Akukhona okokuqala sikhuluma ngakho iptables, sesivele sishilo ngaphambili ukuthi ungayenza kanjani imithetho ye ama-iptables aqala ukusebenza ngokuzenzakalela lapho uqala ikhompyutha, sichaza nokuthi yini basic / medium over iptables, nezinye izinto eziningana 🙂
Inkinga noma ukucasula labo bethu abathanda ama-iptables abahlale bekuthola ukuthi, izingodo ze-iptables (okungukuthi, imininingwane yamaphakethe anqatshiwe) zikhonjiswa ku-dmesg, kern.log noma amafayela we-syslog we / var / log /, noma Ngamanye amagama, hhayi imininingwane ye-iptables kuphela eboniswa kulawa mafayela, kepha futhi nolunye ulwazi oluningi, okwenza kube yisidina ukubona kuphela imininingwane ephathelene nama-iptables.
Esikhathini esedlule sikhombise ukuthi kanjani thola izingodo kusuka kuma-iptables ziye kwelinye ifayelaKodwa-ke ... kufanele ngivume ukuthi mina uqobo ngithola le nqubo iyinkimbinkimbi ^ - ^
Ngakho, / Ungazithola kanjani izingodo ze-iptables kwifayela elihlukile futhi uzigcine zilula ngangokunokwenzeka?
Isixazululo sithi: Ulogd
Ulogd yiphakheji esiyifakile (en Debian noma okuphuma kukho - »sudo apt-get ukufaka ulogd) futhi kuzosisiza ngokunembile kulokhu engisanda kukutshela kona.
Ukuyifaka uyazi, bheka iphakheji Ulogd ema-repos abo bese beyifaka, kuzokwengezwa i-daemon kubo (/etc/init.d/ulogd) ekuqaleni kohlelo, uma usebenzisa noma iyiphi i-KISS distro efana I-ArchLinux kufanele ingeze Ulogd esigabeni samademoni aqala ngohlelo ku /etc/rc.conf
Lapho sebeyifakile, kufanele bangeze umugqa olandelayo kumibhalo yabo yemithetho ye-iptables:
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ULOG
Ngemuva kwalokho sebenzisa imibhalo yakho ye-iptables futhi futhi voila, konke kuzobe kusebenza 😉
Bheka izingodo ezisefayilini: /var/log/ulog/syslogemu.log
Kuleli fayela engilishoyo lapho i-default ulogd ithola khona izingodo zepakethe ezinqatshiwe, kepha uma ufuna ukuthi ikwelinye ifayela hhayi kulokhu ungaguqula umugqa # 53 ku /etc/ulogd.conf, bavele bashintshe indlela yefayela ekhombisa lowo layini bese beqala kabusha i-daemon:
sudo /etc/init.d/ulogd restart
Uma ubhekisisa lelo fayela uzobona ukuthi kunezinketho zokulondoloza izingodo ku-MySQL, SQLite noma Postgre database, empeleni amafayela wokumiswa kwesibonelo aku / usr / share / doc / ulogd /
Kulungile, sesivele sinazo izingodo ze-iptables kwelinye ifayela, manje sizikhombisa kanjani?
Kulokhu kulula cat kuzokwanela:
cat /var/log/ulog/syslogemu.log
Khumbula, kuzongenwa kuphela amaphakethe anqatshiwe, uma une-web server (port 80) futhi unama-iptables amisiwe ukuze wonke umuntu akwazi ukufinyelela kule nsizakalo yewebhu, izingodo ezihlobene nalokhu ngeke zigcinwe kuzingodo, ngaphandle kwalokho, uma babe nensizakalo ye-SSH futhi ngokusebenzisa ama-iptable balungiselela ukufinyelela ku-port 22 ukuze ivumele i-IP ethile, uma kwenzeka noma iyiphi i-IP ngaphandle kwalowo okhethiwe izama ukufinyelela ku-22 lokhu kuzogcinwa ku-log.
Ngikukhombisa lapha umugqa wesibonelo kusuka kwilogi yami:
Mar 4 22:29:02 exia IN = wlan0 OUT = MAC = 00: 19: d2: 78: eb: 47: 00: 1d: 60: 7b: b7: f6: 08: 00 SRC = 10.10.0.1 DST = 10.10.0.51 .60 LEN = 00 TOS = 0 PREC = 00x64 TTL = 12881 ID = 37844 DF PROTO = TCP SPT = 22 DPT = 895081023 SEQ = 0 ACK = 14600 WINDOW = 0 SYN URGP = XNUMX
Njengoba ukwazi ukubona, usuku nesikhathi sokuzama ukufinyelela, isikhombimsebenzisi (i-Wi-Fi kimi), ikheli le-MAC, umthombo we-IP wokufinyelela kanye ne-IP okuyiwa kuyo (eyami), kanye neminye imininingwane ehlukahlukene phakathi kwayo (TCP) kanye nechweba okuyiwa kulo (22) liyatholakala. Ukufingqa, ngo-10: 29 ngoMashi 4, i-IP 10.10.0.1 izame ukufinyelela ku-port 22 (SSH) ye-laptop yami lapho (okungukuthi, i-laptop yami) ine-IP 10.10.0.51, konke lokhu nge-Wifi (wlan0)
Njengoba ukwazi ukubona ... imininingwane ewusizo impela
Noma kunjalo, angicabangi ukuthi kuningi ongakusho. Angisona isazi kude kakhulu kuma-iptables noma i-ulogd, kepha uma kukhona onenkinga ngalokhu ngazise futhi ngizozama ukumsiza
Sanibonani
https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/
Ngiyakhumbula ukuthi ngaleyo ndatshana ngaqala ukubalandela .. hehe ..
Ngiyabonga, ukuhlonipha ongenzela khona 😀
i-ulogd yenzelwe ama-iptables kuphela noma ijwayelekile? ivumela ukusetha iziteshi? ukugawulwa kwenethiwekhi?
Kholwa ukuthi kungokwama-iptables kuphela, noma kunjalo, yinike i-'man ulogd 'ukuze ususe ukungabaza.
Uqinisile: "ulogd - I-Daemon yokuNgena kweNdawo yokuSebenzisa yeNetfilter"
+1, khuluma kahle!
Ngiyabonga, ukuqhamuka kuwe ongeyena walabo abancoma kakhulu kusho lukhulu 🙂
Lokho akusho ukuthi ngazi kakhulu ukwedlula noma ngubani kodwa ngiyi-grumpy xD
Ngiyabonga futhi ngalokhu okuthunyelwe, kubhekiswa kwenye indatshana emayelana nobunzima kwi-blogosphere ye-Hispanic linux, lokhu okuthunyelwe kwakho -ukukhuluma ngokuthunyelwe kobuchwepheshe- luhlobo nje lokuthunyelwe okudingekayo ngolimi lweSpanishi / isiCastilian.
Izikhala zobuchwepheshe ezisezingeni elinjengalezi, ezivela kuma-sysadmins, zamukelekile njalo futhi ziqonde ngqo kuzintandokazi 8)
Yebo, iqiniso ukuthi izindatshana zobuchwepheshe yilokho okudingekayo ... angikhathali ukusho, empeleni bengivele ngikhulume ngakho lapha - » https://blog.desdelinux.net/que-aporta-realmente-desdelinux-a-la-comunidad-global/
Noma kunjalo, ngiyabonga futhi ... ngizozama ukuhlala nginjalo ngokuthunyelwe kwezobuchwepheshe 😀
Phendula ngokucaphuna