Mhoroi munhu wese, zvakanaka pano ndinokuunzirai diki uye yakapusa dzidziso, kugadzira * firewall * uchishandisa chirongwa chiri nyore chinonzi ** Firehol **.
Chikonzero cheichi ndechekupa makomputa edu nekuchengetedzeka kudiki muInternet kubatana, izvo zvisingambokuvadza.
Chii chinonzi Firehol?
Asi kutanga chii Firehol:
> Firehol, idiki application inotibatsira kubata firewall inosanganisirwa mukernel uye iptables chishandiso. Firehol, haina graphical interface, zvese zvigadziriso zvinofanirwa kuitwa kuburikidza nemavara mafaira, asi kunyangwe izvi, iyo gadziriso ichiri nyore kune vashandisi veavice, kana simba kune avo vari kutsvaga kumberi sarudzo. Zvese zvinoitwa naFirehol, zviri nyore kugadzirwa kwemitemo yeptables sezvinobvira uye inogonesa yakanaka firewall yeedu system.
Nesumo iyoyo kune izvo Firehol zvairi uye zvainoita, ngatipindei maitiro ekuiisa mune edu masystem. Ngativhurei chinouraya uye tinyore:
Kuisa Firehol pane Debian uye zvigadzirwa
Isu tinovhura terminal ndokuisa:
'sudo apt-tora kuisa firehol`
Maitiro ekumisikidza Firehol
Kana firehol yaiswa, isu tinoenderera mberi nekuvhura iyo firehol yekumisikidza faira, iri mu * / etc / firehol / firehol.conf *, kune izvi tinogona kushandisa chinyorwa chinyorwa chesarudzo yako (gedit, medit, leafpad)
`sudo nano / etc / firehol / firehol.conf`
Kamwe & ipapo, isu tinogona kuenderera mberi nekuisa zvinotevera zvirimo:
# $ Id: client-all.conf, v 1.2 2002/12/31 15:44:34 ktsaou Exp $ # # Iyi faira yekumisikidza inobvumira zvese zvikumbiro zvichibva mu # muchina wemuno kuti utumirwe kuburikidza neese maratidziro enetiweki. # # Hapana zvikumbiro zvinotenderwa kuuya kubva kunetiweki. Anokoka achave # akanyatsosimudzwa! Icho hachizopindure kune chero chinhu, uye chichava # chisinganetseke, kunyangwe ichizokwanisa kutanga chero chinhu # (kunyangwe pings kune mamwe mauto). # vhezheni 5 # Inogamuchira kwese kunopinda traffic kubva kune inoenderana interface chero nyika # Access Policy, DROP, ndiko kuti, ramba zvese zvirikuuya mapakeji mutemo kudonhedza # Yese inoshanda inodzivirira marongero, inobatsira kudzivirira kurwiswa senge SYN Mafashama, Arp Poison, pakati pevamwe kudzivirira ese # Server marongero, masevhisi anozoshanda (Webhu, Tsamba, MSN, Irc, Jabber, P2P) # Chete kumaseva, kana iwe uchida kugadzirisa kana kugadzira masevhisi matsva, madoko anehukama nemitemo # verenga bhuku remoto. #seva "http https" gamuchira #seva "imap imaps" gamuchira #seva "pop3 pop3s" gamuchira #seva "smtp smtps" gamuchira #seva irc bvuma #seva jabber gamuchira #seva msn gamuchira #seva p2p tambira # Mitemo yevatengi, zvese zvinobuda traffic inogamuchirwa mutengi zvese zvinogamuchira
Iyi iri nyore kodhi inodarika kukwana kudzivirirwa kwekutanga kwemakomputa edu, & saka tinoichengeta uye tobuda munyorero wedhairekitori.
Iye zvino tinofanirwa kugadzira firehol kutanga otomatiki mubhuti yega yega, uye kune izvi isu & enda kune iyo faira * / etc / default / firehol *, uko kwatinozo chinja tambo nekodhi inotevera kodhi:
`START_FIREHOL = hongu '
Isu tinochengetedza shanduko kune iyo faira, uye ikozvino tinoita:
`sudo / sbin / firehol kutanga`
Ready !!! Nezvo, firehol yatotanga uye yagadzira inodiwa firewall mitemo, uye kuti uone kuti zvakaita seizvi, ingomhanya:
'sudo iptables -L`
Kune paranoid, iwe unogona kuenda kune iyo ShieldUP peji! uye edza firewall yako nyowani, vane chokwadi chekupasa bvunzo.
Ndinovimba zvinobatsira.
Yakanaka dzidziso, yakapusa uye inoshanda, mumwe mubvunzo, ndekupi kwandingaone ndiani akaedza kuwana kana kukumbira kukombuta yangu, iine firehol yakaiswa
https://blog.desdelinux.net/firehol-iptables-for-human-beings-arch/
YeArch 🙂
Ndine urombo, asi izvo zvakaipisisa kupfuura kugadzirisa iptables.
Ini ndinonzwisisa chinangwa chakanaka asi imarara.
Kwaziso kubva paranoid.
Kunze kwako iwe uri mugadziri we iptables, wandingafarire. Iyo diki graphical nharaunda yaisazove yakaipa. Kunyangwe iri crappy senge mune python.
Ndinokutendai, ndine urombo uye nezvakanakisisa.
HATINODA KUTUKA, SPAMU KANA KUTI MUKA WAKAIPA MUYI BHOGU !!!!
HAPACHINA!!!
Vakanga vasiri kusefa zvataurwa here?
@sinnerman kudzikama, musimboti @ zetaka01's chirevo hachina kundigumbura, uye handifunge kuti zvinogumbura munyori wekutanga wepositi futi. Une kodzero yekutaura zvaunofunga, kunyangwe iwe usingazvigovane nazvo. Kana ichinyatso kugumbura chero nzira, chirevo chako chichaenda ku / dev / null. 😉
Ini handiwani iko kutaura kwakashata mukaka. MuRedHat ini ndaona kuti aya maficha aripo. Izvo hazvina kunyanya kuoma kudzidza iptables, kuverenga iyi blog zvishoma iwe unowana zvinyorwa.
Zvakaipisisa kupfuura kugadzirisa iptables? Zvakanaka kana zvirizvo zvaunofunga, ndinozviremekedza. Asi ini ndinofunga zviri pachena kuti zviri nani kunyora:
sevha "http https" gamuchira
uye uine madoko 80 uye 443 akavhurika kuti ugone kushandisa apache kana chero imwe dura rewebhu, unofanirwa kunyora:
iptables -A INPUT -i eth0 -p tcp -port 80 -m mamiriro -state ITSVA, YAKASIMBISWA -j BATSIRA
iptables -A INPUT -i eth0 -p tcp -port 443 -m mamiriro -state ITSVA, YAKASIMBISWA -j BATSIRA
Uye kunyangwe uine machiteshi akachinja, zviri nyore chete kuita kumisikidza muFirehol kuita shanduko idzodzo.
Ah asi iine iptables iwe une zvakawanda zvinonzwisisika. Kana izvo zvaunoda chiri chimwe chiratidzo chemutengi, iwe unogona kushandisa chimwe chinhu senge firestarter.
@Hugo ine firehol haurasikirwe nechero ipi iptables sarudzo, nekuti panguva ino inopa rutsigiro ruzere kune ese iptables sarudzo, kusanganisira IPv6.
Nezve kushanduka, Firehol yakakwana kwazvo munzvimbo ino, ichibvumira NAT, DNAT, tsananguro yemitemo yakajeka yeiri yega interface muhurongwa, chaiyo kusefa kwezviteshi ne IP uye MAC kero, inokutendera kuti uite QOS, kumisikidza DMZ, yakajeka cache, yakajeka kupatsanurwa kwetraffic, uye kunyengedza huwandu hwese hwehukama hwakasiyana hwauinahwo.
Muchidimbu; Firehol ine simba, uye inoshaya chinowoneka, asi inonyanya kuitirwa sosi chikamu uko maX asiri madikanwa kana vashandisi vemberi vasingade kutakura graphical firewall.
Kune avo vanoshandisa Debian Jessie, anodiwa / anovengwa systemd anotora nzvimbo nekutanga firehol script nemazvo (dzimwe nguva zvinotora 30 masekonzi kungotanga firewall), saka ini ndinokurudzira kuti udzivise daemon ne systemctl kudzima firehol, uye isa iptables -peristent package, uye chengetedza iyo firewall kumisikidza uchishandisa iyi nzira.
Yakanaka post ... Elav, gwara rinoshanda kune zvigadzirwa zveUbuntu? Iyo posvo kubva kuFIREWALL (PF) yeFreeBSD system, inova zvinyorwa zvakare, zvingave zvakanaka.
Firehol inoshanda paDebian uye zvigadzirwa zvakakwana.