[ebook] IpTables Tutorial.pdf
(
1659 KB
)
Pobierz
Opera
Iptables Tutorial 1.1.9
Página 1
Iptables Tutorial 1.1.9
Oskar Andreasson
blueflux@koffein.net
Copyright © 2001 by Oskar Andreasson
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU
Free Documentation License, Version 1.1; with the Invariant Sections being "Introduction" and all sub-
sections, with the Front-Cover Texts being "Original Author: Oskar Andreasson", and with no Back-
Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation
License".
All scripts in this tutorial are covered by the GNU General Public License. The scripts are free source;
you can redistribute them and/or modify them under the terms of the GNU General Public License as
published by the Free Software Foundation, version 2 of the License.
These scripts are distributed in the hope that they will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License within this tutorial, under the
section entitled "GNU General Public License"; if not, write to the Free Software Foundation, Inc., 59
Temple Place, Suite 330, Boston, MA 02111-1307 USA
Table of Contents
Introduction
Why this document was written
How it was written
About the author
Dedications
Preparations
Where to get iptables
Kernel setup
1
userland setup
Compiling the userland applications
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
21:25:51 10/06/2002
Iptables Tutorial 1.1.9
Página 2
Installation on Red Hat 7.1
How a rule is built
Basics
Tables
Commands
Matches
Generic matches
Implicit matches
Explicit matches
Targets/Jumps
ACCEPT target
DROP target
QUEUE target
RETURN target
LOG target
MARK target
REJECT target
TOS target
MIRROR target
SNAT target
DNAT target
MASQUERADE target
REDIRECT target
TTL target
ULOG target
Traversing of tables and chains
General
Mangle table
1
Nat table
2
Filter table
rc.firewall file
example rc.firewall
explanation of rc.firewall
Configuration options
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
21:25:51 10/06/2002
Iptables Tutorial 1.1.9
Página 3
Initial loading of extra modules
proc set up
Displacement of rules to different chains
Setting up the different chains used
INPUT chain
The TCP allowed chain
The ICMP chain
The TCP chain
The UDP chain
OUTPUT chain
FORWARD chain
PREROUTING chain of the nat table
Starting the Network Address Translation
Example scripts
rc.firewall.txt script structure
The structure
rc.firewall.txt
rc.DMZ.firewall.txt
rc.DHCP.firewall.txt
10.
rc.UTIN.firewall.txt
rc.test-iptables.txt
rc.flush-iptables.txt
Detailed explanations of special commands
Listing your active ruleset
Updating and flushing your tables
Common problems and questionmarks
Passive FTP but no DCC
State NEW packets but no SYN bit set
Internet Service Providers who use assigned IP addresses
ICMP types
Other resources and links
Acknowledgements
History
GNU Free Documentation License
0.
PREAMBLE
1.
APPLICABILITY AND DEFINITIONS
2.
VERBATIM COPYING
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
21:25:51 10/06/2002
Iptables Tutorial 1.1.9
Página 4
3.
COPYING IN QUANTITY
4.
MODIFICATIONS
1.
5.
COMBINING DOCUMENTS
6.
COLLECTIONS OF DOCUMENTS
7.
AGGREGATION WITH INDEPENDENT WORKS
8.
TRANSLATION
9.
TERMINATION
10.
FUTURE REVISIONS OF THIS LICENSE
How to use this License for your documents
GNU General Public License
0.
Preamble
1.
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND
MODIFICATION
1.
2.
How to Apply These Terms to Your New Programs
Example scripts codebase
Example rc.firewall script
Example rc.DMZ.firewall script
Example rc.UTIN.firewall script
Example rc.DHCP.firewall script
Example rc.flush-iptables script
Example rc.test-iptables script
Introduction
Why this document was written
Well, I found a big empty space in the HOWTO's out there lacking in information about the iptables
and netfilter functions in the new Linux 2.4.x kernels. Among other things, I'm going to try to answer
questions that some might have about the new possibilities like state matching. Is it possible to allow
passive FTP to your server, but not allow outgoing DCC from IRC as an example? I will build this all
up from an example
rc.firewall.txt
file that you can use in your
/etc/rc.d/
scripts. Yes, this file
was originally based upon the masquerading HOWTO for those of you who recognize it.
Also, there's a small script that I wrote just in case you screw up as much as I did during the
configuration available as
rc.flush-iptables.txt
.
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
21:25:51 10/06/2002
Iptables Tutorial 1.1.9
Página 5
How it was written
I've placed questions to Marc Boucher and others from the core netfilter team. A big thanks going out
to them for their work and for their help on this tutorial that I wrote and maintain for boingworld.com.
This document will guide you through the setup process step by step, hopefully make you understand
some more about the iptables package. I will base most of the stuff here on the example rc.firewall file
since I find that example to be a good way to learn how to use iptables. I have decided to just follow
the basic chains and from there go down into each and one of the chains traversed in each due order.
This tutorial has turned a little bit harder to follow this way but at the same time it is more logical.
Whenever you find something that's hard to understand, just consult this tutorial.
About the author
I'm someone with too many old computers on my hands, sitting with my own LAN and wanting them
all to be connected to the Internet, at the same time having it fairly secure. The new iptables is a good
upgrade from the old ipchains in this regard. Before, you could make a fairly secure network by
dropping all incoming packages not destined to certain ports, but this would be a problem with things
like passive FTP or outgoing DCC in IRC, which assigns ports on the server, tells the client about it,
and then lets the client connect. There was some child diseases in the iptables code that I ran into in the
beginning, and in some respects I found the code not quite ready for release in full production. Today,
I'd recommend everyone who uses ipchains or even older ipfwadm etc to upgrade unless they're happy
with what their current code is capable of and if it does what they need it to.
Dedications
First of all I would like to dedicate this document to my wonderful girlfriend Ninel. She has supported
me more than I ever can support her to any degree. I wish I could make you just as happy as you
make me.
Second of all, I would like to dedicate this work to all of the incredibly hard working Linux developers
and maintainers. It is people like those who makes this wonderful operating system possible.
Preparations
This chapter is aimed at getting you started and to help you understand the role netfilter and
iptables
play in Linux today. This chapter should hopefully get you set up and finished to go with your
experimentation and installation of a firewall which should hopefully run smoothly in the future.
http://people.unix-fu.org/andreasson/iptables-tutorial/iptables-tutorial.html
21:25:51 10/06/2002
Plik z chomika:
Amiga7878
Inne pliki z tego folderu:
access_2007_the_missing_manual.pdf
(44664 KB)
101_excel_2013_tips_tricks_and_timesavers.pdf
(46676 KB)
(ebook - PDF) JBoss Group - JBoss All Docs Subscription.zip
(16897 KB)
(ebook - pdf) Hack Proofing Linux.pdf
(12097 KB)
(ebook-pdf) - SAMS - DB2 Developer's Guide-Fourth Edition.pdf
(19264 KB)
Inne foldery tego chomika:
Amiga Computing Magazine (UK)
Anticipation Fleuve Noir
Asimov
Buddhism
Cinefantastique
Zgłoś jeśli
naruszono regulamin