نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: Iptables Firewall - A basic introduction

  1. #1
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,965
    تشکر شده در
    2,085 پست

    پیش فرض Iptables Firewall - A basic introduction

    You probably heard of the term "IPtables Firewall" before. Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. This quick tutorial will teach you the basics about building a firewall by using iptables. First you need to know how a firewall handles packets leaving, entering, or passing through your server. Think about chains for each of the mentioned events. Any IP packet entering your server has to go through the INPUT chain. Any packet that your server sends out as a response to the network (Internet) has to go through the OUTPUT chain. The chains represent the logic behind the whole iptables thing.
    The way iptables work is by setting up certain rules for the chains. These rules allow the chains to inspect each incoming or outgoing package and then to apply the proper rules. For instance, if your server receives an incoming request for the website "exampledomain.com" the request would first be inspected by the chain for incoming traffic to your server. Let's assume that the request comes from an IP address that should not have access to the website. The IP address is listed in the rules to be denied. The rule recognizes the IP of the requester in the rules and the IPtables firewall blocks the request from going through the firewall to reach the web server part on your server. The requestor would not get the website to see. As an example - you want to block all incoming traffic to your website from 10.1.1.25 (for the matter of this case we use a private IP address).
    A very broad IPtables command would be:
    iptables -A INPUT -p tcp -j ACCEPT
    This rule would accept all tcp traffic. But this is a little too broad isn't it? So, let's work on being much more specific in regards to blocking incoming requests from the IP address specified.
    Please be aware that "-s" is used to specify a source IP or DNS name. So, for our example this would mean:
    iptables -s 10.1.1.25
    Now that we have specified the source IP address we need to tell the firewall of what to do if a request comes from that IP address. The "-j" option is used to specify what happens to the incoming request from that IP address. The most common three settings are "ACCEPT", "DENY", and "DROP". "Accept" would let traffic from the source IP address pass through the firewall. "DENY" would send a message to the requestor that this server isn't accepting connections. "DROP" just ignores the incoming request and drops it. The requester would not get a response at all. For our example we would either use "DROP" or "DENY" as the preferred option:
    iptables -s 10.1.1.25 -j DROP
    But we're not done yet. Our server still won't understand what we are trying to accomplish. We still need to specify the "INPUT" or "Output" chain. Since we want to deny access to the website from this specific requestor we would need to apply this setting to the "INPUT" chain.
    iptables -A INPUT -s 10.1.1.25 -j DROP
    This command would ignore every incoming request from 10.1.1.25 (with some exceptions, but we'll get into that part later on). The order of the specified options doesn't matter. The "-j DROP" could go before "-s 10.1.1.25". But you should use a consistent approach to avoid confusion down the road.
    Sometimes you will need to be more specific when applying IPtables rules. Let's modify the example to block only TELNET requests. We need to specify the protocol (here: TCP) and the port or service (here: TELNET).
    iptables -A INPUT -s 10.1.1.25 -p tcp --destination-port telnet -j DROP
    If you wanted to block all incoming requests from a whole IP address subnet and not just from a single IP address you need to modify the command as follows:
    iptables -A INPUT -s 10.1.1.0/24 -p tcp --destination-port telnet -j DROP

    Here is a list of some additional parameters that can be used when working with IPtables:

    -j Specifies the target (--jump)
    -i Specifies the input interface (--in-interface)
    -o Specifies the output interface (--out-interface)
    -p Specifies the protocol (--proto)
    -s Specifies the source (--source)
    -d Specifies the destination (--destination)
    ! Specifies an inversion (match addresses NOT equal to)



    We now showed you a basic introduction to IPtables and how they work. There is of course much more to it. Pick up a book on Linux security to dive deeper into how IPtables can be used to make your server more secure. As always - if you feel not sure that you can handle these kind of things on your own server - practice, practice, practice. Hire an experienced system administrator if needed.
    Disclaimer: The information is provided as is. Please verify that your server platform can handle iptables and that you really understand how this stuff works. It is easy to lock yourself out from your own server when setting up a firewall not knowing how things really work. We cannot be held liable for errors resulting out of work from an unexperienced person doing system administration.


    Disclaimer: The information is provided as is. Please verify that your server platform can handle iptables and that you really understand how this stuff works. It is easy to lock yourself out from your own server when setting up a firewall not knowing how things really work. We cannot be held liable for errors resulting out of work from an unexperienced person doing system administration.
    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir

  2. تعداد تشکر ها ازVahid به دلیل پست مفید


  3. # ADS




     

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

موضوعات مشابه

  1. stop کردن Iptables Firewall در Cent Os (راهنمایی)
    توسط nul در انجمن ردهت,فدورا,سنت-او-اس Redhat,Fedora,CentOS
    پاسخ ها: 5
    آخرين نوشته: July 8th, 2012, 16:52
  2. مشکل در ورود دستورات iptables firewall
    توسط allbert در انجمن ردهت,فدورا,سنت-او-اس Redhat,Fedora,CentOS
    پاسخ ها: 1
    آخرين نوشته: December 1st, 2011, 16:36
  3. ِکتاب Introduction to Apache Web Server - VTC
    توسط hamedch67 در انجمن مباحث دیگر
    پاسخ ها: 6
    آخرين نوشته: May 24th, 2011, 11:07
  4. بر طرف کردن مشکل iptables در ConfigServer Security & Firewall - csf v4.69
    توسط sodahost در انجمن سوالات و مشکلات
    پاسخ ها: 2
    آخرين نوشته: May 19th, 2009, 16:48
  5. Introduction to Apache Web Server - VTC
    توسط hamedch67 در انجمن مباحث دیگر
    پاسخ ها: 0
    آخرين نوشته: October 15th, 2008, 21:50

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •