Iptables firewall basic configuration operating system environment: CentOS5.5 I. iptables reads the inbound and outbound packet headers and compares them with the rule set, forward acceptable data packets from one network adapter to another. rejected data packets can be discarded or processed as defined. II. self-contained IPTS in CentOS5.5
IptablesBasic firewall
Firewall transparent Mode setting (Jnuiper ssg- $ )The first is to understand what is the transparent mode of the firewall, which is equivalent to the firewall as a switch, the firewall will filter through the IP packets, but will not modify the IP packet header of any information.Advantages of Transparent Mode:1, do
Set the group number for the VSD, which can be used without input because the value of the default virtual security database (VSD) for the NetScreen firewall is 0.
SSG550 (M)-> set NSRP Vsd-group ID 0 Priority 50 sets the priority value of the NSRP primary device, the smaller the priority value, the higher the priority.
SSG550 (M)-> set NSRP RTO syn Set configuration sync
SSG550 (M)-> set NSRP vsd-group
Ubuntu14.04 firewall configuration1. Installation:Apt-get Install UFW2. Enable:UFW EnableUFW default Deny3. Turn ON/OFF:UFW Allow 22/TCP allows all external IP access to the native 22/tcp (SSH) portUFW deny 22/tcp Disable all external IP access to native 22/tcp (SSH) portsUFW Delete Deny 22/tcp remove a rule from the firewall4. Example:1) View native firewall status:2) Enable the firewall:Because I am using
configuration prerequisites on the Linux Server Setup tool, is our server security and deployment of large networks, often used in the important tools, very good grasp of iptables, can let us to the Linux server structure of the entire network a more thorough understanding, Better to master the Linux server Security configuration skills.Let's configure a firewall
deny_hosts.rules, the prompt timed out when connected. Allow_hosts.rules and Deny_hosts.rules inside both added rules, the re-starting APF will prompt the configuration of successful information, accidental discovery.APF (12234): {Trust} Allow outbound 192.168.1.139 to port 22APF (12234): {Trust} Allow inbound TCP 192.168.1.139 to port 22Iii. Common commands for APFApf-s//Start APF FirewallApf-r//Restart APF firewallApf-f//Refresh APF
Layer-3 egress connection to the internal port of the firewall
It is recommended that layer-3 core switches use VLAN1 to connect to the firewall's internal port. The Intranet access to the Internet may be slow due to IP redirection !!
The specific examples and solutions are as follows:
The core of a certain Enterprise Network is 4506, And the access is basically 2950 series. The core is an X 4548 GB nbs p;-RJ Business Board, with 48 ports uplinked to
auxiliary tools. iptables-save saves the current firewall settings,
Iptables-restore restores the configuration saved by iptables-save to the current system.
2. start and stop the iptables service:
The system runs the program using the iptables service. The startup script is saved in/etc/rc. d/init. d, and the script file name is iptables.
Default startup level 3 and 5
[Root @ localho
To ensure the high availability of network applications, two firewall devices of the same model can be deployed at the edge of the network to be protected during the deployment of Juniper firewall to implement HA configuration. Juniper firewall provides three high-availability application
Tags: action share picture res TCP number ICE Service remote connection modeOne, four modes of network card configuration
1, directly modify the configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens33
Bootproto represents the way the address is assigned, with DHCP, static, noneOnboot indicates whether the network adapter is enabled, the parameters are Yes, noThe subnet mask
Author: doublelee
Date: 2005-6-1
Tiannet firewall version 2.50 is compiled using Borland C and the rule configuration file is encrypted. To bypass its monitoring, you must be able to read and write its rule configuration file and restart it.This article mainly describes how to read and write the configuration file. By
Version: Red Hat Enterprise Linux4 symptom: NFS relies on portmap to allocate the port it listens. These ports are dynamically allocated, so each time NFS is restarted, the ports change. This makes it difficult to run an NFS server after only allowing access to the firewall on the specified port of the system. Solution: the first step is to assign a permanent port number to each NFS service (rquotad, mountd, statd, andlockd ). Because they can use any
Although Aliyun launched the Cloud Shield service, but it is always safer to add a layer of firewall, the following is my Aliyun VPS on the process of configuring the firewall, currently only configure input. Both output and ForWord are accept rules.
First, check the Iptables service status
First check the status of the Iptables service
[Root@woxplife ~]# service iptables status
Iptables:firewall
Considering the netscreen of network devices, the design of a special backup "NetScreen Redundancy Protocol (NSRP)", Redundancy Protocol (NSRP) is a proprietary protocol supported on selected NetScreen devices that provides high availability (HA) services.
To normally play the role of a network firewall, the NetScreen device must be placed on a single point in which traffic must be passed between all segments. Therefore, it is essential to maintain f
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/49/A0/wKioL1QW40DARF4WAAFejdzzg7c946.jpg "Title =" 11.jpg" alt = "wkiol1qw40darf4waafejdzzg7c946.jpg"/>
AR1 simulates the Internet and configures an IP address. When configuring a loopback address, AR1 is configured as follows:
Interface gigabitethernet0/0/0IP address 100.100.100.1 255.255.0#Interface loopback1IP address 200.200.200.1 255.255.255.0
The USG configuration is as follows:
# Co
Linux Modify SSH Port 22
The code is as follows
Copy Code
Vi/etc/ssh/ssh_configVi/etc/ssh/sshd_config
Then change to port 8888
As Root service sshd restart (Redhat AS3)
Using putty, Port 8888
Linux under the default SSH port is 22, for security reasons, now modify the SSH port is 1433, modify the method as follows:
The code is as follows
Copy Code
/usr/sbin/sshd-p 1433
First modify the
EMule for Linux? AMule Installation firewall configuration-general Linux technology-Linux technology and application information. For more information, see. 1. Download and install aMule
Here I am also from yum, because every time the software is installed, the system is always missing, and I have to find it online. yum is the best, and everything is done for you. If you want to upgrade your team to a low
How to configure a powerful firewall-iptabels configuration (1)
Today, I will lead you to build a powerful firewall for your servers! Let's get started ~What is iptables?
Ipbtales is a firewall software integrated into the Linux kernel. It can perform a series of filtering before the external devices are sent to our sy
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.