Disclaimer: 下面描述的有些內容可能不完全正確.但希望對你理解iptables有協助,如果你發現了錯誤,請通知我。





  誤區 - 防火牆並不能保證你的網路絕對安全

  堡壘主機(A bastion host)- In an ideal world, this would be true. However, a firewall is only as secure as the work you put into securing it.

  主機安全替換(A replacement for host security) - 每一項防火牆允許的服務都是潛在的風險。


  本地 - 對於在實際的物理串連而言,沒有安全可言。很明顯,防火牆對此無能為力。

  Local privilege escalation - The trojan horse attack. The attacker alreay has a local account on your box (inside the gates) and obtains root by some means (vulnerability or misconfiguration). A firewall cannot protect again this type of attacks.

  Remote - Your host is listening on a port that the attacker is able to connect to remotely over a network and exploit a vunerability somehow. This is the only type of attack a firewall can (hopefully) protect you against. There is another important point here that most firewall howtos neglect. In order for someone to exploit your box remotely, it has to be listening on some ports (i.e. providing a way for an attacker to connect). Therefore, if your host isn't listening on any ports, you are safe from remote exploits (unless the attacker manages to attack the network stack itself).


Beyond APAC's No.1 Cloud

19.6% IaaS Market Share in Asia Pacific - Gartner IT Service report, 2018

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >



如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。