Sida loo dhigay ilaa iptables si loo joojiyo baabuurta oo dhan Ssh in Debian Linux marka laga reebo?

Hubi qaabeynta iptables hadda
iptables -S

Your soo saarka waa inay ahaadaan kuwo madhan sida soo socota…

  -Aqbasho P aqbalaa
  -P FORWARD aqbalaa
  Saarka -P aqbalaa

 

Haddii iptables ma madhan tahay sida kor ku xusan markaa dekedaha dheeraad ah ayaa laga yaabaa inuu u furan on your mashiinka. Kiiskan, si miiska loogu turin, nooca iptables -F, markaas hubi qaabeynta iptables by teeb iptables -S.

 

Hubi in ay xidid

su
 

qaabeynta gala ka dib markii mid ka mid ah line fari waqti. Fadlan hubi amarka laga soo galo waa la mid ah sida hoos ku qoran, haddii kale oo aad joojin karaa Ssh.

   iptables -Ciidamada aqbasho -Ma bal eeg aqbalaa -j
   iptables -Ciidamada aqbasho -p D TCP --dport TCP 22 -j aqbalaa
   iptables -Ciidamada bal eeg -o saarka -j aqbalaa
   iptables -Waxaa soo saarka -p --sport TCP 22 -m gobolka --state aasaasay -j aqbalaa
   iptables -P DEJINTA aqbasho
   iptables -P DEJINTA saarka

In kor ku xusan, bal eeg waxaa loogu talagalay adabtarada loopback oo loo baahan yahay by codsiyada qaar ka mid ah iyo waxa aan codsiyada qaar ka jebin kartaa.

 

Waxa kale oo laga yaabaa in aad rabto in ay u oggolaadaan gaadiidka oo dhan si ay wax soo saarka. Sidaa darteed, Xeerarka soo socda codsan lahaa halkii kor ku xusan…

   iptables -Ciidamada aqbasho -Ma bal eeg aqbalaa -j
   iptables -Ciidamada aqbasho -p D TCP --dport TCP 22 -j aqbalaa
   iptables -P DEJINTA aqbasho

 

Haddii aad jeclaan lahayd inaad oggol aasaasay iyo baakooyinka la xiriira ka dibna la raacaa sharciyadaan lahaa. Tan la'aanteed ma awoodi doonaan in ay isticmaalaan-aad badnaayeen iyo codsiyada git. Isticmaal soo socda halkii kor ku xusan 2 qaybood xukunka.

   gobolka iptables aqbasho -Ma D --state aasaasay,LA XIRIIRA aqbalaa -j
   iptables -Ciidamada aqbasho -Ma bal eeg aqbalaa -j
   iptables -Ciidamada aqbasho -p D TCP --dport TCP 22 -j aqbalaa
   iptables -P DEJINTA aqbasho

Marka aad go'aansaday xeerarka ugu habboon ee aad nidaamka, waxaad u baahan doontaa si loo badbaadiyo sharciyada aad, haddii kale ma ay sii socon doonto ka dib markii rebooting

si ay u file a badbaadi xeerarka aad

iptables-save > /etc/iptables.conf

The kor ku xusan badbaadiyay ku taliso in file a. markaas waxaad u baahan doontaa in la soo dejiyo xeerar aad on reboot kasta

nano /etc/rc.local

Ku dar line soo socda in ay faylka, kor ku xusan exit 0

iptables-restore < /etc/iptables.conf
 

Hoos waxaa ku qoran qaar ka mid ah macnayaasha in xeerarka ...

Macnahoodu Cadyahay in baakadka waxa uu la xidhiidhaa xiriir ah oo uu arkay xirmooyin labada dhinacba

macnaha XIRIIRA in baakadda la bilaabo xidhiidh cusub, laakiin waxa uu la xidhiidhaa xiriir ah ee hadda jira, such as an FTP data transfer, ama qalad ICMP ah.

Leave a Reply