Dala i-firewall yakho ngama-iptables usebenzisa lo mbhalo olula

BrodyDalle

Imizuzu ye-3

Ngichithe isikhathi esithile ngicabanga ngezinto ezimbili mayelana nalezi iptables: iningi lalabo abafuna lezi tutorials ngabaqalayo futhi okwesibili, abaningi sebevele bafuna okuthile okulula futhi osekuningiliziwe.

Lesi sibonelo eseseva yewebhu, kepha ungangeza kalula eminye imithetho futhi uyivumelanise nezidingo zakho.

Lapho ubona u "x" ushintshela ama-ip akho


#!/bin/bash

# Sihlanza amatafula we-iptables -F iptables -X # Sihlanza ama-iptables we-NAT -t nat -F iptables -t nat -X # itafula le-mangle lezinto ezifana ne-PPPoE, i-PPP, ne-ATM iptables -t mangle -F iptables -t mangle -X # Izinqubomgomo ngicabanga ukuthi le yindlela enhle yabaqalayo futhi # namanje akukubi, ngizochaza okukhiphayo (okukhiphayo) konke ngoba kungukuxhumana okuphumayo #, okokufaka kulahla konke, futhi akukho seva okufanele idlulise. iptables -P INPUT DROP iptables -P OUTPUT YAMUKELA iptables -P FORWARD DROP #Intranet LAN intranet = eth0 #Extranet wan extranet = eth1 # Gcina isimo. Yonke into esivele ixhumekile (isunguliwe) ishiywa kanjena: iptables -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT # Loop device. iptables -A INPUT -i lo -j ACCEPT # http, https, asicacisi i-interface ngoba # sifuna kube yiyo yonke iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp - dport 443 -j ACCEPT # ssh only ngaphakathi and from this range of ip's iptables -A INPUT -p tcp -s 192.168.xx / 24 -i $ intranet --dport 7659 -j ACCEPT # Monitoring example if they have zabbix or amanye ama-iptables wensizakalo ye-snmp -A INPUT -p tcp -s 192.168.xx / 24 -i $ intranet --dport 10050 -j ACCEPT # icmp, ping well it's up to you iptables -A INPUT -p icmp -s 192.168.xx / 24 - i $ intranet -j ACCEPT #mysql with postgres is port 5432 iptables -A INPUT -p tcp -s 192.168.xx --sport 3306 -i $ intranet -j ACCEPT #sendmail bueeeh if you want to send some mail # iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT # Anti-SPOOFING 09/07/2014 # SERVER_IP = "190.xxx" # server IP - i-wan wan yangempela yeseva yakho LAN_RANGE = "192.168.xx / 21 "# Uhla lwe-LAN lenethiwekhi yakho noma ama-vlan # Ip akho okungafanele angene ku-extranet,ukusebenzisa okuncane kwe- # logic uma sinesixhumi esibonakalayo se-WAN akufanele ifake ithrafikhi yohlobo lwe- # LAN ngaleyo interface SPOOF_IPS = "0.0.0.0/8 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0 .16 / XNUMX "# Isenzo esizenzakalelayo - esizokwenziwa uma noma yimuphi umthetho ufana ne-ACTION =" DROP "# Amaphakethe ane-ip efanayo yeseva yami ngokusebenzisa ama-ip ipables -A INPUT -i $ extranet -s $ SERVER_IP -j $ ACTION # ama-iptables -A OUTPUT -o $ extranet -s $ SERVER_IP -j $ ACTION # Amaphakethe ane-LAN Range ye-wan, ngikubeka kanjena uma kwenzeka une # noma iyiphi inethiwekhi ethile, kepha lokhu akusafuneki ngale mithetho # elandelayo ngaphakathi iluphu "ye" iptables -A INPUT -i $ extranet -s $ LAN_RANGE -j $ ACTION iptables -A OUTPUT -o $ extranet -s $ LAN_RANGE -j $ ACTION ## Onke ama-SPOOF Networks awavunyelwe yi-wan ye-ip in $ SPOOF_IPS enza ama-iptables -I-INPUT -i $ extranet -s $ ip -j $ ACTION iptables -A OUTPUT -o $ extranet -s $ ip -j $ ACTION kwenziwe

Njengenjwayelo ngilindele ukuphawula kwakho, hlala ubukele kule bhulogi, Ngiyabonga


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-HO2Gi kusho
    kwenza iminyaka 8

    Kuyangisiza ukuqhubeka nokufunda ukubonga okuthe xaxa okukopishiwe.

    Phendula ku-HO2Gi
    1.    brodydalle kusho
      kwenza iminyaka 8

      wamukelekile, ngijabulela ukuba usizo

      Phendula u-BrodyDalle
  2.   Javier kusho
    kwenza iminyaka 8

    Ngiyaxolisa kakhulu, kepha nginemibuzo emibili (futhi owodwa njengesipho:):

    Ngabe uzofika nalokhu kulungiswa ukuze i-Apache isebenze futhi ivale konke okunye ngaphandle kwe-SSH?

    #Sihlanza amatafula
    iptables -F
    iptables -X

    Sihlanza i-NAT

    iptables -t nat -F
    iptables -t nat -X

    iptables -A INPUT -p tcp -dport 80 -j ACCEPT

    ssh kuphela ngaphakathi futhi kusuka kulolu hlu lwama-ip's

    iptables -A INPUT -p tcp -s 192.168.xx / 24 -i $ intranet –bika 7659 -j YAMUKELA

    Umbuzo wesibili: Ngabe i-7659 itheku elisetshenziswe ku-SSH kulesi sibonelo?

    Okwesithathu nokokugcina: kufanele kulondolozwe kuliphi ifayela lokhu kulungiselelwa?

    Ngiyabonga kakhulu ngesifundo, kuyihlazo ukuthi uyi-newbie enjalo futhi awukwazi ukusizakala kahle.

    Phendula uJavier
    1.    brodydalle kusho
      kwenza iminyaka 8

      lo ngumthetho owudinga i-http kusuka ku-apache
      iptables -A INPUT -p tcp -dport 80 -j ACCEPT

      kepha futhi udinga ukumemezela izinqubomgomo ezizenzakalelayo zokulahla (kusikripthi)
      iptables -P INPUT DROP
      iptables -P OUTPUT ACCEPT
      iptables -P PHAMBILI IDROPHU

      futhi lokhu ngoba uma ukude, kuzokulahla.
      iptables -I-INPUT -m state -state ESTABLISHED, RELATED -j ACCEPT

      uma i-7659 iyitheku laleyo ssh kusibonelo, ngokuzenzakalela ingama-22, yize ngincoma ukuthi ushintshele ethekwini "elingaziwa kahle"
      indoda angazi, njengoba ufuna ... i-firewall.sh bese uyifaka ku-rc.local (sh firewall.sh) ukuze igijime ngokuzenzekelayo, kuya ngokuthi unaluphi uhlelo lokusebenza, kunamafayela lapho ingabeka imithetho ngqo.

      Phendula u-BrodyDalle
  3.   jge kusho
    kwenza iminyaka 8

    Eii umuhle kakhulu umbhalo wakho, uwucubungula… Uyazi ukuthi ngingaziphika kanjani zonke izicelo zabasebenzisi bami kuwebhusayithi ethile?…. kodwa le webhusayithi inamaseva amaningi….

    Phendula uJge
    1.    brodydalle kusho
      kwenza iminyaka 8

      Ngincoma ezinye izinketho:
      1) Ungakha indawo engamanga kuma-dns akho ...
      2) Ungabeka ummeleli nge-acl
      isono embargo
      Okwe-iptables ungakuthanda lokhu ... akuyona inketho enhle ngaso sonke isikhathi (kunezindlela eziningi)
      iptables -A INPUT -s blog.desdelinux.ne -j DROP
      iptables -A OUTPUT -d blog.desdelinux.net -j DROP

      Ngitshele uma kusebenze

      Phendula u-BrodyDalle
  4.   Javier kusho
    kwenza iminyaka 8

    Siyabonga ngempendulo, konke kulungisiwe. Bengibuza ngetheku ngoba ngamangala ukusebenzisa i-7659, ngoba amachweba azimele aqala ku-49152, futhi angaphazamisa isevisi ethile noma okuthile.
    Futhi, ngiyabonga ngakho konke, lokho kuhle!

    Ukubingelela

    Phendula uJavier
  5.   sic kusho
    kwenza iminyaka 8

    BrodyDalle, ngingaxhumana kanjani nawe? Ujabulisa kakhulu umbhalo wakho.

    Phendula ku-sic
    1.    brodydalle kusho
      kwenza iminyaka 8

      soulofmarionet_1@hotmail.com

      Phendula u-BrodyDalle
  6.   Carlos kusho
    kwenza iminyaka 8

    Umugqa wangaphambi kokugcina "iptables -A OUTPUT -o $ extranet -s $ ip -j $ ACTION" ukuvikela umshini wakho ekuphambeni? Noma kungenzeka ukuthi iphakethe elithile elinobuthi lingena futhi lingahamba naloyo mthombo onobuthi futhi yingakho umthetho ufakiwe naku-OUTPUT?
    Ngiyabonga kakhulu ukucaciselwa !!!

    Phendula uCarlos
  7.   i-fran kusho
    kwenza iminyaka 4

    lo ngumbhalo wami we-iptables, uphelele kakhulu:

    # ama-franes.iptables.airoso
    # doc.iptables.airoso: ama-iptables wefa ne-nft
    #
    # amachweba we-firewall
    #######################
    #! / bin / bash
    #
    # sula isikrini
    #######################################
    Kucacile
    # shiya ulayini ungenalutho
    qalisa
    thekelisa yebo = »» cha = »kunqatshelwe»
    # okuguqukayo ongakushintsha ukuvumela ukufinyelela
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    ukuthekelisa hayexcepciones = »$ no»
    # kukhona okuhlukile: $ yebo ukuvumela ababungazi abahlukile futhi $ cha ukukhubaza
    ukuthekelisa ukuthekelisa = »$ no»
    # hayping: $ yebo ukuvumela ukukhishwa kwesithathu kanye no $ cha ukuphika
    ukuthekelisa haylogserver = »$ no»
    # haylogeosserver: $ yebo ukuze ukwazi ukungena ku-tcp $ cha ukuze ungakwazi ukungena ku-tcp
    ######
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    okuthekelisa okuthekelisa = »baldras.wesnoth.org»
    # okuhlukile kuvumela ukusingathwa okukodwa noma okuningi kusuka ku-firewall noma kungabizi inani
    export logserver = lahla, ipp, dict, ssh
    # tcp server port ezifakiwe lapho amaphakethe engena
    ukuthumela kabusha i-redserver = 0/0
    # redserver: inethiwekhi yamachweba eseva inethiwekhi yendawo ekhethiwe noma ama-ips amaningana
    ukuthekelisa iklayenti elibomvu = 0/0
    # clientnet: inethiwekhi yamachweba amaklayenti akhethwe yibo bonke
    export servidortcp = lahla, ipp, dict, 6771
    # servidortcp: amachweba eseva we-tcp acacisiwe
    thekelisa isevaudp = lahla
    #udpserver: amachweba we-udp server abekiwe
    export clientudp = domain, bootpc, bootps, ntp, 20000: 45000
    #udp iklayenti: amachweba amaklayenti we-udp acacisiwe
    ukuthekelisa iklayentitcp = isizinda, http, https, ipp, git, dict, 14999: 15002
    Iklayenti le- # tcp: amachweba amaklayenti we-tcp acacisiwe
    ############################ ukuphela kwe /etc/f-iptables/default.cfg |||||
    # # # # # # # # # # # # # # # # # # # # # # # # # # #
    ukuthekelisa i-firewall = okuguqukayo kwe- $ 1 = $ 2
    uma ["$ eziguquguqukayo" = "$ NULL"]; ke umthombo /etc/f-iptables/default.cfg;
    omunye umthombo / etc / f-iptables / $ 2; fi
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    ################################## # # # # # # # # # # # # # # #
    ukuthekelisa i-firewall = okuguquguqukayo kokuthekelisa okungu- $ 1 = $ 2
    # # XNUMX # # # # # # # # # # # # # # # #
    uma ["$ firewall" = "inqanyuliwe"]; bese unanela i-FIREWALL IDONCIWE;
    thekelisa i-activatesverver = »$ no» activateclient = »$ no» wet = »$ no»;
    elif ["$ firewall" = "client"]; bese unanela i-FIREWALL CLIENT;
    thekelisa i-activatesverver = »$ no» activateclient = »» wet = »$ no»;
    elif ["$ firewall" = "iseva"]; bese usho i-FIREWALL SERVER;
    thekelisa i-activateserver = »» activateclient = »$ no» wet = »$ no»;
    elif ["$ firewall" = "iklayenti neseva"]; bese unanela IKlayenti LOMLILO KANYE Neseva;
    thekelisa ukwenza kusebenze iseva = »»; thekelisa i-activateclient = »»; ukuthekelisa okumanzi = »$ no»;
    elif ["$ firewall" = "ukuvumela"]; bese unanela UMLILO OVUMELAYO;
    thekelisa i-activatesverver = »$ no» activateclient = »$ no» wet = »»;
    futhi
    $ hlola Sudo echo iptables-legacy:
    $ hlola ama-sudo iptables-legacy -v -L INPUT
    $ hlola ama-sudo iptables-legacy -v -L OUTPUT
    $ hlola ama-sudo echo iptables-nft:
    $ hlola ama-sudo iptables-nft -v -L INPUT
    $ hlola ama-sudo iptables-nft -v -L OUTPUT
    bhala _____amapharamitha____ $ 0 $ 1 $ 2
    i-echo "cast ngaphandle kwemingcele ukufaka uhlu lwama-iptables."
    phendula "Ipharamitha yokuqala (nika amandla ama-iptables): inqanyuliwe noma iklayenti noma iseva noma iklayenti neseva noma kuvunyelwe."
    phendula "Ipharamitha yesibili: (uma uthanda): ifayela le-default.cfg likhetha /etc/f-iptables/default.cfg"
    qonda "izilungiselelo eziguqukayo:" $ (ls / etc / f-iptables /)
    phuma 0; fi
    #################
    qalisa
    i-echo iphonsa i- $ 0 inqanyuliwe noma iklayenti noma iseva noma iklayenti neseva noma ukuvumela noma okuguqukayo noma ngaphandle kokusebenzisa ipharamitha ukuhlunga ama-iptables.
    echo Ifayela le- $ 0 liqukethe okuguquguqukayo okuhleleke ngaphakathi.
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    ##############################
    echo ukusetha okuguquguqukayo kwe-iptables
    echo okuguquguqukayo okwenziwe kwasebenza
    qalisa
    # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    i-echo Setting iptables-legacy
    Sudo / usr / sbin / iptables-legacy -t isihlungi -F
    Sudo / usr / sbin / iptables-legacy -t nat -F
    Sudo / usr / sbin / iptables-legacy -t mangle -F
    Sudo / usr / sbin / ip6tables-legacy -t isihlungi -F
    I-sudo / usr / sbin / ip6tables-legacy -t nat -F
    I-sudo / usr / sbin / ip6tables-legacy -t mangle -F
    I-sudo / usr / sbin / ip6tables-legacy -I-INPUT -j DROP
    I-sudo / usr / sbin / ip6tables-legacy -I-OUTPUT -j DROP
    sudo / usr / sbin / ip6tables-legacy -A PHAMBILI -j DROP
    i-sudo / usr / sbin / iptables-legacy -I-INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ haylogserver sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport –dports $ logserver -j LOG> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-legacy -I-INPUT -s $ ngaphandle -j ACCEPT> / dev / null
    $ activate server sudo / usr / sbin / iptables-legacy -A INPUT -p udp -m multiport –dports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activate server sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport –dports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -A INPUT -p udp -m multiport –sports $ clientudp -m state –state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -A INPUT -p tcp -m multiport –sports $ clienttcp -m state -state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping sudo / usr / sbin / iptables-legacy -I-INPUT -p icmp –icmp-type echo-reply -j ACCEPT> / dev / null
    i-sudo / usr / sbin / iptables-legacy -I-INPUT -j DROP> / dev / null
    i-sudo / usr / sbin / iptables-legacy -I-OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-legacy -I-OUTPUT -d $ ngaphandle -j ACCEPT> / dev / null
    $ activate sudo server / usr / sbin / iptables-legacy -A OUTPUT -p udp -m multiport –sports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activate server sudo / usr / sbin / iptables-legacy -A OUTPUT -p tcp -m multiport –sports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ nika amandla iklayenti sudo / usr / sbin / iptables-legacy -I-OUTPUT -p udp -m multiport –dports $ clientudp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-legacy -I-OUTPUT -p tcp -m multiport –dports $ clienttcp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping sudo / usr / sbin / iptables-legacy -I-OUTPUT -p icmp –icmp-type echo-request -j ACCEPT> / dev / null
    I-sudo / usr / sbin / iptables-legacy -I-OUTPUT -j DROP
    Sudo / usr / sbin / iptables-legacy -A PHAMBILI -j DROP
    i-echo iptables-legacy inikwe amandla
    qalisa
    echo Ukusetha iptables-nft
    sudo / usr / sbin / iptables-nft -t isihlungi -F
    sudo / usr / sbin / iptables-nft -t nat -F
    sudo / usr / sbin / iptables-nft -t mangle -F
    I-sudo / usr / sbin / ip6tables-nft -t isihlungi -F
    i-sudo / usr / sbin / ip6tables-nft -t nat -F
    sudo / usr / sbin / ip6tables-nft -t mangle -F
    I-sudo / usr / sbin / ip6tables-nft -A INPUT -j DROP
    I-sudo / usr / sbin / ip6tables-nft -A OKUKHIPHILE -j DROP
    sudo / usr / sbin / ip6tables-nft -A PHAMBILI -j DROP
    i-sudo / usr / sbin / iptables-nft -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ haylogserver sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport –dports $ logserver -j LOG> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-nft -A INPUT -s $ okuhlukile -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -A INPUT -p udp -m multiport –dports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport –dports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A INPUT -p udp -m multiport –sports $ clientudp -m state –state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A INPUT -p tcp -m multiport –sports $ clienttcp -m state –state established -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping sudo / usr / sbin / iptables-nft -A INPUT -p icmp –icmp-type echo-reply -j ACCEPT> / dev / null
    sudo / usr / sbin / iptables-nft -A INPUT -j DROP> / dev / null
    i-sudo / usr / sbin / iptables-nft -I-OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ hayeexceptions sudo / usr / sbin / iptables-nft -A OUTPUT -d $ okuhlukile -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -I-OUTPUT -p udp -m multiport -sports $ serverudp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ sebenzisa iseva sudo / usr / sbin / iptables-nft -A OUTPUT -p tcp -m multiport –sports $ serverrtcp -s $ redserver -d $ redserver -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A OUTPUT -p udp -m multiport –dports $ clientudp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ activateclient sudo / usr / sbin / iptables-nft -A OUTPUT -p tcp -m multiport –dports $ clienttcp -s $ clientnet -d $ clientnet -j ACCEPT> / dev / null
    $ hayping Sudo / usr / sbin / iptables-nft -A OUTPUT -p icmp –icmp-type echo-request -j ACCEPT> / dev / null
    sudo / usr / sbin / iptables-nft -A OKUKHIPHILE -j DROP
    sudo / usr / sbin / iptables-nft -A PHAMBILI -j DROP
    Ama-echo iptables-nft anikwe amandla
    qalisa
    $ wet sudo / usr / sbin / iptables-legacy -F> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -m state –state established -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-INPUT -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-OUTPUT -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-legacy -I-FORWARD -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -F> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -A INPUT -m state –state established -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -A INPUT -j DROP> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -I-OUTPUT -j ACCEPT> / dev / null
    $ wet sudo / usr / sbin / iptables-nft -A PHAMBILI -j DROP> / dev / null
    ########################
    echo uphonsa $ 0 $ 1 $ 2
    # uphuma kuskripthi
    phuma 0

    Phendula kufran
  8.   ULuis Duran kusho
    kwenza iminyaka 3

    Ngingawubeka kanjani umthetho uma le firewall iyisebenzisela isango lami futhi ine-squid ngaphakathi kwe-LAN ???

    Phendula uLuis Duran