search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE Manuale Utente Pagina 27

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 60
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 26
27
Secure Default
Firewall
Ruleset
* Explanation *
As a brief explanation, the firewall rules for iptables are not really kept
in any editable file. That is, the rules, once loaded, exist in memory and
will overwrite the file they came from. So how do you configure
iptables? And how does it load it’s ruleset after a reboot?
Well, one way is to make changes to the ruleset in memory, on the fly.
You then tell iptables to save the rules in memory to a file. When the
box reboots, iptables reads the rules from this saved file.
So why can’t you just change the actual rules in file? Because it’s
overwritten any time that you save the rules. And you can’t delete rules
by simply re-reading the file – the file will append to the rules in
memory. Instead, you should create a file of your own with all your
firewall rules and comments, run your file to add, delete or modify rules
in memory, and then save the iptables memory to the
/etc/sysconfig/iptables file. Whew!
Rather then create a script to do our changes, we will perform the
changes on the fly. We’ll then save the memory to a file so they get
removed permanently on reboot.
To do this, we will perform the following:
1. Delete (flush) all of the current rules
2. Define our chains/tables in memory
3. Add our “default” rules in memory
4. Add other rules in memory as needed
5. Save the new iptables from memory to the iptables file
6. Restart iptables to verify our changes
New Default
Firewall
Ruleset
* All Distros *
** IMPORTANT NOTE: Making these changes via a remote SSH
connection WILL lock you out almost immediately.
In order to stay consistent with our local firewall rules, we will remove
any rules that came with the distribution and set up our own.
First, let’s remove anything that may currently exist in the iptables rules
by “flushing” everything as follows:
iptables -F
iptables –F INPUT
iptables –F OUTPUT
iptables –F FORWARD
iptables –F –t mangle
iptables –F –t nat
iptables –X
iptables –Z
Define three chains, INPUT, FORWARD and OUTPUT. These three
rules by themselves will drop all incoming packets and all forward
packets. All packets initiated by the host will be allowed.
iptables –P INPUT DROP
iptables –P FORWARD DROP
iptables –P OUTPUT ACCEPT
As a way of explanation, here is the meaning of some of the most
common options for iptables commands:
Vedere la pagina 26
1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 59 60

Commenti su questo manuale

Nessun commento
  • EMPYRE ELITE Proolin VoIP Tech Universal Hardware Audiolab Zears
  • Panasonic Dittafono Zanussi Fornelli Infocus no Cuisinart Piastre per waffle Dell Equipaggiamento supplementare per musica
  • Brand-Rex MMCACCCM001 Asus X205TA Yamaha CLP-157
  • AEG L99697MWD Manuale Utente Rca 36V430T Manuale Utente Parkside PEXS 270 A1 Manuale Utente Whirlpool AWT 7105 Istruzioni per l'uso Acer TravelMate 6231 Manuale Utente