Ungayiqala kanjani imithetho ye-iptables ku-systemd (i-ArchLinux)

Abanye bangithatha njengomuntu ophikisayo uma kukhulunywa ngezokuphepha, yingakho ukusetshenziswa kwe-firewall kubalulekile kimi. Kwikhompyutha yami ephathekayo nginemininingwane ebucayi, ebaluleke kakhulu kimi; futhi ngoba i-firewall ingeye-PC enjengekhiya noma ephephile okwethu, sikhumbula nokuthi kukhompyutha sigcina amaphasiwedi okufinyelela i-imeyili, idatha ye-akhawunti yasebhange (noma ngubani onayo), imininingwane yeseva, nolunye ulwazi olubonakalayo olunomthelela ngqo empilweni yethu yomzimba ... kahle, ngaphandle kokungabaza ukuhamba ngokusebenzisa inethiwekhi ngaphandle kwe-firewall elungiselelwe, ngaphandle kokuphepha okufanele kukhompyutha yethu akuyona into enconywayo.

Esikhathini esithile esedlule ngikukhombisile ukuthi ungaqala kanjani imithetho ye-iptables ngokuzenzakalela kuma-distros afana ne-Debian, Ubuntu noma ezinye eziqukethe ifayela /etc/rc.local, noma kunjalo ku-ArchLinux njengoba isebenzisa i-systemd leli fayela alikho.

Ngakho-ke, indlela engithole ngayo ukuthi ama-iptables ami amisiwe njengoba ngifisa ukudala iskripthi se-bash esimisa ama-iptables, bese ngiguqula ifayili le / /usr/lib/systemd/system/iptables.service ... kodwa, asihambe ngezingxenye 🙂

1. Kufanele dala iskripthi se-bash equkethe imithetho yethu ye-iptables, into enjengale: Isibonelo seBash + iptables script

2. Ngemuva kokwenza iskripthi, sibhala imithetho yethu kuso futhi siyinikeze izimvume zokwenza, siqhubeka nokuhlela insiza ye-systemd iptables:

Umyalo olandelayo kufanele wenziwe ngezimvume zokuphatha, kungaba usebenzisa iSudo njengami noma ngqo nomsebenzisi wezimpande

sudo nano /usr/lib/systemd/system/iptables.service

Sizohlangabezana nokuthile okufana nalokhu:

[Unit] Incazelo = Uhlaka Lokuhlunga Iphakethe [Isevisi] Uhlobo = oneshot ExecStart = / usr / bin / iptables-restore /etc/iptables/iptables.rules ExecReload = / usr / bin / iptables-restore /etc/iptables/iptables.rules I-ExecStop = / usr / lib / systemd / imibhalo / iptables-flush RemainAfterExit = yebo [Faka] i-WantedBy = multi-user.target

3. Ukuthatha ukuthi iskripthi esasidala ngaphambilini sise- /home/myuser/script-iptables.sh bese sizoshiya ifayili le-iptables.service esilivule ngale ndlela elandelayo:

[Iyunithi] Incazelo = Uhlaka Lokuhlunga Iphakethe [Isevisi] Uhlobo = oneshot ExecStart = / ikhaya / myuser / script-iptables.sh ExecReload = / home / myuser / script-iptables.sh ExecStop = / usr / lib / systemd / scripts / iptables -Fluhl RemainAfterExit = yebo [Faka] i-WantedBy = multi-user.target

4. Ngemuva kwalokho sidinga ukuqiniseka ukuthi ama-iptables aqala ngokuzenzakalela:

sudo systemctl enable iptables

5. Siyayiqala:

sudo systemctl start iptables

6. Futhi singabheka imithetho:

sudo iptables -nL

Le ndlela iyindlela elula engithole ngayo (1) yokuba nombhalo wami we-bash ongilungiselela ama-iptables, futhi (2) ukuthi imithetho iqala ngokuzenzakalela futhi ekugcineni (3) ukuthi iskripthi uqobo sayo besiyinto ezimele, okungukuthi , ukuthi uma kusasa ngifuna ukuyisebenzisa ku-Debian engiyifakayo (ngokwesibonelo) ngeke kudingeke ngiphinde ngicabange kabusha okuningi.

Noma kunjalo, ngithemba ukuthi uyithola ilusizo 🙂

Phendula ngokucaphuna


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-8, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   eliotime3000 kusho

    Kuyathakazelisa….

  2.   uSawule kusho

    Bekungeke kube lula ukuhlela ifayela le-iptables.rules, uma usunokufinyelela kwezimpande ngeSudo kungakuhle ukukuguqula, akunjalo?

  3.   amafu kusho

    Ngikwenza ngendlela ehluke kancane, yize ngisebenzisa nombhalo owufakile ukwethula imithetho.

    1- Sethula insizakalo (uma singakayenzi okwamanje):
    # systemctl enable iptables.service
    # systemctl start iptables.service

    2- Siyabona ukuthi yimiphi imithetho esinayo esebenzayo (sicabanga ukuthi yonke into ivulekile uma singathintanga lutho) sudo iptables -nvL

    3- Sishintshela kwimithetho esiyifunayo, siqala iskripthi sokumiswa:
    # sh /home/miusuario/script-iptables.sh

    4- Ake sibone ukuthi imithetho esebenzayo ishintshile kanjani:
    # iptables -nvL

    5- Sigcina ukumiswa okusha kwama-iptable wokuqalisa kabusha okuzayo:
    # iptables-save > /etc/iptables/iptables.rules

    5b- Uma sihlela ifayili /etc/iptables/iptables.rules ngesandla ukushintsha imithetho, kufanele silayishe kabusha ukucushwa:
    # systemctl reload iptables

    Okungenani kimi kulula ngaleyo ndlela. Ngizama ukufunda i-bash ne-kdialog ukuphatha amasethingi ngendlela yokuqhafaza. Kamuva ngizozama ukwenza okuthile okuphelele nge-qtcreator ngokwesibonelo, ukuze ngikwazi ukuba nemibhalo eminingana yokumisa ngokuya ngemishini esiyilungiselelayo (i-router, i-PC, njll ...) ukubona ukuthi iyaphuma yini.

  4.   isihlibhi kusho

    Le captcha yamazwana iyisihlungi sesiphazamisi, sicela ushintshele kwenye noma uyivuselele ngoba iyacasula ngemuva kwemizamo eminingi.

    1.    izinga kusho

      Kuyinto efanayo esetshenziswa yi-humanOS, iFirefoxmanía .. mhlawumbe kuyinto enesilondolozi.

      1.    isihlibhi kusho

        Hhayi, angisasho lutho ngalaba bobabili.

  5.   mj kusho

    Ukulawula,
    Lesi yisihloko esisebenziseka ngokweqile.
    Akungabazeki ukuthi kulabo abanentshisekelo ekuphepheni kwemininingwane egcinwe kwi-PC yethu; "Iptables" ngenye yamathuluzi okufanele kufundwe ukuwasebenzisa; noma, ngokubaluleka kwayo kunzima kakhulu ukufunda.
    Ngithole le vidiyo ngesihloko engithemba ukuthi uzongivumela ukuthi ngabelane ngekheli lakho le-imeyili "http://www.youtube.com/watch?v=Z6a-K_8FT_Y"; Ngamangala ukuthi bekuhlukile kunalokho okukhulunywa ngakho lapha. Kepha noma kunjalo, ngicabanga ukuthi kuzoba ngenxa yokwehlukahlukana kokwabiwa i-GNU / Linux (i-ARCH, DEBIAN, SUSE, njll), kuzofanele sifunde noma kunjalo.