search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 23

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 22
generating a very basic set of firewall rules (see below). This may be adequate, but it is still recommended to
know the proper syntax and how the various mechanisms work as such tools rarely do more than a few very
simple rules.
Various examples are given below. These are presented for
illustrative purposes to demonstrate some of the concepts
being discussed here. While they might also be useful as a
starting point for your own script, please note that they are
not meant to be all encompassing. You are strongly
encouraged to understand how the scripts work, so you can
create something even more tailored for your own situation.
The example scripts are just protecting inbound
connections to one interface (the one connected to the
Internet). This may be adequate for many simple home type
situations, but, conversely, this approach is not adequate for
all situations!
5.2.1. ipchains
ipchains can be used with either 2.2 or 2.4 kernels. When ipchains is in place, it checks every packet that
moves through the system. The packets move across different "chains", depending where they originate and
where they are going. Think of "chains" as rule sets. In advanced configurations, we could define our own
custom chains. The three default built−in chains are input, which is incoming traffic, output, which is
outgoing traffic, and forward, which is traffic being forwarded from one interface to another (typically
used for "masquerading"). Chains can be manipulated in various ways to control the flow of traffic in and out
of our system. Rules can be added at our discretion to achieve the desired result.
At the end of every "chain" is a "target". The target is specified with the −j option to the command. The
target is what decides the fate of the packet and essentially terminates that particular chain. The most
common targets are mostly self−explanatory: ACCEPT, DENY, REJECT, and MASQ. MASQ is for
"ipmasquerading". DENY and REJECT essentially do the same thing, though in different ways. Is one better
than the other? That is the subject of much debate, and depends on other factors that are beyond the scope of
this document. For our purposes, either should suffice.
ipchains has a very flexible configuration. Port (or port ranges), interfaces, destination address, source
address can be specified, as well as various other options. The man page explains these details well enough
that we won't get into specifics here.
Traffic entering our system from the Internet, enters via the input chain. This is the one that we need as
tight as we can make it.
Below is a brief example script for a hypothetical system. We'll let the comments explain what this script
does. Anything starting with a "#" is a comment. ipchains rules are generally incorporated into shell scripts,
using shell variables to help implement the firewalling logic.
#!/bin/sh
#
Security Quick−Start HOWTO for Red Hat Linux
5.2.1. ipchains 20
Vedere la pagina 22
1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 81 82

Commenti su questo manuale

Nessun commento
  • Esu LXE U-Reach WAC Lighting Image
  • Lenovo Software Sanyo Pompe d’acqua Pitney Bowes Apparecchi multifunzione Metz Flash per fotocamera ILuv Altoparlanti portatili
  • Philips SRP4004/53 Sony BDP-SX1 Whirlpool AKZM 760/WH AEG B8100-A
  • Sea gull lighting 78660-814 Guida di Installazione Philips SBA3005-00 Manuale Utente Nikon COOLPIX-L6 Manuale Utente Sony FDR-X1000V Manuale Utente Dbx Zone Pro 1261 Manuale Utente