Sanibonani nonke, nangu-ke nginiphathela isifundo esincane nesilula, ukwakha i- * firewall * kusetshenziswa uhlelo olulula olubizwa ngokuthi yi-** Firehol **.
Isizathu salokhu ukuhlinzeka ngamakhompyutha ethu ngokuphepha okuncane ekuxhumaneni kwethu ne-Intanethi, okungalokothi kube buhlungu.
Yini iFirehol?
Kepha okokuqala yini iFirehol:
> I-Firehol, uhlelo lokusebenza oluncane olusisiza ukuphatha i-firewall efakwe ku-kernel nethuluzi layo le-iptables. IFirehol ayinaso isikhombimsebenzisi sokuqhafaza, konke ukumiswa kufanele kwenziwe ngamafayela wombhalo, kepha ngaphandle kwalokhu, ukumiswa kusese lula kubasebenzisi be-novice, noma kunamandla kulabo abafuna izinketho ezithuthukile. Konke okwenziwa yiFirehol ukwenza kube lula ukwenziwa kwemithetho ye-iptables ngangokunokwenzeka futhi kunike amandla i-firewall enhle yohlelo lwethu.
Ngaleso singeniso kulokho iFirehol eyenzayo nikwenzayo, ake singene ekutheni singayifaka kanjani kumasistimu ethu. Masivule ukuphela bese uthayipha:
Ukufaka i-Firehol ku-Debian nakokuphuma kokunye
Sivula ukuphela bese sibeka:
`sudo apt-get ukufaka umlilo '
Ungayisetha kanjani iFirehol
Lapho usufakiwe umlilo, siqhubeka nokuvula ifayili lokumisa i-firehol, elitholakala * / njll / firehol / firehol.conf *, kulokhu singasebenzisa umhleli wombhalo owukhethile (i-gedit, medit, i-leafpad)
`Sudo nano / etc / firehol / firehol.conf`
Uma sesikhona, singaqhubeka nokubeka okuqukethwe okulandelayo:
# $ Id: client-all.conf, v 1.2 2002/12/31 15:44:34 ktsaou Exp $ # # Leli fayela lokumisa lizovumela zonke izicelo ezivela kumshini wasendaweni ongu- # ukuthi zithunyelwe kuzo zonke izixhumi zenethiwekhi. # # Azikho izicelo ezivunyelwe ukuthi zivele kunethiwekhi. Umbungazi uzokhishwa # ngokuphelele! Ngeke iphendule noma yini, futhi # ngeke ikhathazeke, noma izokwazi ukusungula noma yini # (ngisho nezingqinamba kwabanye abaphathi). # version 5 # Yamukela wonke umgwaqo ongenayo kusuka kusixhumi esibonakalayo kunoma iyiphi inqubomgomo yomhlaba # Access, DROP, okungukuthi, yenqaba yonke inqubomgomo yamaphakethe angenayo # Zonke izinqubomgomo zokuvikela ezisebenzayo, zisiza ukugwema ukuhlaselwa okufana neSYN Flood, Arp Poison, phakathi kokunye ukuvikelwa zonke izinqubomgomo ze- # Server, Services ezizosebenza (Web, Mail, MSN, Irc, Jabber, P2P) # Kuphela kumaseva, uma ufuna ukuguqula noma ukudala izinsiza ezintsha, amachweba ahambisanayo kanye nezivumelwano # funda ibhukwana le-firehol. #seva "http https" yamukela #seva "imap imaps" yamukela #seva "pop3 pop3s" yamukela #server "smtp smtps" yamukela #seva irc yamukela #server jabber yamukela #seva msn yamukela #seva p2p yamukela # izinqubomgomo zeKlayenti, konke okuphumayo ithrafikhi yamukelwa iklayenti konke kwamukela
Le khodi elula ingaphezu kokwanele ukuvikelwa okuyisisekelo kwamakhompyutha ethu, ngakho-ke siyayigcina bese siphuma kusihleli sombhalo.
Manje kufanele senze i-firehol iqale ngokuzenzakalela ebhuthini ngalinye, futhi kulokhu sizoya kufayela * / etc / default / firehol *, lapho sizoshintsha khona umugqa nekhodi elandelayo:
`START_FIREHOL = yebo`
Sigcina ushintsho kufayela, futhi manje senza:
`Sudo / sbin / firehol qala`
Ilungile !!! Ngalokhu, i-firehol isiqalile futhi yakha imithetho edingekayo ye-firewall, futhi ukubona ukuthi kunje, vele ugijime:
`ama-sudo iptables -L`
Nge-paranoid, ungaya ekhasini le-ShieldUP! bese uvivinya i-firewall yakho entsha, nakanjani uzophasa isivivinyo.
Ngiyethemba kuyasiza.
Isifundo esihle kakhulu, esilula futhi esiphumelelayo, umbuzo owodwa, ngingabona kuphi ukuthi ngubani ozame ukufinyelela noma ukufaka isicelo kwikhompyutha yami, kufakwe i-firehol
https://blog.desdelinux.net/firehol-iptables-for-human-beings-arch/
Okwe-Arch 🙂
Uxolo, kepha lokho kubi kunokuhlela ama-iptables.
Ngiyayiqonda inhloso enhle kepha ingudoti.
Ukubingelela okuvela ku-paranoid.
Ngaphandle kokuthi ungumqambi we-iptables, engingakujabulela. Indawo encane yokuqhafaza ngeke ibe yimbi. Yize igcwele njenge-python.
Ngiyabonga, uxolo futhi okuhle.
ASIFUNI IZINSIZWA, Ugaxekile NOMA UBISI OLUBI KULE Bhulogi !!!!
ANGIPHINDE!!!
Ngabe bebengahluzi amazwana?
@sinnerman ukuzola, empeleni ukuphawula kuka @ zetaka01 akungicasulanga, futhi angicabangi ukuthi kucasula nombhali wokuqala wokuthunyelwe. Unelungelo lokuveza umbono wakho, noma ngabe awuhlanganyeli nawo. Uma kucasula nganoma iyiphi indlela, ukuphawula kwakho kuzoya ku- / dev / null. 😉
Angikutholi ukuphawula ubisi olubi. KuRedHat ngibonile ukuthi lezi zinhlaka zikhona. Akunzima kangako ukufunda ama-iptables, ukufunda le bhulogi kancane uzothola izikripthi.
Kubi kunokuhlela ama-iptables? Hhayi-ke uma yilokho okucabangayo, ngiyakuhlonipha. Kepha ngicabanga ukuthi ngokungangabazeki kungcono ukubhala:
iseva "http https" yamukela
futhi unamachweba 80 no-443 avulekile ukuze ukwazi ukusebenzisa i-apache noma enye iseva yewebhu, kufanele ubhale:
iptables -A INPUT -i eth0 -p tcp –dport 80 -m state –state NEW, ISUNGULWE -j YAMUKELA
iptables -A INPUT -i eth0 -p tcp –dport 443 -m state –state NEW, ISUNGULWE -j YAMUKELA
Futhi noma ngabe ushintshiwe amachweba, kulula ukwenza ukucushwa eFirehol ukwenza lezo zinguquko.
Ah kepha ngama-iptables unokuguquguquka okuningi. Uma okufunayo kuyinto ethile yeklayenti, ungasebenzisa into efana ne-firestarter.
@Hugo nge-firehol awulahlekelwa noma yiziphi izinketho ze-iptables, ngoba okwamanje inikeza ukuxhaswa okugcwele kuzo zonke izinketho ze-iptables, kufaka phakathi i-IPv6.
Ngokuphathelene nokuguquguquka, iFirehol iphelele kakhulu kule ndawo, ivumela i-NAT, i-DNAT, incazelo yemithetho ecacile yesixhumi esibonakalayo ngasinye ohlelweni, ukuhlunga okuqondile kwamachweba ngamakheli we-IP ne-MAC, ikuvumela ukuthi wenze i-QOS, usungule i-DMZ, i-cache esobala, sula ukuhlukaniswa kwethrafikhi, futhi uphathe ithrafikhi ephelele yokuxhuma okuhlukile onakho.
Kafushane nje; IFirehol inamandla, futhi ngokuqinisekile ayinaso isikhombimsebenzisi, kepha ihlose kakhulu umkhakha wesiphakeli lapho ama-X angadingeki noma abasebenzisi abaphambili abangafuni ukuphatha i-firewall yokuqhafaza.
Kulabo abasebenzisa uDebian Jessie, isistimu ethandekayo / ezondwayo ithatha indawo ngokuqala iskripthi se-firehol kahle (kwesinye isikhathi kuthatha amasekhondi angama-30 ngokuqala i-firewall), ngakho-ke ngincoma ukuthi kungasebenzi i-daemon nge-systemctl khubaza i-firehol, bese ufaka ama-iptables -iphakethe eliphikisayo, bese ugcine ukucushwa kwe-firewall usebenzisa le ndlela.
Okuthunyelwe okuhle kakhulu ... Elav, umhlahlandlela uvumelekile kokutholakala ku-Ubuntu? Okuthunyelwe kwe-FIREWALL (PF) kohlelo lweFreeBSD nakho okungumbhalo kungaba kuhle.
IFirehol isebenza kumaDebian nakwizisuselwa ngokuphelele.