Yenza eyakho firewall nge-iptables usebenzisa lo mbhalo ulula

BrodyDalle

Imizuzu ye3

Ndichithe ixesha ndicinga ngezinto ezimbini malunga nezi iptables: uninzi lwabo bafuna ezi tutorials ngabaqalayo kwaye okwesibini, uninzi sele lukhangela into elula kwaye sele icacisiwe.

Lo mzekelo ungoweseva yewebhu, kodwa ungongeza ngokulula imigaqo engaphezulu kwaye uyilungelelanise neemfuno zakho.

Xa ubona u "x" utshintsha ii-ip zakho


#!/bin/bash

#Sicocekile iptables iitafile -F iptables -X # Sicoce i-NAT iptables -t nat -F iptables -t nat -X # mangle table for things like PPPoE, PPP, and ATM iptables -t mangle -F iptables -t mangle -X # Imigaqo-nkqubo ndicinga ukuba le yeyona ndlela ilungileyo yabaqalayo kwaye # akukabi kubi, ndiza kuchaza iziphumo zazo zonke ngenxa yokuba zizidibaniso eziphumayo #, igalelo sililahla yonke into, kwaye akukho seva ekufuneka ihambile. iptables -P INPUT DROP iptables -P ISIPHUMO YAMKELA ii-iptables -P PHAMBILI NGOKUTSHA #Intranet LAN intranet = eth0 #Extranet wan extranet = eth1 # Gcina imeko. Yonke into esele idityanisiwe (isungulwe) ishiyeke ngoluhlobo iptables -I-INPUT -m state -state ESTABLISHED, RELATED -j ACCEPT # device Loop. iptables -I-INPUT -i lo -j YAMKELA # http, https, asichazi ujongano kuba # sifuna ukuba ibe yeyazo zonke iptables -A INPUT -p tcp -dport 80 -j ACCEPT iptables -A INPUT -p tcp - dport 443 -j YAMKELA # ssh ngaphakathi kuphela kwaye ukusukela kolu luhlu lwee-iptables -A INPUT -p tcp -s 192.168.xx / 24 -i $ intranet -dport 7659 -j YAMKELA # ukubeka esweni umzekelo ukuba bane-zabbix okanye enye iptables yenkonzo ye-snmp -I-INPUT -p tcp -s 192.168.xx / 24 -i $ intranet -dport 10050 -j ACCEPT # icmp, ping well it's up to you iptables -A INPUT -p icmp -s 192.168. xx / 24 - i $ intranet -j YAMKELA #mysql ngeposi yiport 5432 iptables -A INPUT -p tcp -s 192.168.xx -sport 3306 -i $ intranet -j ACCEPT #sendmail bueeeh if you want to send some mail #iifayili -I-OUTPUT -p tcp -dport 25 -j YAMKELA # Ukuchasana nokuchasana 09/07/2014 # SERVER_IP = "190.xxx" # IP server - eyona wan ip yeserver yakho LAN_RANGE = "192.168.xx / "Uluhlu lwe-LAN yenethiwekhi yakho okanye ii-vlan # Ip zakho ezingaze zingene kwi-extranet,kukusebenzisa isuntswana le- # logic ukuba sinonxibelelwano lweWAN kuphela akufuneki lingene # LAN uhlobo lokugcwala ngakwindlela ejonganayo SPOOF_IPS = "21/0.0.0.0 8/127.0.0.0 8/10.0.0.0 8/172.16.0.0 12 .192.168.0.0 / 16 "# Isenzo esingagqibekanga - esenziwayo xa kuthe kwahambelana umgaqo ACTION =" DROP "# Iipakethi nge-ip efanayo yeseva yam ngokusebenzisa ip ipables -A INPUT -i $ extranet -s $ SERVER_IP -j $ ACTION # iptables -I-OUTPUT -o $ extranet -s $ SERVER_IP -j $ ACTION # Iipakethi ngeLan Range ye-wan, ndiyibeka ngolu hlobo kwimeko yokuba unayo # nayiphi na inethiwekhi, kodwa le ayifuneki ngolu hlobo lulandelayo # umthetho ngaphakathi iluphu "ye" iptables -I-INPUT -i $ extranet -s $ LAN_RANGE -j $ ACTION iptables -A ISIPHUMO -o $ extranet -s $ LAN_RANGE -j $ ACTION ## Zonke iinethiwekhi ze-SPOOF azivunyelwanga yi-wan ye-ip in $ SPOOF_IPS yenza iptables -I-INPUT -i $ extranet -s $ ip -j $ ACTION iptables -I-OUTPUT -o $ extranet -s $ ip -j $ ACTION yenziwe

Njengesiqhelo ndilindele amagqabantshintshi, hlala ubukele kule bhlog, Enkosi


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   HO2Gi sitsho
    yenzayo 8 iminyaka

    Kuyandinceda ukuqhubeka nokufunda umbulelo omncinci okhutshelweyo.

    Phendula u-HO2Gi
    1.    brodydalle sitsho
      yenzayo 8 iminyaka

      wamkelekile, ndiyavuya ukunceda

      Phendula u-BrodyDalle
  2.   Javier sitsho
    yenzayo 8 iminyaka

    Ndicela uxolo, kodwa ndinemibuzo emibini (kwaye omnye njengesipho:):

    Ngaba ungafika noluqwalaselo ukuze i-Apache ibaleke kwaye ivale yonke ngaphandle kwe-SSH?

    #Sicocekile iitafile
    iiptables -F
    iiptables -X

    Sicoce iNAT

    iiptables -t nat -F
    iiptables -t nat -X

    iptables -I-INPUT -p tcp-ingxelo 80 -j YAMKELA

    ssh kuphela ngaphakathi nangoluhlu lwee-ip's

    iptables -I-INPUT -p tcp -s 192.168.xx / 24 -i $ intranet-ingxelo 7659 -j YAMKELA

    Umbuzo wesibini: Ngaba i-7659 izibuko elisetyenziswe kwi-SSH kulo mzekelo?

    Okwesithathu nowokugqibela: loluphi ifayile ekufuneka igcinwe kulo fayile?

    Enkosi kakhulu kwisifundo, kulihlazo ukuba uyi-newbie enjalo kwaye awunakho ukuthatha ithuba layo kakuhle.

    Phendula uJavier
    1.    brodydalle sitsho
      yenzayo 8 iminyaka

      lo ngumgaqo owufunayo kwi-http ukusuka kwi-apache
      iptables -I-INPUT -p tcp-ingxelo 80 -j YAMKELA

      kodwa kuya kufuneka ubhengeze imigaqo-nkqubo yokuyeka emiselweyo (kwisikripthi)
      iptables -P Igalelo lokwenza
      iptables -P ISIPHUMO SOKWAMKELA
      iptables -P PHAMBILI NGOKUXELAYO

      kwaye oku ngenxa yokuba ukude, kuya kukulahla.
      iptables -I-INPUT -m state-state ESTABBISHED, RELATED -j YAMKELA

      ukuba i-7659 izibuko lale ssh kumzekelo, ngokungagqibekanga ingama-22, nangona ndincoma ukutshintsha kwizibuko "elingaziwa kakuhle"
      Indoda andiyazi, njengoko ufuna ... firewall.sh kwaye uyibeka kwi-rc.local (sh firewall.sh) ukuze ibaleke ngokuzenzekelayo, ixhomekeke kwinkqubo onayo, kukho iifayile apho unokubeka imigaqo ngokuthe ngqo.

      Phendula u-BrodyDalle
  3.   jge sitsho
    yenzayo 8 iminyaka

    Heyi, iskripthi sakho silunge kakhulu, siyayihlalutya… Ngaba uyazi ukuba ndingazikhaba njani zonke izicelo ezivela kubasebenzisi bam kwiwebhusayithi ethile?…. kodwa le webhusayithi ineeseva ezininzi….

    Phendula iJge
    1.    brodydalle sitsho
      yenzayo 8 iminyaka

      Ndicebisa ezinye iindlela:
      1) Unokwenza indawo engekhoyo kwi-dns yakho ...
      2) Ungabeka ummeli nge-acl
      isono embargo
      Ngee-iptables ungayithanda le ... ayisoloko iyeyona nto ilungileyo (zininzi iindlela)
      iptables -A INPUT -s blog.desdelinux.ne -j DROP
      iptables -A OUTPUT -d blog.desdelinux.net -j DROP

      Ndixelele ukuba iyasebenza

      Phendula u-BrodyDalle
  4.   Javier sitsho
    yenzayo 8 iminyaka

    Enkosi ngempendulo, yonke into icociwe. Ndabuza malunga nezibuko kuba ndothuka ukusebenzisa i-7659, kuba izibuko labucala liqala ngo-49152, kwaye inokuphazamisa inkonzo ethile okanye enye into.
    Kwakhona, enkosi ngayo yonke into, intle loo nto!

    Ukubulisa

    Phendula uJavier
  5.   Sic sitsho
    yenzayo 8 iminyaka

    BrodyDalle, ndinganxibelelana njani nawe? Ndinomdla kakhulu kwiskripthi sakho.

    Phendula sic
    1.    brodydalle sitsho
      yenzayo 8 iminyaka

      soulofmarionet_1@hotmail.com

      Phendula u-BrodyDalle
  6.   Carlos sitsho
    yenzayo 8 iminyaka

    Ngaba ngaphambi komgca wokugqibela "iptables -I-OUTPUT -o $ extranet -s $ ip -j $ ACTION" ukuthintela owakho umatshini ekuphambeni? Okanye kunokwenzeka ukuba enye ipakethi enetyhefu ingene kwaye inokuphuma kunye nomthombo onetyhefu kwaye yiyo loo nto umthetho ubandakanyiwe kwi-OUTPUT?
    Enkosi kakhulu ngengcaciso !!!

    Phendula uCarlos
  7.   fran sitsho
    yenzayo 4 iminyaka

    Esi sisicatshulwa sam se-iptables, sigqibelele:

    # iifransi.iifayile
    # doc.iptables.airoso: iptables yelifa kunye nft
    #
    # amazibuko e-firewall
    ##########################
    #! / bin / ibash
    #
    # coca isikrini
    ################################# ukuqala #etc/f-iptables/default.cfg ||
    kucace
    # shiya umgca ungenanto
    Bhala
    thumela ngaphandle ewe = »» hayi = »ungqinisiso»
    # eziguquguqukayo onokuzitshintsha ukuvumela ukufikelela
    # # # # # # # # # # # # # # # # # # # # # # # # # # # zigqibile
    ukuthumela ngaphandle hayexcepciones = »$ hayi»
    # Kukho okwahlukileyo: $ ewe ukuvumela iinginginya ezizodwa kwaye $ hayi ikhubaze
    ukuthumela ngaphandle hayping = »$ hayi»
    # hayping: $ ewe ukuvumela ii-pings kubantu besithathu kunye ne- $ hayi ukuyala
    ukuthumela ngaphandle haylogserver = »$ hayi»
    # haylogeosserver: $ ewe ukuze ukwazi ukungena kwi-tcp $ hayi ukuze ungabinako ukungena kwi-tcp
    ######
    # # # # # # # # # # # # # # # # # # ''
    ngaphandle ngaphandle = »baldras.wesnoth.org»
    # okwahlukileyo kuvumela indawo enye okanye ezininzi kwi-firewall okanye akukho xabiso
    ukuthumela ngaphandle i-logserver = lahla, ipp, dict, ssh
    # tcp amazibuko eseva angenelwe xa iipakethi zingena
    ukuthumela kwakhona i-redserver = 0/0
    # redserver: inethiwekhi yamazibuko eserver ikhetha inethiwekhi yendawo okanye ii-ips ezininzi
    iklayenti yokuthumela ngaphandle ebomvu = 0/0
    # clientnet: uthungelwano lwamazibuko abaxhasi lukhethwa kuzo zonke iinethiwekhi
    thumela ngaphandle servidortcp = lahla, ipp, dict, 6771
    # servidortcp: amazibuko eseva ye-tcp
    ukuthumela ngaphandle isevaudp = ukulahla
    #udpserver: amazibuko eseva we-udp achaziweyo
    ukuthumela ngaphandle iklayenti = idomeyini, i-bootpc, i-bootps, i-ntp, i-20000: 45000
    #udp umthengi: amazibuko abaxhasi be-udp
    ukuthumela ngaphandle iklayenti = isizinda, http, https, ipp, git, dict, 14999: 15002
    # tcp umthengi: ezichaziweyo zabathengi be-tcp
    ########################### ukuphela kwe /etc/f-iptables/default.cfg |||||
    #############################
    ukuthumela ngaphandle i-firewall = 1 $ variables = $ 2
    ukuba ["eziguquguqukayo $" = "$ NULL"]; ke umthombo /etc/f-iptables/default.cfg;
    omnye umthombo / njl / f-iptables / $ 2; fi
    ##############################################################################################################################################################
    ################################## ###########################
    ukuthumela ngaphandle i-firewall = $ 1 izinto eziguquguqukayo = = 2
    ##########################
    ukuba ["$ firewall" = "inqanyuliwe"]; emva koko ungqina ukuba i-FIREWALL IBONISWE;
    ukuthumela ngaphandle kwisebe = »$ no» activateclient = »$ no» wet = »$ no»;
    elif
    ukuthumela ngaphandle umthetho osebenzayo = »$ hayi» activateclient = »» wet = »$ no»;
    elif ["$ firewall" = "iseva"]; emva koko ungqina ISERVER YOMLILO;
    ukuthumela ngaphandle umthetho osebenzayo = »» activateclient = »$ no» wet = »$ no»;
    elif ["$ firewall" = "umxhasi kunye neseva"]; emva koko ungqengqa UMLAZI WOMLILO NENKONZO
    ukuthumela ngaphandle yenza isebenze = »»; ukuthumela ngaphandle into esebenzayo = »», ukuthumela ngaphandle ezimanzi = »$ hayi»;
    elif ["$ firewall" = "evumelekileyo"]; emva koko ungqinela INDLELA YOKUQHUBA UMLILO;
    ukuthumela ngaphandle i-activatesverver »» $ no »activateclient =» $ no »wet =» »;
    enye
    $ jonga i-sudo echo iptables-legacy:
    $ jonga i-sudo iptables-legacy -v -L INPUT
    $ jonga i-sudo iptables-legacy -v -L ISIPHUMO
    $ jonga i-sudo echo iptables-nft:
    $ jonga i-sudo iptables-nft -v -L INPUT
    $ jonga i-sudo iptables-nft -v -L ISIPHUMO
    echo _____parameters____ $ 0 $ 1 $ 2
    i-echo "cast ngaphandle kweeparameter kukuluhlu lwee-iptables."
    "Iiparamitha zokuqala: unqunyanyisiwe okanye umxhasi okanye umncedisi okanye umxhasi kunye neseva okanye uvumele."
    echo "Ipharamitha yesibini: (ngokuzithandela): ifayile emiselweyo.cfg ekhetha /etc/f-iptables/default.cfg"
    echo "Useto olwahlukileyo:" $ (ls / njl / f-iptables /)
    phuma 0; fi
    #################
    Bhala
    i-echo iphosa i- $ 0 inqanyuliwe okanye iklayenti okanye iseva okanye umxhasi kunye neseva okanye evumayo okanye eyahlukileyo okanye ngaphandle kokusebenzisa iparameter ukudwelisa iptables.
    echo Ifayile ye- $ 0 iqulethe izinto ezithile ezinokuhleleka ngaphakathi.
    #####################
    ##############################
    echo ukuseta iiptables eziguquguqukayo
    echo izinto eziguquguqukayo ezenziweyo
    Bhala
    ###########################
    echo Ukuseta iptables-ilifa
    Isudo / usr / sbin / iptables-legacy -t isihluzo -F
    Isudo / usr / sbin / iptables-legacy -t nat -F
    Isudo / usr / sbin / iptables-legacy -t mangle -F
    Isudo / usr / sbin / ip6tables-legacy -t isihluzo -F
    Isudo / usr / sbin / ip6tables-legacy -t nat -F
    Isudo / usr / sbin / ip6tables-legacy -t mangle -F
    Isudo / usr / sbin / ip6tables-legacy -A INPUT -j DROP
    Isudo / usr / sbin / ip6tables-legacy -I-OUTPUT -j DROP
    Sudo / usr / sbin / ip6tables-legacy -A PHAMBILI -j DROP
    I-sudo / usr / sbin / iptables-legacy -I-INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ haylogserver sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport -dports $ logserver -j LOG> / dev / null
    $ kukho okwahlukileyo Sudo / usr / sbin / iptables-legacy -A INPUT -s $ exceptions -j ACCEPT> / dev / null
    $ Sebenzisa iserver yesudo / usr / sbin / iptables-legacy -A INPUT -p udp -m multiport -dports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport -dports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -A INPUT -p udp -m multiport -sports $ clientudp -m state -state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport -sports $ clienttcp -m state -state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping Sudo / usr / sbin / iptables-legacy -A INPUT -p icmp -icmp-uhlobo echo-impendulo -j ACCEPT> / dev / null
    Isudo / usr / sbin / iptables-legacy -I-INPUT -j DROP> / dev / null
    Isudo / usr / sbin / iptables-legacy -I-OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-legacy -I-OUTPUT -d $ ngaphandle -j ACCEPT> / dev / null
    $ Sebenzisa iserver yesudo / usr / sbin / iptables-legacy -I-OUTPUT -p udp -m multiport -sports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-legacy -I-OUTPUT -p tcp -m multiport -sports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -I-OUTPUT -p udp -m multiport -dports $ clientudp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -I-OUTPUT -p tcp -m multiport -dports $ clienttcp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping Sudo / usr / sbin / iptables-legacy -I-OUTPUT -p icmp -icmp-uhlobo echo-sicelo -j ACCEPT> / dev / null
    I-sudo / usr / sbin / iptables-legacy -ISIPHUMO -j DROP
    Sudo / usr / sbin / iptables-legacy -A PHAMBILI -j DROP
    i-echo iptables-legacy yenziwe
    Bhala
    echo Ukuseta iptables-nft
    Isudo / usr / sbin / iptables-nft -t isihluzo -F
    Isudo / usr / sbin / iptables-nft -t nat -F
    Isudo / usr / sbin / iptables-nft -t mangle -F
    Isudo / usr / sbin / ip6tables-nft -t isihluzo -F
    Isudo / usr / sbin / ip6tables-nft -t nat -F
    Isudo / usr / sbin / ip6tables-nft -t mangle -F
    Isudo / usr / sbin / ip6tables-nft -A Igalelo -j DROP
    I-sudo / usr / sbin / ip6tables-nft-ISIPHUMO -j DROP
    Isudo / usr / sbin / ip6tables-nft -A PHAMBILI -j DROP
    Isudo / usr / sbin / iptables-nft -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ haylogserver sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport -dports $ logserver -j LOG> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-nft -A INPUT -s $ ngaphandle -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -A INPUT -p udp -m multiport -dports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport -dports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A INPUT -p udp -m multiport -sports $ clientudp -m state -state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport -sports $ clienttcp -m state -state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping Sudo / usr / sbin / iptables-nft -A INPUT -p icmp -icmp-uhlobo echo-phendula -j ACCEPT> / dev / null
    Isudo / usr / sbin / iptables-nft -A INPUT -j DROP> / dev / null
    Isudo / usr / sbin / iptables-nft-ISIPHUMO -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ kukho okwahlukileyo Sudo / usr / sbin / iptables-nft -A OUTPUT -d $ exceptions -j ACCEPT> / dev / null
    $ Sebenzisa iserver yesudo / usr / sbin / iptables-nft-I-OUTPUT -p udp -m multiport -sports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ yenza iseva sudo / usr / sbin / iptables-nft-I-OUTPUT -p tcp -m multiport -sports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A OUTPUT -p udp -m multiport -dports $ clientudp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A OUTPUT -p tcp -m multiport -dports $ clienttcp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping Sudo / usr / sbin / iptables-nft-ISIPHUMO -p icmp -icmp-uhlobo echo-sicelo -j ACCEPT> / dev / null
    Isudo / usr / sbin / iptables-nft-Isiphumo -j DROP
    Sudo / usr / sbin / iptables-nft -A PHAMBILI -j DROP
    i-echo iptables-nft yenziwe
    Bhala
    $ wet sudo / usr / sbin / iptables-legacy -F> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -m state-indawo esekwe -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-OUTPUT -j YAMKELA> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -A PHAMBILI -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -F> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -I-INPUT -s 127.0.0.1 -d 127.0.0.1 -j YAMKELA> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -I-INPUT -m state-indawo esekwe -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -I-INPUT -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-nft-ISIPHUMO -j YAMKELA> / dev / null
    $ wet sudo / usr / sbin / iptables-nft-A PHAMBILI -j DROP> / dev / null
    # # # # # # # # # # # # # #
    phinda ulahle $ 0 $ 1 $ 2
    # uphuma kwiskripthi
    ukuphuma 0

    Phendula u-fran
  8.   ULuis Duran sitsho
    yenzayo 3 iminyaka

    Ndingawubeka njani umthetho ukuba le firewall iyisebenzisele isango lam kwaye ine squid ngaphakathi kwe-LAN ???

    Phendula uLuis Duran