iptables, ukulinganisa ecaleni langempela

Umgomo walesi sifundo lawula inethiwekhi yethu, Ukugwema ukucasula kwesinye "isivakashi esingathandeki" esivela ngaphakathi esifuna ukusibona siphansi (isisho saseCuba esisho ukuhlupha, ukubhebhana, njll.), igciwane le- "packer", ukuhlaselwa kwangaphandle noma ukumane nje kube injabulo yokwazi ukuthi singalala ngokuthula.

Note: Khumbula izinqubomgomo ze-iptables, YAMUKELA yonke into noma YENZA YONKE into, zingaba wusizo, kwezinye izimo hhayi kwezinye, lokho kuncike kithi, ukuthi konke okwenzeka kunethiwekhi, ibhizinisi lethu, futhi okwethu kuphela, yebo, okwakho, mine, kusuka kulowo ofunde okokufundisa, kepha engazi ukuthi angakusebenzisa kanjani, noma kulowo owufundile futhi wakusebenzisa kahle.

Ride wena hlala !!!

Into yokuqala ukwazi ukuthi isevisi ngayinye ihlala kuphi kwikhompyutha ene-GNU / Linux efakiwe, ngalokho, akudingeki ubuze noma ngubani, noma ubambe iqhaza ekuseshweni kweGoogle noma ngokubonisana nesazi ngale ndaba, funda nje ifayela . Ifayela elincane? Yebo, ifayela elincane.

/ njll / amasevisi

Kepha uqukethe ini / njll / amasevisi?

Kulula kakhulu, incazelo yakho konke izinsizakalo namachweba ekhona yalezi zinsizakalo kungaba nge-TCP noma i-UDP, ngendlela ehlelekile nekhuphukayo. Izinsizakalo namachweba amenyezelwe yi IANA (I-Inthanethi inikezwe Amanani Amandla).

Ukudlala ngama-iptables

Njengezinyathelo zokuqala, sizoba ne-PC, ezoba ngumshini wokuhlola, ikubize ngokufunayo, uLucy, uKarla noma uNawomi, ngizoyibiza Bessie.

Isimo:

Yebo, uBessie ngumshini wephrojekthi ozoba nefayela le- I-VSFTPd ukukhwezwa, I-OpenSSH egijima, kanye no I-Apache2 lokho kwafakwa kanye ukuze kubekwe uphawu lokulinganisa (ukuhlolwa kokusebenza), kepha manje isetshenziswa kuphela ngokuhlangana ne- phpMyAdmin ukuphatha imininingwane yolwazi ye MySQL ezisetshenziswa ngaphakathi ngezikhathi ezithile.

Amanothi okufanele awathathe:

I-Ftp, i-ssh, i-apache2 ne-mysql, yizinsizakalo ezithola izicelo kule PC, ngakho-ke kufanele sicabangele amachweba abawasebenzisayo.

Uma ngingenaphutha futhi / njll / amasevisi I-xD ayikhulumi amanga, i-ftp isebenzisa i-port 20 ne-21, i-ssh ngokuzenzakalela i-22 noma enye, uma ichaziwe ekucushweni (kokunye okuthunyelwe ngizokhuluma ngokuthi ungamisa kanjani ssh okungaphezu kokujwayelekile okwaziwayo), I-Apache 80 noma i-443 uma ikwi-SSL, ne-MySQL 3306.

Manje sidinga enye imininingwane, amakheli e-IP ama-PC azosebenzisana noBessie, ukuze abacimi bomlilo bethu, phakathi kwabo, banganyatheli amapayipi (kusho ukuthi akukho kungqubuzana haha).

UPepe, unjiniyela ku-PHP + MySQL, uzokwazi ukufinyelela kuphela emachwebeni 20-21, 80, 443 kanye no-3306, uFrank ukuthi into yakhe ukuvuselela ikhasi lewebhu lephrojekthi elizothunyelwa kungakapheli nenyanga, uzokwazi ukufinyelela kuphela ukufaka i-port 80/443 no-3306 uma kwenzeka udinga ukulungisa ku-DB, futhi ngizoba nokufinyelela kuzo zonke izinsizakusebenza kuseva (futhi ngifuna ukuvikela ukungena ngemvume nge-ssh yi-IP ne-MAC). I-ping kufanele isebenze uma kungenzeka sifune ukungcolisa umshini ngesikhathi esithile. Inethiwekhi yethu ikilasi C lohlobo 10.8.0.0/16.

Sizoqala ifayela lombhalo elicacile elibizwa nge- i-firewall.sh lapho kuzoqukatha khona okulandelayo:

Namathisela inombolo 4446 (ama-iptables weskripthi)

Futhi-ke, ngale migqa, uvumela ukufinyelela kumalungu e-DevTeam, uyazivikela, futhi uvikela ne-PC, ngicabanga ukuthi kuchazwe kangcono, hhayi ngisho nasemaphusheni. Kuhlala kuphela ukuyinika izimvume zokwenza, futhi konke kuzobe sekulungele ukuhamba.

Kunamathuluzi okuthi, ngokusebenzisa i-GUI enhle, avumele abasebenzisi be-novice ukulungisa i-firewall yama-PC abo, njenge- "BadTuxWall", edinga iJava. Futhi i-FwBuilder, i-QT, esivele ixoxiwe lapha noma i- "Firewall-Jay", ene-interface kuma-ncurses. Ngokombono wami, ngiyathanda ukukwenza ngombhalo ocacile, ngakho-ke ngiyaziphoqa ukuthi ngifunde.

Yilokho-ke, ngizokubona maduzane ukuze uqhubeke nokuchaza, ukuqhuma kwe-counter-fluff, kokunye ukumiswa, inqubo noma insiza.