Multiple methods to manage Opensolais firewall (1)

Bkjia.com exclusive Article] for server systems connected to the Internet, make it clear that the network is not secure. Therefore, although creating a firewall does not guarantee 100% system security, it is absolutely necessary. BKJIA Wang Wenwen: at the end of last year, Oracle said it would increase investment in OpenSolaris, I don't know if they do not count, but we haven't seen the new version of Opensolaris. Even if they do not count, the powerful functions of Solaris and Opensolaris and the long-tested Unix features will continue to affect the tech crowd ).

1. Use command line to manage Opensolais Firewall

1. view the running status of the IPFilter packet filtering Firewall

◆ The startup and shutdown of IPFilter on OpenSolaris are managed by SMF, And the IP Filter Firewall is installed along with the operating system. However, packet filtering is enabled by default. Run the following command.

# svcs |grep ipf Online     4:36:28 svc:/network/ipfilter:default

2. View Nic Interfaces

# ifconfig -a lo0: flags=2001000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nfo0: flags=1100843 mtu 1500 index 2 inet 192.168.0.17 netmask ffffff00 broadcast 192.168.0.255 ether 8:0:27:60:d7:88 lo0: flags=2002000849 mtu 8252 index 1 inet6 ::1/128

The NIC interface is nfo0.

3. edit a firewall rule

Open Port 22 of the server and allow ssh remote logon. The system administrator usually performs ssh remote logon, so port 22 must be enabled. Add a line in the IPFilter configuration file/etc/ipf. conf:

pass in log quick from any to any port = 22

The IPFilter configuration file/etc/ipf. con has only some description files by default and has no rules.

4. Start the service

#svcadm refresh network/ipfilter

5. reboot the computer and run the command "reboot"

6. test from the client computer

Next, we use putty to perform ssh connection detection from a windows computer that is connected to Opensorlaris.-1.

Figure-1 perform ssh operations from the client computer