Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 175
- Pagina / 282
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Chapter 14. Firewalling with iptables 175
• -x — Expands numbers into their exact values. On a busy system, the number of packets and
bytes seen by a particular chain or rule may be abbreviated using K (thousands), M (millions), and G
(billions) at the end of the number. This option forces the full number to be displayed.
• -n — Displays IP addresses and port numbers in numeric format, rather than the default hostname
and network service format.
• --line-numbers — Lists rules in each chain next to their numeric order in the chain. This option
is useful when attempting to delete a specific rule in a chain, or to locate where to insert a rule
within a chain.
14.4. Storing iptables Information
Rules created with the iptables command are only stored in RAM. If you restart your system after
setting up various iptables rules, they are lost. If you want particular rules to take effect whenever
your system boots, you need to save them to the /etc/sysconfig/iptables file.
To do this, arrange your tables, chains, and rules the way they should be the next time the system
boots or iptables is restarted, and type the /sbin/service iptables save command as the
root user. This causes the iptables init script to run the /sbin/iptables-save program and
write the current iptables configuration to the /etc/sysconfig/iptables file. This file should
only be readable by root, so your precise packet filtering rules are not viewable by average users.
The next time the system boots, the iptables init script will reapply the rules saved in
/etc/sysconfig/iptables by using the /sbin/iptables-restore command.
While it is always a good idea to test a new iptables rule before committing it to the
/etc/sysconfig/iptables file, it is possible to copy iptables rules into this file from another
system’s version of this file. This allows you to quickly distribute sets of iptables rules to many
different machines at once.
14.5. Additional Resources
See the sources below for additional information on packet filtering with iptables.
14.5.1. Installed Documentation
• The iptables man page contains a comprehensive description of various commands, parameters,
and other options.
14.5.2. Useful Websites
• http://netfilter.samba.org — Contains assorted information about iptables, including an FAQ ad-
dressing specific problems you may see and various helpful guides by Rusty Russell, the Linux
IP firewall maintainer. The HOWTO documents here cover subjects such as basic networking con-
cepts, 2.4 kernel packet filtering and NAT configurations.
• http://www.linuxnewbie.org/nhf/intel/security/iptables_basics.html —A very basic and general
look at the way packets move through the Linux kernel, plus an introduction to constructing
simple iptables commands.
• http://www.redhat.com/support/resources/networking/firewall.html — This page has
update-to-date links to a variety of packet filter resources.
- Red Hat Linux 7.3 1
- The Official Red Hat Linux 1
- Reference Guide 1
- Table of Contents 3
- Introduction 7
- 1.2. For the More Experienced 9
- 2. Document Conventions 10
- Mail backupfiles mail reports 11
- [stephen@maturin stephen]$ 12
- 3. Using the Mouse 13
- 5. More to Come 13
- 6. Sign Up for Support 13
- System Reference 15
- Chapter 1 17
- File System Structure 17
- 1.2.1. FHS Organization 18
- /usr/local/sbin." 19
- /usr." 20
- 1.3. Special File Locations 21
- Chapter 2 23
- The /proc File System 23
- 2.2. Top-Level Files in /proc 24
- /proc File System 25 25
- /proc File System 26
- /proc File System 27 27
- /proc File System 29 29
- /proc File System 31 31
- /proc File System 33 33
- /proc File System 35 35
- 2.3. Directories in /proc 37
- /proc File System 39 39
- /proc File System 41 41
- /proc File System 43 43
- /proc File System 45 45
- /proc File System 47 47
- /proc File System 49 49
- /proc File System 51 51
- 2.4. Using sysctl 52
- 2.5. Additional Resources 52
- /proc File System 53 53
- Chapter 3 55
- /etc/lilo.conf 56
- 3.2.2. Init 58
- 3.2.3. SysV Init 60
- 3.3. Sysconfig Information 61
- • CLOCKMODE= 63
- DESKTOP="GNOME" 64
- LANG="en_US" 65
- • DEVICE= 68
- • ROOTDIR=" 68
- /dev/raw/raw1 /dev/sda1 70
- /dev/raw/raw2 8 5 70
- • CARDTYPE= 71
- /etc/sysconfig/ Directory 72
- 3.4. Init Runlevels 73
- 3.6. Shutting Down 74
- ELILO boot loader 75
- Chapter 4 77
- 4.1.2. GRUB Features 78
- 4.2. Terminology 79
- 4.2.2. File Names 80
- 4.3. Interfaces 81
- 4.4. Commands 82
- 4.6. Additional Resources 84
- 86 Chapter 4. GRUB 86
- Chapter 5 87
- The ext3 File System 87
- /sbin/fdisk /dev/hdb 88
- /sbin/mkfs -t ext3 /dev/hdbX 89
- /sbin/tune2fs -j /dev/hdbX 90
- -y /dev/hdb1 91
- Chapter 6 93
- Users and Groups 93
- 6.3. Standard Groups 94
- 6.4. User Private Groups 96
- /usr/lib/emacs/site-lisp 97
- 6.5. Shadow Utilities 98
- Chapter 7 99
- X Servers and Clients 99
- 7.2. The XFree86 Server 100
- 7.3.1. Window Managers 104
- 7.4. Runlevels 105
- 7.4.2. Runlevel 5: prefdm 106
- 7.5. Fonts 107
- 7.5.1. xfs Configuration 108
- 7.5.2. Adding Fonts 108
- 7.6. Additional Resources 109
- 7.6.2. Useful Websites 110
- 7.6.3. Related Books 110
- Security Reference 111
- Chapter 8 113
- 8.3. PAM Modules 114
- 8.4. PAM Module Control Flags 115
- 8.5. PAM Module Paths 116
- 8.6. PAM Module Arguments 116
- 8.8. PAM and Device Ownership 118
- 8.9. Additional Resources 119
- Chapter 9 121
- TCP Wrappers and xinetd 121
- 9.2.1. Formatting Rules 122
- 9.4. Additional Resources 128
- 9.4.2. Useful Websites 129
- Chapter 10 131
- SSH Protocol 131
- 10.3. Layers of SSH Security 132
- 10.3.2. Authentication 133
- 10.3.3. Connection 134
- 10.5.1. X11 Forwarding 135
- 10.5.2. Port Forwarding 135
- • telnet 136
- Chapter 10. SSH Protocol 137 137
- 138 Chapter 10. SSH Protocol 138
- Chapter 11 139
- Kerberos 139
- 11.3. Kerberos Terminology 140
- 11.4. How Kerberos Works 141
- 11.5. Kerberos and PAM 142
- 11.8. Additional Resources 145
- 146 Chapter 11. Kerberos 146
- Chapter 12 147
- 12.3. File Locations 150
- 12.4. Tripwire Components 151
- 12.6. Selecting Passphrases 152
- 12.9. Printing Reports 153
- /etc/hosts, type a 154
- 12.12. Tripwire and Email 156
- 12.13. Additional Resources 157
- Network Services Reference 159
- Chapter 13 161
- Network Scripts 161
- 13.1.2. Dialup Interfaces 162
- 13.1.3. Alias and Clone Files 164
- /sbin/service network action 165
- 13.3. Network Functions 166
- Chapter 14 167
- Firewalling with iptables 167
- 14.3.1. Tables 169
- 14.3.2. Structure 169
- 14.3.3. Commands 169
- 14.3.4. Parameters 170
- 14.3.5. Match Options 171
- 14.3.6. Target Options 173
- 14.3.7. Listing Options 174
- 14.5. Additional Resources 175
- Chapter 15 177
- 178 Chapter 15. Apache 178
- /sbin/service httpd start 179
- /sbin/service httpd stop 179
- /sbin/service httpd restart 179
- /sbin/service httpd reload 179
- 15.3.20. ClearModuleList 183
- 15.3.21. AddModule 183
- 15.3.22. ExtendedStatus 183
- 15.3.23. Port 183
- 15.3.24. User 183
- 15.3.25. Group 184
- 15.3.26. ServerAdmin 184
- 15.3.27. ServerName 184
- 15.3.28. DocumentRoot 184
- 15.3.29. Directory 184
- 15.3.30. Options 185
- 15.3.31. AllowOverride 185
- 15.3.32. Order 185
- 15.3.35. UserDir 186
- 15.3.36. DirectoryIndex 186
- 15.3.37. AccessFileName 186
- 15.3.33. Allow 186
- 15.3.34. Deny 186
- 15.3.44. ErrorLog 188
- 15.3.45. LogLevel 188
- 15.3.46. LogFormat 188
- 15.3.47. CustomLog 188
- 15.3.48. ServerSignature 189
- 15.3.49. Alias 189
- 15.3.50. ScriptAlias 189
- 15.3.51. Redirect 190
- 15.3.52. IndexOptions 190
- 15.3.53. AddIconByEncoding 190
- 15.3.54. AddIconByType 190
- 15.3.62. AddLanguage 192
- 15.3.63. LanguagePriority 192
- 15.3.64. AddType 192
- 15.3.65. AddHandler 192
- 15.3.66. Action 192
- 15.3.67. MetaDir 193
- 15.3.68. MetaSuffix 193
- 15.3.69. ErrorDocument 193
- 15.3.70. BrowserMatch 193
- 15.3.71. Location 193
- 15.3.72. ProxyRequests 195
- 15.3.73. ProxyVia 195
- 15.3.74. Cache Directives 195
- 15.3.75. NameVirtualHost 195
- 15.3.76. VirtualHost 196
- 15.3.77. SetEnvIf 196
- 15.5. Using Virtual Hosts 198
- 15.6. Additional Resources 200
- Chapter 16 201
- 16.1.2. POP 202
- 16.1.3. SMTP 202
- 16.2.1. Mail User Agent 203
- 16.2.2. Mail Transfer Agent 203
- 16.3. Sendmail 204
- /etc/sendmail.cf by running: 206
- FEATURE(’ldap_routing’)dnl 208
- 16.4. Fetchmail 209
- • daemon 210
- 16.5. Procmail 212
- 16.5.1. Procmail Configuration 213
- 16.5.2. Procmail Recipes 214
- /dev/null 217
- 16.6. Security 218
- 16.7. Additional Resources 219
- 16.7.2. Useful Websites 220
- 16.7.3. Related Books 220
- Chapter 17 221
- 17.2. BIND Configuration Files 222
- 17.2.1. /etc/named.conf 223
- • include " 224
- • key " 224
- • view " 225
- • zone " 226
- 17.2.2. Zone Files 227
- $ORIGIN domain.com 228
- 259200 3D 231
- 604800 1W 231
- 31536000 365D 231
- SOA records 231
- 17.3. Using rndc 233
- 17.3.2. Command Line Options 235
- 17.4. BIND Advanced Features 236
- 17.6. Additional Resources 237
- 17.6.2. Useful Websites 238
- 17.6.3. Related Books 238
- Chapter 18 239
- Network File System (NFS) 239
- 18.1.1. NFS and portmap 240
- 100003 3 udp 2049 nfs 241
- 100021 1 udp 1028 nlockmgr 241
- 100021 3 udp 1028 nlockmgr 241
- 100021 4 udp 1028 nlockmgr 241
- [root@bleach /]# 241
- 18.2.1. /etc/exports 242
- 18.3.1. /etc/fstab 243
- 18.3.2. autofs 244
- 18.4. Securing NFS 245
- 18.5. Additional Resources 246
- 18.5.2. Related Books 247
- Chapter 19 249
- 19.3. Uses for LDAP 250
- 19.4. LDAP Terminology 250
- 19.6. OpenLDAP Files 251
- 19.6.2. The schema Directory 252
- 19.9. OpenLDAP Setup Overview 254
- 19.11. Additional Resources 256
- 19.11.2. Useful Websites 257
- 19.11.3. Related Books 257
- Appendixes 259
- Appendix A 261
- A.2. CD-ROM Module Parameters 262
- A.3. SCSI parameters 264
- A.4. Ethernet Parameters 267
Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
(6 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.029 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale