIRA KUTAURA:" -log-level 4
#iptables -A INPUT -p tcp -m tcp -port 22 -j DROP
# Mitemo yeamuleki yekubvumira inobuda uye inopinda kubatana pachiteshi
iptables -A INPUT -p tcp -m tcp -dport 16420 -m kugumburisa-ctstate NEW -m kutaura -mhinduro "aMule" -j BATSIRA
iptables -A OUTPUT -p tcp -m tcp -sport 16420 -m kugadzikana -ctstate RELATED, YAKASIMBISWA -m komendi -mhinduro "aMule" -j BATSIRA
iptables -A INPUT -p udp -port 9995 -m chirevo -comment "aMule" -j Bvuma
iptables -A KUTAURA -p udp -port 9995 -j Bvuma
iptables -A INPUT -p udp -port 16423 -j Bvuma
iptables -A KUTAURA -p udp -port 16423 -j Bvuma
Zvino tsananguro diki. Sezvauri kuona, pane iyo mitemo ine DROP mutemo nekutadza, hapana chinosiya uye chinopinda muchikwata iwe usina kuvaudza.
Ipapo, izvo zvekutanga zvakapfuudzwa, iyo localhost uye yekufambisa kunetiweki yemasaiti.
Iwe unogona kuona kuti kune zvakare mitemo ye ssh uye amule. Kana vakatarisa mushe mabatiro avakaitwa, vanokwanisa kugadzira mimwe mitemo yavanoda.
Icho hunyengeri ndechekuona chimiro chemitemo uye kushanda kune imwe mhando yechiteshi kana protocol, ingave udp kana tcp.
Ndinovimba unokwanisa kunzwisisa izvi zvandangotumira pano.
Iwe unofanirwa kugadzira posvo uchizvitsanangura 😉 zvingave zvakanaka.
Ndine mubvunzo. Kana iwe uchida kuramba http uye https kubatana kwandaisa:
sevha "http https" kudonha?
Uye zvichingodaro nebasa chero ripi zvaro?
gracias