Uyiqala njani iptables imithetho ngokuzenzekelayo kwi-systemd (ArchLinux)

UAlexander (aka KZKG ^ Gaara) | | Iyacetyiswa, Inethiwekhi / iiseva, Izifundo / iincwadi / Iingcebiso

8 Izimvo

Ndithathwa njengothileyo xa kufikwa kukhuseleko, yiyo loo nto ukusetyenziswa kwe-firewall kubalulekile kum. Kwilaptop yam ndinolwazi olubuthathaka, olubaluleke kakhulu kum; kwaye ngenxa yokuba i-firewall ye-PC ifana nokutshixa okanye ikhuselekile kuthi, sikhumbula ukuba kwikhompyuter sigcina amagama okungena kwi-imeyile, idatha yeakhawunti yebhanki (nabani na onayo), ulwazi lweseva, kunye nolunye ulwazi oluchaphazela ngqo ubomi bethu bomzimba ... kakuhle, ngaphandle kwamathandabuzo hamba kwinethiwekhi ngaphandle i-firewall emiselweyo, ngaphandle kokhuseleko olufanelekileyo kwikhompyuter yethu ayisiyonto ecetyiswayo.

Ngexesha elithile elidlulileyo ndikubonise indlela yokuqala imigaqo ye-iptables ngokuzenzekelayo kwi-distros njenge-Debian, Ubuntu okanye ezinye eziqulathe ifayile /etc/rc.local, nangona kunjalo kwiArchLinux njengoko isebenzisa isistim le fayile ayikho.

Ke, indlela endiyifumene ngayo ukuze iptable zam ziqwalaselwe njengoko ndinqwenela ukwenza iscript esishicilelayo esiqwalasela iptables, emva koko ndiguqule ifayile / / usr / lib / sistimu / inkqubo / iinkqubo zeseva ... kodwa, masingene iinxalenye 🙂

1. Simele yenza iscript esibhaliweyo Inemithetho yethu ye-iptables, into enje: I-Bash + iptables umzekelo weskripthi

2. Emva kokwenza iskripthi, sibhala imithetho yethu kuyo kwaye siyinike imvume yokuphumeza, siyaqhubeka ukuhlela inkonzo ye-iptables yenkqubo:

Umyalelo olandelayo kufuneka wenziwe ngeemvume zolawulo, nokuba usebenzisa isudo njengam okanye ngqo nomsebenzisi wengcambu

sudo nano /usr/lib/systemd/system/iptables.service

Siza kufumana into enje:

[Icandelo] Inkcazo = Isakhelo sokucoca iipakethe [IiNkonzo] Uhlobo = ishot ExecStart = / usr / bin / iptables-buyisela /etc/iptables/iptables.rules ExecReload = / usr / bin / iptables-buyisela /etc/iptables/iptables.rules I-ExecStop = / usr / lib / systemd / izikripthi / i-iptables-flush RemainAfterExit = ewe [Faka] i-WantedBy = i-multi-user.target

3. Ukuthatha ukuba iskripthi esasiyenzile ngaphambili sikwi /home/myuser/script-iptables.sh emva koko siya kuyishiya iptables.service fayile esivule ngolu hlobo lulandelayo:

[Icandelo] Inkcazo = Isakhelo sokucoca ipakethe [IiNkonzo] Uhlobo = ishot ExecStart = / ikhaya / myuser / script-iptables.sh ExecReload = / home / myuser / script-iptables.sh ExecStop = / usr / lib / systemd / script / iptables -Ukuhlala uhlala emva kweExit = ewe [Faka] i-WantedBy = multi-user.target

4. Emva koko kufuneka siqiniseke ukuba iptables iqala ngokuzenzekelayo:

sudo systemctl enable iptables

5. Siyiqala:

sudo systemctl start iptables

6. Kwaye singayijonga imigaqo:

sudo iptables -nL

Le yeyona ndlela ilula ndiyifumeneyo (1) ine-bash script yam elungiselela iptables kum, nayo (2) ukuba imigaqo iqale ngokuzenzekelayo kwaye ekugqibeleni (3) ukuba iskripthi ngokwaso sasiyinto ezimeleyo, oko kukuthi, ukuba ngomso ndifuna ukuyisebenzisa kwi-Debian endiyifakayo (umzekelo) ngekhe ndiphinde ndiyilungelelanise kwakhona.

Ngapha koko, ndiyathemba ukuba uyifumene iluncedo 🙂

Phendula nge quote


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Izimvo ezi-8, shiya ezakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   Eliotime3000 sitsho
    yenzayo 10 iminyaka

    Inomdla….

    Phendula kwi-eliotime3000
  2.   USawule sitsho
    yenzayo 10 iminyaka

    Ngekhe kube lula ukuhlela iifayile ze-iptables.rules, ukuba sele unendawo yokufikelela kwisudo kuya kuba kufanelekile ukuyiguqula, akunjalo?

    Phendula uSawule
  3.   xphnx sitsho
    yenzayo 10 iminyaka

    Ndiyenza ngendlela eyahlukileyo, nangona ndisebenzisa iskripthi osilayishileyo ukumilisela imigaqo.

    1- Sazisa inkonzo (ukuba asikayenzi okwangoku):
    # systemctl enable iptables.service
    # systemctl start iptables.service

    2- Siyabona ukuba yeyiphi imigaqo esisebenzayo (sicinga ukuba yonke into ivulekile ukuba akukho nto siyichukumisileyo) sudo iptables -nvL

    3- Sitshintshela kwimigaqo esiyifunayo, sazisa iskripthi soqwalaselo:
    # sh /home/miusuario/script-iptables.sh

    4- Masibone ukuba itshintshe njani imigaqo esebenzayo:
    # iptables -nvL

    5- Sigcina uqwalaselo olutsha lwe-iptable ukulungiselela ukuqala kwakhona okuzayo:
    # iptables-save > /etc/iptables/iptables.rules

    5b- Ukuba sihlela ifayile /etc/iptables/iptables.rules ngesandla ukutshintsha imigaqo, kufuneka siphinde silayishe ubumbeko:
    # systemctl reload iptables

    Ubuncinci kum kulula ngaloo ndlela. Ndizama ukufunda i-bash kunye ne-kdialog ukulawula useto ngendlela ebonakalayo. Emva kwexesha ndizakuzama ukwenza into epheleleyo ngakumbi nge-qtcreator umzekelo, ukuze ndibenakho ukuba nezikripthi ezininzi zokumisela ngokuxhomekeke kwizixhobo esizilungiselelayo (umzila, iPC, njl ...) ukubona ukuba iyaphuma na.

    Phendula kwi-xphnx
    1.    xphnx sitsho
      yenzayo 10 iminyaka

      Ujongano endinalo engqondweni yinto enje.

      igophe
      http://i1178.photobucket.com/albums/x380/beatfenix/kortafuegos_arch_zpscec2122d.jpeg
      Debian
      http://i1178.photobucket.com/albums/x380/beatfenix/kortafuegos_deb_zps75ada7c4.jpeg

      Phendula kwi-xphnx
  4.   dhunter sitsho
    yenzayo 10 iminyaka

    Le captcha yezimvo isisihluzi se-bug, nceda utshintshe uye kwenye okanye uyihlaziye kuba iyacaphukisa emva kwemizamo emininzi.

    Phendula kwi-dhunter
    1.    iyeva sitsho
      yenzayo 10 iminyaka

      Ikwayinto enye esetyenziswe yi-humanOS, iFirefoxmanía .. mhlawumbi iyinto ene-cache.

      Phendula u-elav
      1.    dhunter sitsho
        yenzayo 10 iminyaka

        Ewe, andisathethi ke kwezi zimbini.

        Phendula kwi-dhunter
  5.   mj sitsho
    yenzayo 10 iminyaka

    Regards,
    Esi sihloko siluncedo kakhulu.
    Ngaphandle kwamathandabuzo kwabo banomdla kukhuseleko lwenkcukacha ezigcinwe kwiPC yethu; "Iptable" sesinye sezixhobo ekufuneka kufundwe ukuzisebenzisa; nangona, ngokubaluleka kwayo kunzima ukufunda.
    Ndiyifumene le vidiyo ngesihloko endinethemba lokuba uya kundivumela ukuba ndibelane ngedilesi ye-imeyile "http://www.youtube.com/watch?v=Z6a-K_8FT_Y"; Ummangaliso wam kukuba, yinto eyahlukileyo kule ingoku apha. Kodwa ke, ndicinga ukuba izakubangelwa kukwahlukahlukana konikezelo olune-GNU / Linux (i-ARCH, i-DEBIAN, i-SUSE, njl.njl), kuya kufuneka sifunde kunjalo.

    Phendula mj