search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 29

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 28
/etc/sysconfig/ipchains.
As mentioned, this is a fairly minimalist set of rules, and possibly a sufficient starting point. An example
/etc/sysconfig/ipchains created by gnome−lokkit:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup−post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
−A input −s 0/0 −d 0/0 80 −p tcp −y −j ACCEPT
−A input −s 0/0 −d 0/0 25 −p tcp −y −j ACCEPT
−A input −s 0/0 −d 0/0 22 −p tcp −y −j ACCEPT
−A input −s 0/0 −d 0/0 23 −p tcp −y −j ACCEPT
−A input −s 0/0 −d 0/0 −i lo −j ACCEPT
−A input −s 0/0 −d 0/0 −i eth1 −j ACCEPT
−A input −s 127.0.0.1 53 −d 0/0 −p udp −j ACCEPT
−A input −s 0/0 −d 0/0 −p tcp −y −j REJECT
−A input −s 0/0 −d 0/0 −p udp −j REJECT
This is in a format that can be read by the ipchains command ipchains−restore. Consequently, a new or
modified set or rules can be generated with the ipchains−save, and redirecting the output to this file.
ipchains−restore is indeed how the ipchains init script processes this file. So for this to work, the
ipchains service must be activated:
# chkconfig ipchains on
Conversely, if you want to roll your own iptables rules instead, you should make sure the ipchains init service
is disabled. There is also an iptables init script, that works much the same as the ipchains version. There is
just no support from gnome−lokkit at this time.
5.3. Tcpwrappers (libwrap)
Tcpwrappers provides much the same desired results as ipchains and iptables above, though works quite
differently. Tcpwrappers actually intercepts the connection attempt, then examines its configurations files,
and decides whether to accept or reject the request. Tcpwrappers controls access at the application level,
rather than the socket level like iptables and ipchains. This can be quite effective, and is a standard
component on most Linux systems.
Tcpwrappers consists of the configuration files /etc/hosts.allow and /etc/hosts.deny. The
functionality is provided by the libwrap library.
Tcpwrappers first looks to see if access is permitted in /etc/hosts.allow, and if so, access is granted. If
not in /etc/hosts.allow, the file /etc/hosts.deny is then checked to see if access is not allowed.
If so, access is denied. Else, access is granted. For this reason, /etc/hosts.deny should contain only
one uncommented line, and that is: ALL: ALL. Access should then be permitted through entries in
Security Quick−Start HOWTO for Red Hat Linux
5.3. Tcpwrappers (libwrap) 26
Vedere la pagina 28
1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 81 82

Commenti su questo manuale

Nessun commento
  • Televes Boomchair Sam4s Stingray Boats Hughes & Kettner
  • Fujitsu Asciugatrici Belkin Server per stampa Roland Convertitori di segnale JVC Kit per auto HP Fotocopiatrice
  • Compaq H3900 Symphonic WF-1901 Cisco NM-HDA-4FXS= Korg D1600 Panasonic PVGS65
  • Oki 391 Manuale Utente AEG F65402VI0P Manuale Utente Electrolux EOC95651BX Manuale Utente Salton BL-1051 Manuale Utente Black & Decker LDX172 Manuale delle Istruzioni