First download the latest source code for iptables.
Compile and install, and then stop the system installed iptables, using the latest installation of iptables, using the latest installation of iptables tool. Experiment 1: install 1, from http://www.netfilter.org/downloads.html#iptables-1.2.9 download the latest source code package, iptables is currently the iptables-1.2.9.tar.bz, download saved to/usr/local/src directory. 2. Enter the directory, unpack/usr/local/src compressed package source directory, enter the iptables, # cd/usr/local/src # bunzip2iptables-1.2.9.tar.bz # tarxfiptables-1.2.9.tar # cdiptables-1.2.9 3, use the following commands to compile and install the the locust iptables source package # makePREFIX =/usr # makePREFIX =/usrinstall Note: use the PREFIX =/usr parameter specifies the iptables Setup related files to the/usr directory is the top-level directory instead of the default/usr/local, such as iptables file is installed in the/usr/sbin,/usr/lib/usr/man etc directory, and use the ls command to view these directories to find iptabels associated executables and library files, and 4, the installation is complete, use the default installation of iptables commands and the newly installed iptables command, view the version information #/sbin/iptables – v 5, in order to use the newly installed iptables tool, you need to quit the system starts execution of a command, the firewall iptabels startup scripts from the system start queue removed, # chkconfig-level2345iptablesof # chkconfig-listiptables then use reboot to reboot the system. Test two: use iptables setting refuses to press machine for a specific type of connection to use the latest install iptables tool sets the native firewall. Enable local firewall to deny external on native telnet.ftp connections. 1. continue the above experiment, reboots, log on as root. Use the iptables command to view the current firewall, shows no firewall settings, #/usr/sbin/iptables-L 2, use the vsftp server/etc/rc.d/init.d/vsftp script # 3,/etc/rc.d/init.d/vsftpstart LAN of his client to connect ftp server. Display connection success! if you do not need him! more fine inspect every step correctly. 4. use the vi command Edit/etc/xinetd.d/telnet profile. The "disable = yes" changed to "disable = no". Save and exit. Restart services. #/Etc/rc.d/init.d/xinetdrestart on another machine to access the Telnet service on this machine, display the connection succeeds. If you do not need him! more fine inspect every step correctly 5, use the following command sets the suppress external iptalbes Telnet connection #/usr/sbin/iptables – AINPUT – Ptcp – dporttelnet-jDROP 6, Setup is finished, use iptables "-L" option to view your firewall settings, see the above set of firewall rules in the INPUT chain # iptables-L 7, use the steps on the external host in connection to this machine, display the telnet connection refused, but use the ftp connection. External connection is still valid. 8, use the same method. Setting refuses the FTP connection firewall rule #/usr/sbin/iptables – AINPUT-ptcp — dportftp-jDROP use iptables command to view the show have just set up a firewall, the firewall rule has been registered. # Iptables-L 9, use the iptables command options "-F" clear all firewall rules # iptables-# iptables-L
No comments:
Post a Comment