Ungaqala kanjani imithetho ye-iptables ngokuzenzakalela

Ake sithi sinemithetho yethu ye- iptables besivele ngicabanga, kepha noma ngabe siyibhala kahle kangakanani esigungwini, noma nini lapho siqala kabusha ikhompyutha kuba sengathi besingakaze siyimemezele leyo mithetho ... okungukuthi, njalo lapho siqala kabusha ikhompyutha, imithetho noma izinguquko esinazo yakhiwe iptables balahlekile.

Ukugwema lokho, kunezixazululo eziningana ... Ngizokhuluma nawe lapha ngendlela engiqinisekisa ngayo ukuthi lokhu akwenzeki 🙂

Ukwazi ukuthi yimiphi imithetho okufanele siyisebenzise, ​​siyifaka kufayela (/ njll / iptables-script ngokwesibonelo) futhi siyinika izimvume zokwenza (chmod + x /etc/iptables-script.sh), Uma lokho sekwenziwe, kusele isinyathelo esisodwa kuphela esisele 😉

Ngizosebenzisa njengesibonelo imithetho ye- iptables ngisebenzisa ini ku ilaptop yami, Ngibashiya ku Namathisela yethu: Namathisela inombolo 4411

1. Nginayo leyo mithetho futhi ngiyifaka kufayela elibizwa: iptables-script , engena / njll /

2. Ngemuva kwalokho ngiyinika ukukhipha izimvume: chmod + x / etc / iptables-script

3. Futhi manje isinyathelo sokugcina, kufanele sitshele uhlelo ukuthi luqalise lo mbhalo lapho uqala, ngalokho sikubeka kufayela /etc/rc.local. Ungabona i-rc.local yami lapha: Namathisela inombolo 4412

Ukulungele, akukho okunye, lapho uqala i-PC yakho imithetho izosebenza (yebo bonke bahle ngo-100%) 😀

Futhi ungakhathazeki… isifundo esiningiliziwe sizofika (ngithemba ukuthi sizoqeda kungekudala) mayelana iptables, egxile kuma-newbies, ichazwe imnandi futhi ilula 🙂

Phendula ngokucaphuna


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-16, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   izitoc kusho

    Ngiyabonga kakhulu ngolwazi. Ama-IPtables yindaba elindile engihlala ngiyelulela kwesinye isikhathi. Ilinde okokufundisa! Ikakhulu ngifisa ukukwazi ukuxhuma kusuka noma yikuphi ukuya kwikhompyutha yami yasekhaya nge-ssh, kepha kuyinkimbinkimbi kimi ngoba ekhaya ngine-router ne-IP i-ISP yami enginikeza yona izinguquko kaningi. Ngokusebenzisa i-ip-ip.org ngikwazile ukudala umsingathi, inkinga ukuthi kimi kubonakala sengathi ngivale amachweba (avela kuRouter futhi angazi noma ngabe kungama-IPTables yini). Noma kunjalo, njengoba ngishilo ngaphambili, ngilinde umfundisi!

    1.    KZKG ^ Gaara kusho

      Sawubona futhi wamukelekile 😀
      Mayelana ne-router angazi, kepha kungaba yi-yep… ingahle ivinjwe lapho. Manje, kukhompyutha yakho, uma ungasebenzisi noma iyiphi i-firewall, kunganele ukufaka i-SSH bese uyiqala bese u-voila, i-port 22 evulekile yokucela iphasiwedi 🙂

      Ngisebenza kwesinye isifundo, ngisichaza ngokweqile futhi ngokumane haha.
      Ukubingelela nokubonga ngokuphawula kwakho 😀

  2.   isondo kusho

    Enye lapha elinde izinto ezintsha mayelana nama-iptables

    1.    KZKG ^ Gaara kusho

      Isendleleni 😀
      Siyabonga ngokuma ubeke amazwana ^ - ^

  3.   i-faustod kusho

    Yebo, la ma-iptable angenye yezinto ezithakazelisa kakhulu engingazi namanje kodwa okuncane engikubonile kusikisela ukuthi eminyakeni edlule bekufanele nginqume ukusebenzisa iGnu / Linux. Ngiyayithanda….

  4.   oscar kusho

    Kuhle mngani, ngihlale ngilinde ukusebenzisa ama-tutorials amahle owashicilelayo. Ama-Iptable azokulinda.

  5.   i-faustod kusho

    Mfowethu,

    Kepha ngabe lo mshini usebenza njengommeleli noma ngabe ukuxhuma kwi-inthanethi kuphela nokuvikelwa? Kunezinto engingaziqondi.

    1.    KZKG ^ Gaara kusho

      Hhayi lutho mayelana nommeleli, nge-proxy uzodinga futhi ukuvula itheku lolo sevisi (ngokwesibonelo i-3128). Ungakhathazeki, ngizobeka okokufundisa okuchaza ama-iptables

  6.   Hugo kusho

    Ku-Debian, enye indlela yokwenza imithetho ilayishwe ngokuzenzakalela ukufaka amaphakethe we-iptables-phikelela (kubonakala kungaziwa kangako)

    Ngiqale ukusebenzisa lokhu okwahlukile, kepha ekugcineni ngakhetha ukubeka iskripthi ku- /etc/network/if-pre-up.d/ ukuze ngikwazi ukwenza ezinye izinto ezithuthuke kakhulu njengokusetha izinqubomgomo ezibekelwe imingcele ezifana nokubuyela emuva uma kwenzeka kukhona i-bug imithetho esemqoka.

  7.   Claudio kusho

    Ungachaza ukuthi usungula ini ku-Namathisela uNombolo 4411? Ngiyifundile kodwa angazi ikhuluma ngani heh!

    (Uma kwenzeka usuvele uthumele esinye isifundo xoxa lo mbuzo kepha ngiseshele ama-iptables ngathola okokufundisa okumbalwa)
    Ngakolunye uhlangothi, lokho abakushoyo ngamaphakethe we-iptables-phikelela kusebenza esikhundleni salokho okushoyo?

    Okwamanje sengivele ngisebenzisa imininingwane yakho https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/

    1.    KZKG ^ Gaara kusho

      Sawubona 😀
      Yebo, empeleni akunzima kangako.

      - Okokuqala ngisetha okuguqukayo, ukonga ukubhala ezinye izinhlamvu ezingeziwe, lokhu kusuka emigqeni 4 kuye ku-18.
      - Ngemuva kuka-23 kuye ku-25 ngihlanza konke engikubhalile ngama-iptables, okungenalutho noma okuhlanzekile okungu-100% bese ngibhala imithetho.
      - Ngo-29 no-30 ngithola ukuthi ngokuzenzakalela ANGEKE ngivumele noma yimuphi umgwaqo ongenayo (okokufaka) kukhompyutha yami ephathekayo, nanoma yimuphi umgwaqo odlula kuyo (phambili)
      - Ku-34 ngithi lo (lo = localhost, okuyi-laptop uqobo) angasebenzisa inethiwekhi.
      - Ku-38 ngicacisa ukuthi ukuxhumana engikuqalayo, uma lokho kuxhumana kukhiqiza amaphakethe azozama ukufaka ikhompyutha, njengoba ngangiyisiqalo sawo lawo maphakethe (njengoba akhiqizwa yinto engiyenzile) azokwazi ukufaka .
      - Manje kusuka ku-42 ngiqala ukuvumela ukuxhumana kwezinhlobo ezahlukahlukene noma ngamachweba ahlukahlukene. Okungukuthi, kuNombolo 42 ngivumela i-ping engenayo, kusuka kunethiwekhi yami yasekhaya (i-casa_network eguquguqukayo) eya kwi-IP i-laptop yami enayo ekhaya (variable geass_casa_lan).
      - Ku-43 efanayo, kepha kulokhu ngicacisa ukuthi yi-IP yelaptop yami ekhaya, yebo, kepha esikhundleni se-LAN kuzoba ngeWifi.
      - Futhi kusukela lapho kuluhlobo olufanayo lwemithetho ...

      Ngincoma ukuthi ufunde lokhu: https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/

      Uma ngemuva kwalokhu usangabaza ngemithetho ethile, ngicela ungibuze lapha noma ngeforamu (http://foro.desdelinux.net) futhi ngicacisa kahle ukuthi kudingani 🙂

      Mayelana ne-iptables-eqhubekayo, angizange ngiyisebenzise ngempela, angikwazi ukukuqinisekisa ... kwenzeka ukuthi ukuhlunga amaphakethe, ikakhulukazi ama-iptables kuyindaba ebucayi kakhulu, ngoba ingxenye enkulu yezokuphepha kohlelo lwethu incike kulokhu, futhi lesi sizathu, uma ngiqinisekile ngento ethile, lapho-ke angiqinisekisi ukusebenza kwayo okulungile.

      Sanibonani

      1.    i-claudio kusho

        Siyabonga ngempendulo. Yebo ngifunde isixhumanisi onginika sona! Eqinisweni, ngize ngivale ukuvala / ukuqala kabusha ziyasetshenziswa ama-sudo iptables -I-INPUT -i lo -j YAMUKELA
        ama-sudo iptables -I-INPUT -m state –state ESTABLISHED, RELATED -j ACCEPT (kanye neyangaphambilini eshiwo kulokho okuthunyelwe)
        .
        Ngemuva kokufundwa okumbalwa mayelana nezicishamlilo nokuthi ngiphoqeleka kanjani ukuxhumana nokuthola amafayela avela kuma-PC ane-M $, kubonakale kulungile ukusebenzisa ama-iptables.
        Uma ngikopisha okuqukethwe ku-Namathisela uNombolo 4411 encwadini yami yokubhalela, ngabe kuzodingeka ngiguqule okuthile noma kuzosebenza nje?

        1.    KZKG ^ Gaara kusho

          Yonke ikhompyutha yehlukile, ngoba wonke umsebenzisi uyi-. Okokuqala kufanele uchaze ukuthi yiziphi izinsizakalo onazo kukhompyutha yakho (iwebhu, njll.) Futhi wazi ukuthi iziphi ofuna ukuba sesidlangalaleni (ezingafinyelelwa abanye), nokuthi iziphi ezingekho.

          Embhalweni wami (okufanele ngiwushintshe manje hehe) ngichaza ukuthi iseva yewebhu (i-HTTP) izobonakala kuma-IP athile, i-ping izovumela wonke umuntu kumanethiwekhi athile, njll njll njll.

          Uma udinga usizo ungibhalele i-imeyili yami yangasese, ngizokujabulela ukukusiza: kzkggaara [@] desdelinux [.] Net

          Noma, shiya okuthunyelwe esithangamini sethu futhi abasebenzisi abaningi bazokusiza: http://foro.desdelinux.net

          1.    Claudio kusho

            Ngihlanganisa isihloko esithangamini, ngiyabonga ngezimpendulo. Futhi ulungele ukungabaza okumbalwa heh! Noma kunjalo ngifunda okuncane ngale ndaba ukuze ngingasebenzisi kabi

  8.   Adriana delmonte kusho

    ukuhlola ... ukubona ukuthi uyangamukela yini, nginemibuzo eminingi okufanele ngikubuze yona ...!

  9.   sibongile kusho

    Sawubona bhuti bengifuna ukubona ukuthi ngabe kukhona okunye okokufundisa ngaphandle kwalokhu okuthunyelwe engikuqala ngama-iptables futhi ngifuna ukuzibhalela