TAILIEUCHUNG - Linux System Administration phần 9
Tường lửa của bạn có thể được hạn chế hoặc mở như bạn muốn. Có lẽ bạn chỉ đơn giản là muốn ngăn chặn những người bên ngoài tường lửa của bạn có thể Telnet vào hệ thống của bạn. Bạn có thể làm điều này bằng cách có các bức tường lửa từ chối các gói tin đến được yêu cầu để thiết lập những kết nối này. | Your firewall can be as restrictive or open as you wish. Perhaps you simply want to prevent people outside your firewall from being able to Telnet into your system. You may do this by having the firewall reject incoming packets that are required to set up such connections. In an alternate scenario you might want to filter packets from inside your local area network to prevent anyone from reaching a given IP address. How restrictive your firewall is depends upon the rules you set in IP chains or IP tables. The functionality for a packet-filtering firewall is built into the Linux kernel although you must recompile with certain network kernel options turned on. This is outlined in the Firewall-HOWTO maintained by Mark Grennan. Basically in selecting options you need to include routing defragmentation IP masquerading and multicast routing if you intend to do multicasting . Older kernels in the 1. era used a package called ipfwadm which is no longer supported. Kernels since use IP chains instead we ll talk about that in the IP Chains section below. The kernels use a new firewall utility known as iptables. Read the Firewall and Proxy Server HOWTO if you are building a firewall It will probably be helpful to read the Linux Networking HOWTO and the Linux IPCHAINS HOWTO as well. Most HOWTOs can be found on Red Hat s site at http mirrors LDP HOWTO . For information on IP tables look for information under the heading of NetFilter on http . A filtering firewall does not require high-end computer power. If you have an old 486DX66 or better with at least 16MB of memory 300-500MB of hard drive space and network connections you will do fine. In reality more often the system is at least a Pentium or a Pentium II with 32-64MB of memory and a 20GB hard drive the point is that you don t have to max out the specifications if the system is only to be used as a filtering firewall since the work of filtering packets doesn t heavily tax a .
đang nạp các trang xem trước