iptables, fungidziro kune chaiyo kesi

Vavariro yedzidziso iyi ndeye dzora network yedu, kudzivisa kusvotwa nechero weumwe "muyenzi asingadiwe" uyo kubva mukati anoda kuona pasi (Cuban expression zvinoreva kunetsa, kubaya, nezvimwewo), "packer" hutachiona, kurwisa kwekunze kana kungoita mufaro wekuziva kuti isu ndinogona kurara murunyararo.

chitsamba: Rangarira iyo iptables marongero, BVIRA zvese kana RAMBA zvese, zvinogona kubatsira, mune dzimwe nguva uye kwete kune vamwe, zvinoenderana nesu, kuti zvese zvinoitika padandemutande, ibhizinesi redu, uye zvedu chete, hongu, zvako, yangu, kubva kune uyo akaverenga iyo dzidziso, asi asingazive kuimhanya, kana kubva kune uyo akaiverenga akaishandisa zvakare.

Kuchovha iwe gara !!!

Chinhu chekutanga kuziva, chiteshi chei chese chinogara pakombuta ine GNU / Linux yakaisirwa, izvo, haufanire kubvunza chero munhu, kana kubatanidzwa mukutsvaga kweGoogle kana kubvunza nyanzvi nezvenyaya iyi, ingoverenga faira . Faira diki? Zvakanaka hongu, faira diki.

/ etc / services

Asi ine chii / etc / services?

Zvakareruka kwazvo, iyo rondedzero yezvose services uye zviteshi iripo yeaya masevhisi kungave neTCP kana UDP, nenzira yakarongeka uye inokwira. Yakati masevhisi uye madoko zvaziviswa ne IANA (Indaneti Yakapihwa Manhamba Chiremera).

Kutamba nema iptables

Sematanho ekutanga, isu tichava nePC, inozove iyo yekuyedza muchina, idana izvo zvaunoda, Lucy, Karla kana Naomi, ndichaidaidza Bessie.

Mamiriro ezvinhu:

Zvakanaka, zvakanaka, Bessie muchina weprojekiti uchave ne VSFTPd akatasva, OpenSSH kumhanya, uye a Apache2 iyo yakaiswa kamwechete pakuenzanisa (kuita bvunzo), asi izvozvi zvinoshandiswa chete pamwe chete ne phpMyAdmin kudzora dhatabhesi dze MySQL ayo anoshandiswa mukati nguva nenguva.

Manotsi ekutora:

Ftp, ssh, apache2 uye mysql, ndiwo masevhisi ari kugamuchira zvikumbiro paPC iyi, saka tinofanirwa kufunga nezvezviteshi zvavanoshandisa.

Kana ndisiri kukanganisa uye / etc / services haitaure nhema xD, ftp inoshandisa chiteshi 20 uye 21, ssh nekumira 22 kana imwewo, kana yakatsanangurwa mukumisikidza (mune imwe posvo ini ndichataura nezve maitiro ekugadzirisa SSH zvishoma kudarika zvinowanzozivikanwa), Apache 80 kana 443 kana iri neSSL, uye MySQL 3306.

Iye zvino tinoda imwe tsananguro, iyo IP kero dzePC dzinozobatana naBessie, kuitira kuti vanodzima moto, pakati pavo, vasatsike hosi (zvinoreva hapana kunetsana haha).

Pepe, iyo PHP + MySQL yekuvandudza, inongogona chete kuwana zviteshi 20-21, 80, 443 uye 3306, Frank, chinhu chake ndechekuvandudza iro peji rewebhu webasa kuti riendeswe mumwedzi, iye achangowana chete chiteshi 80 / 443 uye 3306 kuitira kana iwe uchizoda kugadzirisa chero muDB, uye ini ndichave nekwaniso kune zvese zviwanikwa pane server (uye ini ndoda kuchengetedza iyo login ne ssh neIP neMAC). Isu tinofanirwa kumisikidza iyo ping kuitira kana isu tichida kuongorora muchina pane imwe nguva. Yedu network ndeye class C yerudzi 10.8.0.0/16.

Tichatanga faira yemavara inonzi firewall.sh mairi muchave mune zvinotevera:

Namatira Nha. 4446 (Zvinyorwa zvescript)

Uye saka, nemitsara iyi, iwe unobvumidza mukana kune nhengo dzeDevTeam, uzvidzivirire, uye chengetedza iyo PC, ndinofunga zviri nani kutsanangurwa, kwete kunyange muzviroto. Inosara chete kuti iipe mvumo yekuuraya, uye zvese zvichave zvakagadzirira kuenda.

Kune zvishandiso izvo, kuburikidza neNice GUI, zvinobvumidza vashandisi vema novice kumisikidza firewall yePC dzavo, senge "BadTuxWall", inoda Java. Zvakare iyo FwBuilder, QT, iyo yatove inokurukurwa pano kana iyo "Firewall-Jay", ine interface mune ncurses. Mune maonero angu, ndinofarira kuzviita mune yakajeka zvinyorwa, saka ndinozvimanikidza kudzidza.

Ndizvozvo chete, tokuona munguva pfupi kuti uenderere mberi uchitsanangura, iyo fluff yeanopokana-fluff, yehumwe kumisikidzwa, maitiro kana sevhisi.