Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ The Linux-based security settings Ipchains Firewall     - ISO image to use offline upgrade Ubuntu (Linux)

- Customize the 404 error page Nginx (Server)

- How to install Ubuntu strategy game Wesnoth 1.12.0 (Linux)

- Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)

- RHEL5 / 6 Installation Notes (Linux)

- Use UDEV SCSI Rules configured ASM on Oracle Linux 5 and 6 (Database)

- 20 Top Linux commands (Linux)

- Linux / Windows setup is complete port range (Linux)

- Using Oracle for Oracle GoldenGate to achieve a one-way data synchronization (Database)

- Hyper-V virtual hard disk how to copy files to and attached to the virtual machine (Linux)

- Git use and interpretation of common commands (Linux)

- JDK tools jstat (Linux)

- Let Linux operating system more secure (Linux)

- build Android environment on Ubuntu 12.04 (Server)

- To install Oracle Database Details and FAQ Summary under CentOS (Database)

- How ONLYOFFICE collaborative editing document on Linux (Linux)

- Commonly used Linux system camouflage method (Linux)

- OpenJDK7 source compiler installation on CentOS 6.5 (Linux)

- EXP-00091: Exporting questionable statistics Processing Method (Database)

- C # get the current screenshot (Programming)

  The Linux-based security settings Ipchains Firewall
  Add Date : 2017-01-08      
  As we all know, Linux can be used as an excellent firewall software. Whether it is combined with the use of Web or FTP sites, or as an internal LAN front-end server, Linux users are able to construct to meet the special needs of the firewall to provide the necessary tools.
ipchains built into the Linux kernel, it is a system among refusal to accept the basic firewall tool for routing data packets. Thanks ipchains, coupled with the Linux operating system, the inherent cost advantage for the LAN connection to the Internet or corporate network firewall, Linux is undoubtedly a cheap option.
Firewall Types
Linux kernel defines three types of firewall traffic filtering, the different rules applied to a variety of communication functions to form a very wide range of firewall. Three basic types are as follows:
Enter Firewall (Input Firewall): All incoming data before receiving input firewall rules have been checked.
Firewall output (Output Firewall): All outgoing data before sending the output firewall rules have been checked.
Forwarding Firewall (Forwarding Firewall): All data forwarded before forwarding firewall rules have been sent to check.
Users can define their own rules (or "chain", ie chains), which acts on the three basic firewall rules extensions.
Firewall Policy
All three of these additional rules as well as user-defined type has a default policy, the default policy controls how the system processes the packet arrival special firewall. Users can either use a standard policy for any rules to be transferred to another user-defined rules for further processing. The standard strategy:
ACCEPT (accepted): Permits the packet through the firewall.
REJECT (reject): Drops the packet and sends an ICMP error message to the sender of the packet. Here ICMP refers to Internet Control Message Protocol, namely Internet Control Message Protocol.
DENY (rejected): discards the packet, it does not provide any error message to the sender.
MASQ (camouflage): camouflage (Masquerade) packet to make it look like from the local system. This strategy is particularly useful when Linux as a router.
REDIRECT (forwards): No matter where the destination of the packet, forwards it to the specified port on the local system.
RETURN (return): This policy is only valid for the user-defined rules, which means a direct return to the calling chain. If the policy is applied in some core chain, which means that the chain out and replaced with the default policy of the chain.
Chain construction rules
ipchains construction rules chain method is quite simple and very flexible. For any chain, the user can specify a range of options, including:
Protocol type (TCP, UDP, ICMP or ALL).
The packet's source address (in the format: address [/ mask] [port [: port]]).
(Same format as the source address) data packet destination address.
Destination port number (format: port [: port]]).
ICMP packet type (there are many types of ICMP messages, you can specify the rule to a particular type).
Rule applies interface (such as eth0).
There are other options, you can specify the priority of different types of TCP packets through them. For example, give the FTP package than the IRC (Internet Relay Chat) packets a higher priority. Another example is provided for certain logging chain; set up more detailed options, such as packet type, size and so on.
Given the variety ipchains rich features and options to build a firewall may be very simple or very complex, which is related to specific needs. Simple firewall can only be made 4-5 of commands; complex firewall may consist of hundreds ipchanins of commands, locking all, only the specific services and ports open when the user needs.

Build good firewall is a very complex task, firewall script examples
Here is a simple firewall script.
ipchains -A input -i eth0 -s -j REJECT
ipchains -A input -d 25 -j ACCEPT
ipchains -A input -d -j ACCEPT
ipchains -A input -d -syn -j REJECT

The script to add some rules to the input chain of rules. Meaning the first rule is that any data packet to the external interface, dressed as if its source address from the internal network (192.168), it is discarded, it is because someone is trying to cheat. The next two rules mean that receive all destined for (this is a mail server that provides SMTP service on port 25, a POP3 server on port 110). Mean a final rule is to reject all other SYN bit set incoming TCP connection (the SYN bit set represents attempt to initiate a connection).
Whether it is to provide a firewall for Linux servers, or provide for the internal LAN firewall / router, ipchains can provide powerful filtering capabilities. A complete firewall configuration brings safety and protection is priceless. Linux people have any desired configuration of the firewall required flexibility and strength, but also the unique advantages of low cost.
- Linux Mint brightness adjustment --xrandr command learning (Linux)
- How to protect your eyes automatically adjust the screen brightness on Linux (Linux)
- Shell generated using automated configuration script Orabbix (Database)
- Ubuntu uses the / etc / profile file to configure the JAVA environment variable (Linux)
- Linux Command Line Art (Linux)
- Linux port scanning (Linux)
- Eclipse configuration GTK (Linux)
- Oracle 11G using DG Broker create DataGuard (Database)
- Use Vagrant build cross-platform development environment for Python (Server)
- LAMP and LNMP automated installation scripts (Server)
- Linux 101 hack book reading notes (Linux)
- NaSC using simple mathematical operations on Ubuntu and Elementary OS (Linux)
- MongoDB 3.2 to upgrade from 3.0.7 (Database)
- 20 open source / commercial Linux server management control panel (Server)
- grep command Detailed and relevant examples (Linux)
- secureCRT remote login Linux must first open the connection protocol (Linux)
- for (int a: i) the use of the Java programming (Programming)
- Incremental garbage collection mechanism for Ruby 2.2 (Programming)
- Close Pycharm spell check (Programming)
- Use the TC flow control test under Linux (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.