iptables, uqikelelo kwimeko yokwenyani

Injongo yale khokelo yile lawula uthungelwano lwethuUkuphepha ukucaphukisa kolunye "undwendwe olungathandekiyo" oluvela ngaphakathi olufuna ukusibona phantsi (intetho yaseCuba ethetha ukukhathaza, ukubetha, njl. njl. .

Qaphela: Khumbula imigaqo-nkqubo ye-iptables, YAMKELA yonke into okanye YENZA yonke into, inokuba luncedo, kwezinye iimeko hayi kwezinye, oko kuxhomekeke kuthi, ukuba yonke into eyenzekayo kwinethiwekhi, lishishini lethu, kwaye yeyethu kuphela, ewe, yakho , yeyam, kulowo ufundayo, kodwa akayazi indlela yokuyenza, okanye kulowo wayifundayo wayisebenzisa kakuhle.

Khwela uyahlala !!!

Into yokuqala eyenzekayo kukwazi ukuba yeyiphi inkonzo ehlala kwikhompyuter ene-GNU / Linux efakiweyo, ngenxa yoko, awuzukubuza mntu, okanye uthathe inxaxheba kwiGoogling okanye uthethe nomfundi malunga nesihloko, funda nje ifayile. Ifayile encinci? Ewe ewe, ifayile encinci.

/ njl / iinkonzo

Kodwa iqulethe ntoni / njl / iinkonzo?

Kulula kakhulu, inkcazo yazo zonke iinkonzo namazibuko ekhoyo kwezi nkonzo nokuba yi-TCP okanye i-UDP, ngendlela ehleliweyo kunye nokunyuka. Iinkonzo ezichaziweyo kunye namazibuko zibhengezwe ngu IANA (I-Intanethi eyabelwe iNombolo yeGunya).

Ukudlala nge-iptables

Njengamanyathelo okuqala, siya kuba ne-PC, eya kuba ngumatshini wovavanyo, yibize ngale nto uyifunayo, uLucy, uKarla okanye uNahomi, ndiza kuyibiza Bessie.

Imeko:

Ewe, kulungile, uBessie ngumatshini weprojekthi oza kuba nefayile ye- VSFTPd inyuswe, OpenSSH ukubaleka, kunye a Apache2 eyayifakelwe kube kanye ukwenzela umlinganiso (uvavanyo lwentsebenzo), kodwa ngoku isetyenziswa ngokudibeneyo ne phpMyAdmin ukulawula ugcino lwedatha MySQL Ezisetyenziswa ngaphakathi amaxesha ngamaxesha.

Amanqaku okuthatha:

I-Ftp, ssh, apache2 kunye ne-mysql, ziinkonzo ezifumana izicelo kule PC, ke kuya kufuneka sithathele ingqalelo amazibuko abazisebenzisayo.

Ukuba andiphazami kwaye / njl / iinkonzo I-xD ayithethi buxoki, i-ftp isebenzisa izibuko lama-20 kunye nelama-21, i-ssh ngokwendalo engama-22 okanye enye into, ukuba ichaziwe kuqwalaselo (kwenye iposti ndiza kuthetha ngendlela yokumisela SSH ngaphezulu kancinci kunesiqhelo), Apache 80 okanye 443 ukuba ikunye ne-SSL, kunye neMySQL 3306.

Ngoku sifuna enye inkcukacha, iidilesi ze-IP zeePCs eziza kudibana noBessie, ukuze abacimi mlilo, phakathi kwabo, banganyatheli iithumbu (kuthetha ukuba akukho kungqubana haha).

UPepe, umphuhlisi we-PHP + MySQL, uya kuba nakho ukufikelela kumazibuko 20-21, 80, 443 kunye no-3306, uFrank, into yakhe kukuhlaziya iphepha lewebhu leprojekthi ukuba lihanjiswe ngenyanga, uya kuba nokufikelela kwizibuko 80 / 443 no-3306 kwimeko apho ufuna ukwenza ukulungiswa kwi-DB, kwaye ndiza kuba nakho ukufikelela kuzo zonke izixhobo ezikwiseva (Kwaye ndifuna ukukhusela ukungena nge-ssh nge-IP kunye neMAC). I-ping kufuneka isebenze xa sifuna ukuvota umatshini ngaxa lithile. Inethiwekhi yethu iklasi C yohlobo 10.8.0.0/16.

Siza kuqala ifayile yokubhaliweyo ecacileyo ebizwa ngokuba firewall.sh apho iya kuba noku kulandelayo:

Cola inombolo engu-4446 (ii-iptable zeSkripthi)

Ke, ngale migca, uvumela ukufikelela kumalungu eDevTeam, uyazikhusela, kwaye uyayikhusela iPC, ndicinga ukuba icaciswe ngcono, nkqu nasemaphupheni. Kuhleli kuphela ukuyinika iimvume zokwenza, kwaye yonke into iya kuba ilungele ukuya.

Kukho izixhobo ezithi, nge-GUI entle, zivumele abasebenzisi be-novice ukuba bamisele i-firewall yee-PC zabo, ezinje nge "BadTuxWall", efuna iJava. Kwakhona i-FwBuilder, i-QT, esele ixoxiwe apha okanye i "Firewall-Jay", enonxibelelwano kwiincurses. Ngokoluvo lwam, ndiyathanda ukuyenza ngombhalo ocacileyo, ke ndiyazinyanzela ukuba ndifunde.

Yiloo nto, ndiyakubona kungekudala ukuqhubeka nokucacisa, ukungcola kwe-counter-fluff, kolunye uqwalaselo, inkqubo okanye inkonzo.