As an example, we come to a regular home users create a firewall.
Assuming that the home users in General to your own computer for Internet browsing, e-mail, etc. We need to do is allow all necessary connections and prohibit all unrelated connections. The following is the firewall profile: 1 * filter 2: INPUTDROP [0: 0] 3: FORWARDDROP [0: 0] 4: OUTPUTDROP [0: 0] 5 6 # allows local loopback connection 7-AINPUT-ilo-jACCEPT 8 9 # drop illegal connection 10-AINPUT-mstate--stateINVALID-jDROP 11-AOUTPUT-mstate--stateINVALID-jDROP 12-AFORWARD-mstate--stateINVALID-jDROP 13 14 # allow all established and related connection 15-AINPUT-mstate--stateESTABLISHED, RELATED-jACCEPT 16-AOUTPUT-mstate--stateESTABLISHED, RELATED-jACCEPT 17 18 # allow connections from your ISP's DNS server 19-AOUTPUT-d2.3.4.10-mstate--stateNEW-pudp--dport53-oeth0-jACCEPT 20-AOUTPUT-d2.3.4.11-mstate--stateNEW-pudp--dport53-oeth0-jACCEPT 21 22 # allows you to connect to the Web Server 23-AOUTPUT-d0/0-mstate--stateNEW-ptcp--dporthttp-oeth0-jACCEPT 24-AOUTPUT-mstate--stateNEW-ptcp--dporthttps-oeth0-jACCEPT 25 26 # allows you to connect to your ISP's SMTP and POP3 server 27-AOUTPUT-d2.3.4.5-mstate--stateNEW-ptcp--dportsmtp-oeth0-jACCEPT 28-AOUTPUT-d2.3.4.5-mstate--stateNEW-ptcp--dportpop3-oeth0-jACCEPT 29 30 # record other attempts to connect to the outside 31-AOUTPUT-oeth0-jLOG 32 # default is DROP outgoing connections 33 34COMMIT specific significance of the command line above is easy to understand, this is not in here. In fact, as long as you are familiar with a specific environment settings for the firewall, we can more easily into other applications to create the appropriate firewall. Addendum: here after we introduced in Linux using iptables firewall's basic method was created. In fact, due to demand, and therefore does not exist any complete firewall Guide. We can only understand the basic concepts and terminology and their in-depth study. As computer technology, system security has become a familiar and unfamiliar topics. Because the computer world is increasingly becoming a collection of technical networking features, but from the conceptual point of view, network and security is a fundamental contradiction. The network is designed to achieve the opening of a computer, and security is as much as possible to implement a computer of sealing. Therefore, in reality the discussion of security, in fact, it is necessary to look for in both to a balance, a user can accept the balance. In this sense, the computer security is an endless topic, therefore, in the computer field does not have the ultimate safety programme. In other words, for the computer, the security itself is a relative concept. In addition, it is recommended that you learn some knowledge about TCP/IP. If you want to know more comprehensive knowledge about iptables, you can view the following link, this is a very good iptables tutorial: http://iptables-tutorial.frozentux.net/
No comments:
Post a Comment