Maitiro ekugadzirisa firewall muLinux ine IPtables

Pablinux

6 maminitsi

iptable linux

Kunyangwe dzimwe nguva ndichiri kubata Windows ndoga uye mune vamwe vazhinji vanondimanikidza (marditoh rodoreh) pandinofanira kuita zvinhu kure nemakomputa angu, kwandiri kutaura nezveWindows kwakafanana nechimwe chinhu chakasara kumashure munguva. Pandakaishandisa seyangu huru system (ndakanga ndisina imwe), ndakaedza kuidzivirira nesoftware senge Kaspersky's antivirus uye apo neapo firewall, pakati pemamwe akawanda ekuchengetedza maturusi. MuLinux hatina kumbobvira tafumurwa senge muWindows, asi kune zvakare software inotibatsira kudzikama, senge IPtables, firewall kana firewall.

Iyo firewall ndeye yekuchengetedza sisitimu ine basa rekudzora network traffic inopinda nekusiya inoshanda sisitimu. Imwe yeakanyanya kupararira muLinux ndiyo yambotaurwa IPtables, kusvika pakuti, pamwe uye iwe usingazvizive, yakatoiswa mune yako yekushandisa system kubva pawakaiburitsa. Zvatichaedza kuita munyaya ino kutsanangura maitiro ekugadzirisa firewall mulinux ne IPtables.

IPtables paLinux, izvo zvaunoda kuziva

Kugadzirisa firewall zvinogona kuoma, uye nezvimwe mune inoshanda sisitimu seLinux umo yakanakisa inowanikwa pakubata kweiyo terminal. Usati watanga, zvinokurudzirwa kuziva zvishoma nezve network uye nyaya dzekuchengetedza, kana kuti unzwisise kuti, kana takabatana, tiri kutaurirana nemimwe michina, uye izvi zvishandiso kana varidzi vazvo vangave vaine zvinangwa zvakanaka kana zvakaipa. Nechikonzero ichi, zvichienderana nekushandiswa kwatinoita kwePC yedu, zvakakodzera kudzora zvese zvinobuda uye zvese zvinopinda mairi.

Zvakare, uye nezvezvingaitika, kana isu tiine imwe firewall pane yedu Linux system uye isu tichatanga kugadzirisa zvinhu muIPtables, zvakakodzera kugadzira kopi yekuchengetedza yeazvino firewall kumisikidza. Nezvose izvi zvakajeka, tinotanga kutaura zvizere nezvekugadzirisa kweIPtables.

  1. Chinhu chekutanga chatinofanira kuita kuisa iyo package. Mazhinji ekugovera Linux ane iyo yakaiswa nekukasira, asi ichi chinhu chisiri icho nguva dzose. Kuti tizive kana isu tine IPtables yakaiswa mune yedu yekushandisa system, tinovhura terminal tonyora iptables -v. Mune yangu uye panguva yekunyora chinyorwa ichi, terminal yangu inondidzosera iptable v1.8.8. Kana isina kuiswa, inogona kuiswa ne:

Ubuntu/Debian kana zvinobva:

sudo apt kuisa iptables

Fedora/Redhat kana zvinobva:

sudo yum kuisa iptables

Arch Linux uye zvigadzirwa

sudo pacman -Siptables

Mushure mekuisa, ichagoneswa ne:

sudo systemctl inogonesa iptables sudo systemctl kutanga iptables

Uye iwe unogona kuona chimiro chayo ne:

sudo systemctl mamiriro iptables
  1. Ne firewall yakatoiswa kare, unofanirwa kugadzirisa mitemo yayo. Mitemo yeIPtables yakakamurwa kuita matafura (atichataura zvakadzama gare gare mune ino chinyorwa): sefa, nat uye mangle, iyo yatinofanira kuwedzera mbishi uye chengetedzo. Iyo tafura yekusefa inoshandiswa kudzora inouya uye inobuda traffic, iyo nat tafura inoshandiswa kuita NAT (Network Kero Dudziro) uye iyo mangle tafura inoshandiswa kugadzirisa IP packet. Kugadzirisa mitemo yetafura yekusefa, mirairo inotevera inoshandiswa:
  • iptables -A INPUT -j BVUMA (bvumira zvese zvinopinda traffic).
  • iptables -A OUTPUT -j BVUMA (tendera traffic yese inobuda).
  • iptables -A FORWARD -j BVUMA (bvumira zvese zvinofambisa traffic). Nekudaro, iyi gadziriso inobvumira traffic yese, uye haina kukurudzirwa kune yekugadzira system. Zvakakosha kutsanangura mitemo ye firewall zvichienderana nezvinodiwa zvehurongwa. Semuenzaniso, kana iwe uchida kuvhara traffic inouya pachiteshi 22 (SSH), unogona kushandisa murairo:
iptables -A INPUT -p tcp --dport 22 -j DROP
  1. Chimwe chinhu chakakosha kuchengetedza zvigadziriso, kuti usarasikirwe nazvo paunenge uchitangazve system. PaUbuntu neDebian iyo "iptables-save" murairo unoshandiswa kuchengetedza zvigadziriso zvazvino kufaira. PaRed Hat uye Fedora, iyo "sevhisi iptables chengetedza" murairo unoshandiswa kuchengetedza zvigadziriso. Kana iwe uchikahadzika kuti ndeipi yekushandisa, iyo Ubuntu / Debian mirairo inowanzoshanda pane yakawanda kugovera.

Rodha zvigadziriso mushure mekutangazve

Para rongedza zvigadziriso zvakachengetwa, mirairo yakafanana inoshandiswa kuvaponesa inoshandiswa, asi ne "kudzorera" chiito pane "chengetedza". PaUbuntu neDebian, iyo "iptables-kudzorera" murairo inoshandiswa kurodha zvakachengetwa zvigadziriso kubva mufaira. PaRed Hat neFedora, iyo "sevhisi iptables dzorera" murairo unoshandiswa kurodha zvakachengetwa zvigadziriso. Zvekare, kana iwe uchipokana nezve murairo wekushandisa, iyo Ubuntu / Debian mirairo inowanzo shanda zvakanyanya.

Izvo zvakakosha kuti uzive kuti kana shanduko dzakaitwa kune firewall marongero, dzinoda kuchengetwa uye kurodhazve kuti shanduko dziite. Iyo inzira yekudzoreredza faira yekumisikidza neiyo data nyowani, uye kana ikasaitwa nenzira iyi, shanduko hadzizochengetwa.

Matafura muIPtables

Kune mhando dze5 dze tafura muIPTables uye imwe neimwe ine mitemo yakasiyana inoshandiswa:

  • firita : Iyi ndiyo tafura huru uye yakasarudzika kana uchishandisa IPTables. Izvi zvinoreva kuti kana pasina tafura chaiyo inotaurwa pakushandisa mitemo, mitemo ichashandiswa kune tafura yekusefa. Sezvinoratidzwa nezita rayo, basa retafura yekusefa nderekusarudza kana kubvumira mapaketi kuti asvike kwaanoenda kana kuramba chikumbiro chavo.
  • nat (Network Kero Dudziro): Sezvinoratidzwa nezita, tafura iyi inobvumira vashandisi kuona kushandurwa kwemakero etiweki. Basa retafura iyi kuona kana uye sei kugadzirisa kwainobva uye kero yepakiti yepakiti.
  • mangle: Tafura iyi inotibvumira kugadzirisa iyo IP misoro yemapaketi. Semuenzaniso, iyo TTL inogona kugadziridzwa kurebesa kana kupfupisa network hops iyo packet inogona kutsigira. Nenzira imwecheteyo, mamwe maIP misoro anogona zvakare kugadziridzwa zvinoenderana nezvaunoda.
  • mbishi: Kunyanya kushandiswa kwetafura iyi kuronda makabatana sezvo ichipa nzira yekumaka mapaketi kuona mapaketi sechikamu chechikamu chirikuenderera mberi.
  • chibatiso: Uchishandisa tafura yekuchengetedza, vashandisi vanogona kuisa mukati SELinux kuchengetedza mamiriro emureza kunetiweki mapaketi.

Matafura maviri ekupedzisira haatombo shandiswa, zvekuti zvinyorwa zvakawanda zvinongotaura nezve sefa, nat, uye mangle.

Mune faira rekubatsira tinogona kuwana mienzaniso yekuti tingabata sei IPtables. Kuti uzvione, isu tichavhura terminal uye mhando iptables -h.

Kunyangwe iptables iri imwe yeakanakisa sarudzo kunze uko kuLinux, kana iwe uchida chimwe chinhu chakareruka chine graphical interface unogona kutarisa Firewall.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako