Ikhasi eliyinhloko / Imibhalo /

Setha ama-Iptables e-CentOS 7

Anonim

Setha ama-Iptables e-CentOS 7

Kuzo zonke izinhlelo ezisebenzayo ezisuselwa ku-Linux Kernel, kukhona i-firewall eyakhelwe ngaphakathi, esebenzisa ukulawula nokuhlunga kwethrafikhi engenayo naphumayo, kususelwa kwimithetho echaziwe noma endaweni yesikhulumi. Ekusatshalalisweni kwe-CentOS 7, ukusetshenziswa kwe-IPTEST kwenza umsebenzi onjalo, uxhumana ne-netfilter firewall eyakhelwe ngaphakathi. Kwesinye isikhathi umphathi wohlelo noma umphathi wenethiwekhi kufanele alungiselele ukusebenza kwale ngxenye, enquma imithetho efanele. Njengengxenye yendatshana yanamuhla, singathanda ukukhuluma ngezinto eziyisisekelo zokucushwa kwezikhalazo ku-OS okushiwo ngenhla.

Lungiselela ama-Iptables kuma-CentOS 7

Ithuluzi ngokwalo liyatholakala ukuthi lisebenze ngokushesha ngemuva kokuqedwa kokufakwa kwe-CentOS 7, kepha futhi kuzodingeka ukuthi kufakwe ezinye izinsizakalo, esizokhuluma ngazo. Epulatifomu ebhekwayo kunelinye ithuluzi elakhelwe ngaphakathi elenza umsebenzi we-firewall obizwa nge-firewalld. Ukugwema izingxabano, nomsebenzi owengeziwe, sincoma ukuthi sikhubazele le ngxenye. Imiyalo eyandisiwe kulesi sihloko ifundwe kwenye impahla esixhumanisi esilandelayo.

Funda kabanzi: Khubaza Firewalld kuma-CentOS 7

Njengoba wazi, amaphrothokhokholi we-IPv4 ne-IPV6 angasetshenziswa ohlelweni. Namuhla sizogxila kusibonelo se-IPv4, kepha uma ufuna ukumisa enye iphrothokholi, uzodinga esikhundleni seqembu. Izikhalazo. Ngokusetshenziswa kwekhonsoli IP6Tables.

Ukufaka ama-Iptables

Kufanele kube kuqala kwizilo ezingeziwe zohlelo lokusebenza olubhekwayo namuhla. Bazosiza ekubekeni imithetho namanye amapharamitha. Ukulayisha kwenziwa kusuka kwibhayisiko elisemthethweni, ngakho-ke akuthathi isikhathi esiningi.

  1. Zonke ezinye izenzo zizokwenziwa kwi-Classical Console, ngakho-ke wugijime nganoma iyiphi indlela elula.

    2. Ukuqala i-terminal ukumisa ukusetshenziswa kwe-IPTAbles in CentOS 7

  2. I-Sudo YUM Faka umyalo we-IpTable-Services Ingcemi unesibopho sokufaka izinsizakalo. Faka bese ucindezela inkinobho ethi Enter.

    3. Ukufaka Izinsiza ze-IPTAble in CentOS 7

  3. Qinisekisa i-akhawunti ye-superuser ngokucacisa iphasiwedi kuyo. Uyacelwa ukuthi uqaphele ukuthi lapho imibuzo i-Sudo, izinhlamvu ezifakiwe ezikulayini azikaze ziboniswe.

    4. Faka iphasiwedi ukufaka ama-IPTAbles e-CentOS 7 ngokusebenzisa i-terminal

  4. Kuzophakanyiswa ukwengeza iphakheji elilodwa ohlelweni, qinisekisa lesi senzo ngokukhetha uhlobo lwe-Y.

    5. Ukuqinisekiswa kokungeza amaphakheji wensiza amasha e-IPTS ku-CentOS 7

  5. Lapho usuqedile ukufakwa, hlola uhlobo lwamanje lwethuluzi: sudo ipts -

    6. Ihlola inguqulo ye-IPTAbles Utility in CentOS 7 ngokusebenzisa i-terminal

  6. Umphumela uzovela entanjeni entsha.

    7. Ukubonisa inguqulo yamanje ye-Iptible Utility in CentOS 7 ngokusebenzisa i-terminal

Manje i-OS isilungele ngokuphelele ukucushwa okwengeziwe kwesicishamlilo ngokusebenzisa i-IPTAbles Utility. Siphakamisa ukubajwayeza ngokucushwa kwezinto, kusukela ngezinsizakalo zokuphatha.

Ukuma kanye Nokwethula Izinsizakalo ze-Iptables

Ukuphathwa kwemodi ye-IPTAble kudingeka ezimweni lapho udinga ukubheka isenzo semithetho ethile noma umane uqale kabusha ingxenye. Lokhu kwenziwa kusetshenziswa imiyalo eshumekiwe.

  1. Faka i-Sudo Service Ipt Stop bese uqhafaza kukhiye wokufaka ukumisa izinsizakalo.

    2. Ukumisa izinsizakalo zokusetshenziswa kwe-Iptables kuma-centros 7 ngokusebenzisa i-terminal

  2. Ukuqinisekisa le nqubo, chaza iphasiwedi ye-superuser.

    3. Ukungena kwephasiwedi ukumisa izinsiza ze-IPTAble in CentOS 7

  3. Uma inqubo iphumelela, kuzovezwa intambo entsha, ikhombisa ushintsho kufayela lokucushwa.

    4. Isaziso mayelana nokumisa izinsiza zensiza Eptables in CentOS 7

  4. Ukwethulwa kwezinsizakalo kwenziwa cishe ngendlela efanayo, kuphela umugqa uthola izinsiza ze-Sudo Service IPTAbles Qala ukubuka.

    5. Run izinsiza ze-IPTING Izinsiza ku-CentOS 7 ku-terminal

Ukuqalisa kabusha okufanayo, ukuqala noma ukumisa ukusetshenziswa kuyatholakala nganoma yisiphi isikhathi, ungakhohlwa ukubuyisa inani lokubuyela emuva lapho lizodingeka.

Bheka futhi ususe imithetho

Njengoba kushiwo ngaphambili, ukulawulwa kwe-firewall kwenziwa yi-Manual noma ngokungezwa ngokuzenzakalela imithetho. Isibonelo, ezinye izinhlelo zokusebenza ezingeziwe zingafinyelela ithuluzi, ziguqule izinqubomgomo ezithile. Kodwa-ke, izinyathelo eziningi ezinjalo zisenziwa ngesandla. Ukubuka uhlu lwayo yonke imithetho yamanje kuyatholakala nge-Sudo Iptables -L Command.

Khombisa uhlu lwayo yonke imithetho yokusetshenziswa kwamanje ye-IPTS kuma-CentOS 7

Emthethweni obonisiwe kuzoba nolwazi ngamaketanga amathathu: "okufakwayo", "okukhipha" kanye "phambili" - okuzayo nokudlulisa, ngokulandelana.

Ukubuka kohlu lwazo zonke izinsiza zemithetho ezisetshenzisiwe e-CentOS 7

Ungachaza isimo sawo wonke amaketanga ngokufaka i-sudo eptables -S.

Ibonisa uhlu lwamasekethe we-IPTS Utility kuma-CentOS 7

Uma imithetho ibonwa ingagculisekile kuwe, bavele basuswe. Lonke uhlu lusulwa kanjena: Sudo Iptables -f. Ngemuva kokusebenza, umthetho uzosuswa ngokuphelele kuwo wonke amaketabhu amathathu.

Uhlu olucacile lwayo yonke imithetho Izisetshenziswa ze-IPTAble in CentOS 7

Lapho udinga ukuthinta kuphela izinqubomgomo ezivela ku-chain eyodwa, kufakwa impikiswano eyengeziwe kulayini:

Sudo iptable -F okokufaka

Sudo iptables -F okuphumayo

Sudo eptable -f phambili

Sula uhlu lwemithetho ukuthola i-IPTAbles ethile ekhethekile e-CentOS 7

Ukungabikho kwayo yonke imithetho kusho ukuthi azikho izilungiselelo zokuhlunga traffic ezingasetshenziswa kunoma iyiphi ingxenye. Okulandelayo, umphathi wesistimu uzocacisa ngokuzimela amapharamitha amasha esebenzisa ikhonsoli efanayo, umyalo nezimpikiswano ezahlukahlukene.

Ukwemukela nokulahla ithrafikhi ngamaketanga

I-chain ngayinye ilungiselelwe ngokwehlukana ukuthola noma ukuvimba ithrafikhi. Ngokubeka okushiwo okuthile, kungatholakala lokho, ngokwesibonelo, wonke amathrafikhi angenayo azovinjwa. Ukuze wenze lokhu, umyalo kumele ube ne-Sudow Iptables Wort --Policy Wort Drop, lapho ukufaka khona igama leketanga, futhi ukwehla kuyinani lokulahla.

Setha kabusha imibuzo engenayo ku-IpTable Utility in CentOS 7

Ngempela amapharamitha afanayo asethelwe eminye imibuthano, ngokwesibonelo, i-Sudo Iptables --Policy Outpput Drop. Uma udinga ukusetha inani lokuthola ithrafikhi, khona-ke ukwehla kwezinguquko kukwamukeleka futhi kuvela iSudo Ipt Games - Ukwamukela ukufakwa kwe-Sudow.

Isinqumo sePort and Lock

Njengoba wazi, zonke izinhlelo zokusebenza zenethiwekhi nezinqubo zisebenza ngechweba elithile. Ngokuvinjwa noma ukuxazulula amakheli athile, ungabheka ukufinyelela kwazo zonke izinhloso zenethiwekhi. Ake sihlaze ichweba phambili ngesibonelo 80. Ku-terminal, kuzokwanela ukufaka i-sudo ipters -Ukufaka -P TCP - jwport 80 -J ukwamukela umthetho omusha, ukufaka - isiphakamiso I-chain, -P - Incazelo yephrothokholi kuleli cala, i-TCP, A --DoPort yichweba eliya kulo.

Umthetho wokuvula i-Port 80 ku-IPTAbles Utility in CentOS 7

Impela umyalo ofanayo futhi usebenza ku-Port 22, esetshenziswa yi-SSH Service: Sudo Iptables -Ukufaka -P TCP --J amukele 22.

Umthetho wokuvula iPort 22 ku-IpTable Utility in CentOS 7

Ukuvimba imbobo ebekiwe, intambo isetshenziswa ngqo uhlobo olufanayo, kuphela ekugcineni koshintsho olwemukela. Ngenxa yalokhu, kuyavela, ngokwesibonelo, i-sudo iptables - Ukufaka okufakiwe -P TCP --J ukwehla okungama-2450 -J.

Ukubusa kokuvinjelwa ethekwini ku-IpTable Utility in CentOS 7

Yonke le mithetho ifakwa kwifayela lokucushwa futhi ungawabuka nganoma yisiphi isikhathi. Sikukhumbuza, kwenziwa ngeSudo Iptables -L. Uma udinga ukuvumela ikheli lenethiwekhi ye-IP ngechweba kanye netheku, intambo iguqulwa kancane - ngemuva kokuthi i-TPC ingezwe-amakheli uqobo. I-Sudo Eptable-Ukufaka -p TCP -S -S 12.12.12.12/32 --dport 22 - lapho 12.12.12.12/322 yikheli elidingekayo le-IP.

Umthetho wokwamukela amakheli we-IP kanye ne-Port ku-IPTS ku-CentOS 7

Ukuvinjwa kwenzeka ngomgomo ofanayo ngokushintsha ekugcineni kwenani lokwamukela ekwehleni. Lapho-ke kuvela, ngokwesibonelo, i-Sudo Iptables -Ukufaka -P TCP -S 12.12.12.0/224 --dport 22 -J Drop.

Ukubusa kokuvimba amakheli we-IP kanye ne-Port in Izitch kuma-CentOS 7

Ukuvinjwa kwe-ICMP

I-ICMP (I-Intanethi Yokulawula Umlayezo) - Iphrothokholi efakiwe ku-TCP / IP futhi iyabandakanyeka ekudluliseleni imiyalezo yephutha nezimo eziphuthumayo lapho usebenza ngethrafikhi. Isibonelo, lapho iseva eceliwe ingatholakali, leli thuluzi lisebenza imisebenzi yensiza. I-Iptbles Utility ikuvumela ukuba uyivimbele ngokusebenzisa i-firewall, futhi ungayenza isebenzise i-sudo ipts - okuphuma -P ICMP - Uhlobo lwe-ICMP - hlobo umyalo we-ICMP Izovimba izicelo kusuka kuseva yakho.

Umthetho wokuqala ukuvimba i-Iptget plugging kuma-CentOS 7

Izicelo ezingenayo zivinjelwe okuhlukile. Ngemuva kwalokho udinga ukufaka i-Sudo Iptables -I-Faka -P ICMP - Uhlobo lwe-8 -J Drop. Ngemuva kokwenza kusebenze le mithetho, iseva ngeke iphendule kwizicelo zePing.

Umthetho wesibili wokukhiya ukufakwa kwi-iPPTAbles e-CentOS 7

Vikela izenzo ezingagunyaziwe kuseva

Kwesinye isikhathi amaseva ahlaselwa yi-DDOS noma ezinye izenzo ezingagunyaziwe ezivela kubahlaseli. Ukulungiswa okulungile kwe-firewall kuzokuvumela ukuthi uzivikele kulolu hlobo lokugenca. Okokuqala, sincoma ukubeka imithetho enjalo:

  1. Sibhala kwi-IPTTS - Ukufaka okufakiwe -P TCP - -Port 80 -M Umkhawulo - Limit 20 / Minute . Ungacacisa iyunithi lokulinganisa ngokwakho, ngokwesibonelo, / okwesibili, / umzuzu, / ihora, / usuku. - Limit-burst inombolo - umkhawulo ngenani lamaphakeji alahlekile. Onke amanani aboniswa ngawodwa ngokusho kokuncamelayo komqondisi.

    2. Umthetho wokuphepha ovela kuma-DDOs kuma-IPTS ku-CentOS 7

  2. Okulandelayo, ungavimbela ukuskena kwamachweba avulekile ukususa enye yezimbangela zokugenca. Faka i-Sudo Iptables yokuqala -n block-scan umyalo.

    3. Umthetho wokuqala wokuvimbela amachweba e-IPTAbles e-CentOS 7

  3. Ngemuva kwalokho chaza i-sudo iptables -I-block-scan -p -p -p -p -p -p -P TCP -TCP-flags syn, ack, Fin, RST -M ukubuyisa - kukubuya 1 / S-BJ.

    4. Umthetho wesibili wokuvimbela amachweba ama-Iptables e-CentOS 7

  4. Umyalo wokugcina wesithathu yile: sudo iptables -I-block-scan-j yehla. Inkulumo yokuskena okuvinjelwe kulezi zimo - igama lesifunda elisetshenzisiwe.

    5. Umthetho wesithathu ukuvimba itheku lokuhlola ama-Iptables kuma-CentOS 7

Izilungiselelo eziboniswe namuhla ziyisisekelo somsebenzi kuthuluzi lokulawula le-firewall. Emibhalweni esemthethweni ye-Utility uzothola incazelo yazo zonke izimpikiswano ezitholakalayo nezinketho futhi ungamisa i-firewall ngokuqondile izicelo zakho. Ngaphezulu kwemithetho yezokuphepha ejwayelekile, evame ukusetshenziswa futhi ezimweni eziningi iyadingeka.

Funda kabanzi

Ukusetha imodemu ye-megafon
Amamodeli avela enkampanini Megafon athandwa kakhulu phakathi kwabasebenzisi, ehlanganisa ikhwalithi kanye nezindleko ezilinganiselayo. Kwesinye isikhathi...
Ungaguqula kanjani i-VOB e-AVI
Ifomethi ye-VOB isetshenziswa ekuqopheni kwevidiyo okufakwe ku-DVD Players. Vula amafayela ngefomethi enjalo angaphinde futhi ahlele i-multimedia kuma-PC,...
Ukulanda amakhasi eside kusiphequluli
Umsebenzisi angahlangabezana neqiniso lokuthi amakhasi e-Web alayishwe ngaphambi kokuqala ukuvula kancane. Uma uqala kabusha, kungasiza, kepha nokho...
Isoftware yokuqopha yedeskithophu yamahhala
Namuhla ngangizibuza ukuthi yini ukurekhoda ividiyo kusuka esikrinini: Ngaso leso sikhathi, hhayi ividiyo evela kumidlalo, engikubhalile ku-athikili...
Umkhawulo wesikhathi somsebenzi ku-Windows 10
IWindows 10 ihlinzeka ngemisebenzi yokulawula yabazali evumela ukuthi ubeke umkhawulo wesikhathi sokusebenzisa ikhompyutha, ukwenqabela ukutholakala...
Restart to eliminate disk errors in Windows 10 - what to do?
Sometimes when working in Windows 10, you may encounter notification "Restart to eliminate disk errors" and is not always clear which errors are about...
Ushizi we-burger, yini engcono
Izinhlobo zenyama yezimvu: amagama amahle nezimpawu zawo, izinhlobo ezinkulu kunazo zonke
Izinhlobo zezindwangu - yiziphi izindwangu, ukuhlukaniswa kwazo, igama, ukwakheka
Izithombe ezihlekisayo ongasoze wazikhohlwa
Izinkinga eziyi-10 zeRenault Arkana entsha, abathengi abangaqageli
I-E420 Sorbittol, Sorbittone Syrup - Isenzo Kwezempilo, Inzuzo Nokulimala, Incazelo
I-Kabarga: I-Angel Pees, ama-Demon Fangs
Imininingwane ethokozisayo ngocansi lwe-tantric, imithetho yayo
Ukuxhumana kwe-cocaine kunganqunywa ngomunwe
Konke mayelana Dühs - Cherry ne-Cherry Hybrids
Imilenze yangemuva yenja iyaqhubeka futhi iyahlakazeka: okufanele ukwenze | kungani, izizathu
Izizathu Ezingu-23 Zokunakekela Ngosuku Lokuzalwa luka-Jennifer Lawrence
Isitayela Esingcono Kakhulu Somgwaqo Sibukeka Kusukela Ezinsukwini 5 kanye Nezi-6 Zeviki Lemfashini YaseParis
Izithombe zikaJennifer Aniston | Isitayela sikaJennifer Aniston | Izithombe zikaJennifer Aniston
Isivumelwano saseVerdun
I-Vietnamese-style yengulube yengulube ene-Fresh Herb Salad
I-Hobby Lobby Ihambisa Ngaphezu Kwezinto Zobuciko Ezingeniswe Ngokungemthetho Ezingu-5,500
Iyini Imbobo ye-USB ku-Nest Hello Esetshenziselwa?
Amazambane noshizi obhemayo iresiphi ehlakaniphile | Izithako ezimbalwa kakhulu ze-top side dish
Izinkampani Ezingcono Kakhulu Zokuqasha Ifenisha zango-2022
Lithini ihora eliluhlaza okwesibhakabhaka?
UKim Kardashian wake wesaba ukuthi 'Ngeke Aphinde Ahlanganyele Ucansi'
I-Soho Loft ene-Honey-Comb Skylight Ekugcineni Ithengiswa Ngezigidi Ezingu-2.15 zamaRandi Ngemva Kwezinyanga Eziyisi-6 Emakethe
I-NASA Astronaut Ikhuluma Ngokubuyela Ekhaya Isuka Ekuphileni Emkhathini
Indlela yokupheka irayisi elishisayo elimnandi / Epanini, umpheki omncane, i-microwave - indatshana evela esigabeni esithi "Ukupheka kanjani" esizeni
I-Prevenge Iletha Indaba Enkulu Esabekayo Mayelana Nokwesabeka Kobumama Obuseduze
Indlela yokudweba izinzipho zakho ebusika: imibala nezindlela zokubonisa
Indlela I-Neurocomic Ingena Ngayo Ekhanda Lakho
Abesifazane Abadumile abane-ADHD Abafunde Ukugqama
USamuel L. Jackson uvikela ukusetshenziswa kukaQuentin Tarantino kwe-'N-word'
Abasebenzisi beFirefox qaphela: I-CCleaner isula izilungiselelo zesandiso zeFirefox ngokuzenzakalelayo
U-Rihanna Uthumela Umlayezo Mayelana Nobuhle Ngezithombe Zewebhusayithi Ezibonisa Izibazi Zomodeli
Ngaphandle kwamaBeatles: Ukuxhumana Okungalindelekile kukaGeorge Harrison ku-SFF
7 Awesome Ford F-150 Lightning Electric Truck Izici
Hlala Uxhumene Ngendlela Ehlakaniphile Nge-Whatsapp - Thumela Futhi Wamukele Imilayezo Mahhala
'Isimangaliso': Indlela Indlovukazi Ehlanganiswe Ngayo Ukuze Idale Eyakudala

© 2024 Ukulungiswa Kwekhompyutha
Amakhompyutha nama-Smartphones - Ungasebenza kanjani futhi ulungise, amathiphu awusizo

nl en af am ar az be bg bn bs ca ceb cs cy da de el eo es et eu fa fi fr fy ga gl gu ha he hi hmn hr ht hu hy id ig is it ja jv ka kk km kn ko ku ky lb lo lt lv mg mk ml mn mr ms mt my ne no ny or pa pl ps pt ro rw sd si sk sl sm sn so sq sr st su sv sw ta te tg th tk tl tr tt ug uk ur uz vi xh yi yo zh-CN zh-TW zu