In general, there are two strategies for implementing the firewall function of Linux. One is to first completely ban all input, output, and forwarding of data packets, and then gradually open various service functions according to the specific needs of users. This method is characterized by high security, but must fully consider the various service functions required by the user, without any omissions, and require the system administrator to clearly know which services and ports need to be opened to implement certain services and functions. The second way is to first open all input and output data packets by default, and then prohibit certain dangerous packets, IP spoofing packets, broadcast packets, ICMP service type attacks, etc.; for application layer services, like http, sendmail, pop3, ftp Etc., you can selectively start or install. Although this method is not safe, it is easier to configure. You can configure a basic firewall system without much knowledge of the ipchains command.
The proxy server I manage is IBM's Netfinity3000, which has RedHat Linux 6.2 and Squid-2.3 installed. There are two network cards, the external network card is eth0 (211.98.126.180), and the internal network card is eth1 (192.168.0.1). ), the client's IP address is 192.168.0.xxx. Follow the second method to set up a firewall, the specific process is as follows:
After installing the system, log in as root, create a script called firewall.rules in the /etc/rc.d/directory with vi After the creation is complete, execute the command chmod 755 firewall.rules to make sure it is an executable file; then open the /etc/rc.d/rc.local file with vi and add a line /etc/rc.d/firewall.rules to ensure Each time the machine is started, it can execute the set firewall rules.
The contents of the firewall.rules file are slightly omitted.
If your machine has only one network card and dials up via Modem, then the network card connected to the internal network should be eth0, the IP address may be 192.168.0.1, the external interface is ppp0, you only need to put the firewall.rules file The eth0 in the content can be changed to ppp0. After setting the above firewall rules, you can disable all unnecessary services in /etc/inetd.conf, leaving only ftp and telnet; set /etc/hosts.allow and /etc/hosts.deny, only allow internal Some administrative users log in to the firewall. The above method runs successfully in the environment where the author is located, and solves the problem of Outlook Express sending and receiving emails.
Security dog service cloud is a server security management cloud platform, it has a lot of useful
In the current data center TCO cost structure, server and cabinet costs are the maximum cost, accoun
At present, there are more and more schools using Windows 2003 as a web server. However, for users w
As Web servers are being targeted by more and more hackers and worm m
Ten more common server management error analysis
Administrator Essentials Mainframe Backup Tool Application Guide
Win2000 installation and server configuration (on)
Linux server from entry to proficient 52 questions
The advantages and disadvantages of the fine blade server
16 Linux server monitoring commands that you must know
How to deal with data center cloud storage disaster recovery?
Five ways to improve virtual server architecture performance
What does idc mean and what services does idc contain?
User server requirements analysis and server selection skills
Windows XP automatic restart failure simple solution
Win7 Ultimate 32-bit system has 4G memory but shows only 2G available How to solve
How to restore the default settings of the Win10 10565 preview printer?
How to choose win10 multi-version? Windows 10 versions of the difference comparison introduction
Windows7 system disables Netmeeting whiteboard program method graphic tutorial
Two ways to set IE browser as the default browser under win10 system
Why Linux doesn't need defragmentation
Any task that upgrades winTH2 PC starts up 30% faster than Win7
What is the reason that the boot system prompts boot.ini illegal?