Home > Developer > Mobile Develop

Firewall Basics--TCP Wrappers and iptables two kinds of mechanisms

Source: Internet
Author: User
Tags wrappers
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

  2. Understanding Firewalls
    1. Concept
    2. Role
    3. Firewall category on Linux
      1. Packet filtering mechanism NetFilter
      2. Program Control mechanism TCP Wrappers
    4. General network Cabling
    5. Ability to use limits
  4. TCP Wrappers Program Control
    1. Concept:
      In short, TCP wrappers is managed through the two files of /etc/hosts.allow and /etc/hosts.deny , but not all software is available.
    2. Supported Services
      1. Super Daemon (XINETD) Managed Services
        Chkconfig--list the XINETD based services under Display content:
      2. Services that support libwrap.so modules
        Because the service that supports TCP wrappers must contain libwrap, this dynamic library can be observed by LDD:
        LDD ' which sshd ' | grep libwrap
        libwrap.so.0 =/lib/libwrap.so.0 (0x00145000)
      3. /etc/hosts. How to set {Allow|deny}
        1. Grammatical structure
          <service (program_name) >:<IP,domain,hostname>
          such as rsync:192.168.1.0/255.255.255.0
        2. Rule priority order
          1. /etc/hosts.allow
          2. /etc/hosts.deny
          3. If none of the above is met, release
  5. Packet filtering software: iptables
    Kernel2.4 and more than 2.6 use iptables this mechanism, PS:UNAME-R view core version
    2. Comparison and analysis order
      Rule1
      Rule2
      Policy Preset Packet action
    4. Table and Chain
      1. Table (Tables): Filter (Filter), Nat (), mangle ()
        1. Filter:input, OUTPUT, FORWARD
        2. NAT: Prerouting, Postrouting, OUTPUT
        3. mangle: multiple
      2. Chain (chain)
        1. INPUT: A rule that is primarily responsible for making packets that you want to enter into a Linux host
        2. OUTPUT
        3. FORWARD
    5. Grammatical structure
      2. View of rules
        iptables [-T tables] [-l] [-NV]
        1. -T
        2. -L: List Rule contents of table
        3. -N
        4. -V
      4. Iptables Content Composition

        Target Prot opt source destination
        1. Target
        2. Prot
        3. Opt
        4. Source
        5. Destination
      6. Purge of rules
        iptables [-t tables] [-FXZ]
        1. -F: Clears all existing rules (not permanent changes unless the configuration file is written)
        2. -X: Kill all Custom
        3. -Z: Zeroing all chain statistics
      8. Defining a preset packet action policy
        Policy: When your packet is not within the set rules, the packet is passed or not, whichever is the policy setting (that is, the last rule)
        iptables [-T tables]-p [chain] [Accept,drop]
        1. ACCEPT
        2. DROP
      10. The comparison setting of the packet
        Usage: iptables [-ai chain] [-io network Interface] [-P protocol] [-s source IP] [-d Destination IP]-j [accept| drop| Reject| LOG]
        Example:
        Iptables-i input-i eth0-d--dport 22-j DROP #禁止远程主机SSH连接
        If no item is specified, the item is fully accepted
        1. -A: New rule added
        2. -I: Inserting a new rule
        3. -I: Ingress network interface for use with input chain
        4. -O: Egress network interface
        5. -P: Set this rule to apply that kind of protocol, mainly Tcp,udp,icmp,all
        6. -S
        7. -D
        8. -j
        9. -P [TCP|UDP]--sport
        10. -P [TCP|UDP]--dport
      12. iptables Plug-in module
        Usage:-M [State|mac]--state |--mac
        Example:
        iptables-a input-m State--state related -j ACCEPT
        Iptables-i input-m mac--mac-source aa:bb:cc:dd:ee:ff
        1. --state: Status of some packets
          INVALID
          established
          new< br>related
        2. --mac: Set rules based on MAC address
      14. ICMP packet rule: for response ping
        Usage:-m ICMP--icmp-type
        1. icmp-type corresponding to
          0 3 4 8 11 12
          echo Reply not up source quench echo request ttl=0 Bad package
        2. Disable remote host ping package
          Iptables-i input-p ICMP--icmp-type 8-j DROP & nbsp   #不接受echo Request
          or
          Iptables-i output-p ICMP--icmp-type 0-j DROP     #不发出echo reply
        li>
      16. Write Firewall rule configuration file
        Configuration file /etc/sysconfig/iptables
        /etc/init.d/iptables Save #将防火墙规则写入到/etc/sysconfig/iptables
        #iptables: Saving firewall rules to/etc/sysconfig/iptables:[ OK ]
    7. IPV4 's core management function:/proc/sys/net/ipv4/*

Firewall Basics--TCP Wrappers and iptables two kinds of mechanisms

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
meaning of wrappers iptables tcp iptables basics kinds of resources kinds of tomatoes different kinds of kindles different kinds of google
Related Article
PDF expansion Pack--laravel-dompdf and laravel-snappy used in...
[Android Security] Dex File Format Analysis
Bwapp----Mail Header injection (SMTP)
Android TextView: "Do not concatenate text displayed with Set...
Server based PHP codeigniter,android based on volley for mult...
Several ways iOS intercepts redirect requests (302)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More