Ṣiṣawari Iṣeto ogiri ogiri Shorewall ati Awọn aṣayan Laini Commandfin

Ninu nkan iṣaaju mi, a wo Shorewall, bawo ni a ṣe le fi sii, ṣeto awọn faili iṣeto, ati tunto ibudo ṣiṣatunkọ lori NAT. Ninu nkan yii, a yoo ṣe iwadi diẹ ninu awọn aṣiṣe wọpọ ti Shorewall, diẹ ninu awọn solusan, ati lati gba ifihan si awọn aṣayan laini aṣẹ rẹ.

  1. Shorewall - Ogiriina Ipele Ipele giga fun tito leto Awọn olupin Linux - Apá 1

Shorewall nfunni ni ọpọlọpọ awọn ofin ti o le ṣiṣẹ lori laini aṣẹ. Wiwo ni oju-ile ọkunrin ni o yẹ ki o fun ọ ni ọpọlọpọ lati rii, ṣugbọn iṣẹ-ṣiṣe akọkọ ti a yoo ṣe ni ṣayẹwo lori awọn faili iṣeto wa.

$ sudo shorewall check

Shorewall yoo tẹjade ayẹwo ti gbogbo awọn faili iṣeto rẹ, ati awọn aṣayan ti o wa ninu wọn. Ijade yoo dabi nkan bi eleyi.

Determining Hosts in Zones...
Locating Actions Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/shrae/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn..
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking /usr/share/shorewall/action.Invalid for chain %Invalid...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /etc/shorewall/routestopped...
Shorewall configuration verified

Laini idan ti a n wa ni eyi ti o wa ni isalẹ ti o ka:\"A ṣafidi iṣeto Shorewall". Ti o ba gba awọn aṣiṣe eyikeyi, o ṣee ṣe julọ nitori awọn modulu ti o padanu ninu iṣeto ekuro rẹ.

Emi yoo fi han ọ bi o ṣe le yanju meji ninu awọn aṣiṣe ti o wọpọ julọ, ṣugbọn o jẹ ki o tun fun ekuro rẹ pẹlu gbogbo awọn modulu pataki ti o ba gbero lori lilo ẹrọ rẹ bi ogiriina kan.

Aṣiṣe akọkọ, ati wọpọ julọ, ni aṣiṣe nipa NAT.

Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Actions Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/shrae/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn..
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /etc/shorewall/masq...
    ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15)

Ti o ba n rii nkan ti o jọra eyi, awọn aye ni pe Kernel lọwọlọwọ rẹ ko ṣajọ pẹlu atilẹyin fun NAT. Eyi jẹ wọpọ pẹlu awọn Kernels ti ita-jade ninu apoti. Jọwọ ka ikẹkọ mi lori\"Bii a ṣe le ṣajọ Kernel Debian kan” lati jẹ ki o bẹrẹ.

Aṣiṣe miiran ti o wọpọ ti a ṣe nipasẹ ayẹwo ni aṣiṣe nipa awọn iptables ati gedu.

[email :/etc/shorewall# shorewall check
Checking...
Processing /etc/shorewall/params...
Processing /etc/shorewall/shorewall.conf
Loading Modules..
   ERROR: Log level INFO requires LOG Target in your kernel and iptables

Eyi tun jẹ nkan ti o le ṣajọ sinu Kernel tuntun, ṣugbọn atunṣe yara wa fun rẹ, ti o ba fẹ lo ULOG. ULOG jẹ ilana gedu oriṣiriṣi lati syslog. O rọrun lati lo.

Lati ṣeto eyi, o ni lati yipada gbogbo apeere ti\"info" si\"ULOG" ni gbogbo awọn faili iṣeto rẹ ni/ati be be lo/shorewall. Atẹle atẹle le ṣe iyẹn fun ọ.

$ cd /etc/shorewall
$ sudo sed –i ‘s/info/ULOG/g’ *

Lẹhin eyini, satunkọ faili /etc/shorewall/shorewall.conf ki o ṣeto ila naa.

LOGFILE=

Si ibiti iwọ yoo fẹ ki iwe-akọọlẹ rẹ wa ni fipamọ. Mi wa ni /var/log/shorewall.log.

LOGFILE=/var/log/shorewall.log

Ṣiṣe “sudo shorewall check” yẹ ki o fun ọ ni iwe owo ilera ti o mọ.

Ni wiwo ila laini aṣẹ ti Shorewall wa pẹlu ọpọlọpọ awọn ikan-ikan ọwọ fun awọn alakoso eto. Ọkan pipaṣẹ ti a lo nigbagbogbo, paapaa nigbati a ba n ṣe ọpọlọpọ awọn ayipada si ogiriina, ni lati fipamọ ipo iṣeto lọwọlọwọ ki o le yira pada ti awọn iloluran eyikeyi ba wa. Iṣeduro fun eyi jẹ rọrun.

$ sudo shorewall save <filename>

Yiyi sẹhin jẹ rọrun bi:

$ sudo shorewall restore <filename>

Shorewall tun le bẹrẹ ati tunto lati lo itọsọna iṣeto miiran. O le ṣọkasi eyi ni aṣẹ ibẹrẹ, ṣugbọn iwọ yoo fẹ lati ṣayẹwo akọkọ.

$ sudo shorewall check <config-directory>

Ti o ba fẹ lati gbiyanju iṣeto naa nikan, ati pe ti o ba n ṣiṣẹ, bẹrẹ rẹ, o le ṣafihan aṣayan igbiyanju naa.

$ sudo shorewall try <config-directory> [  ]

Shorewall jẹ ọkan ninu ọpọlọpọ awọn solusan ogiri ogiri ti o lagbara ti o wa lori awọn eto Linux. Laibikita kini opin iwoye nẹtiwọọki ti o rii ara rẹ lori, ọpọlọpọ rii i lati rọrun ati iwulo.

Eyi jẹ ṣugbọn ibẹrẹ kekere, ati ọkan ti o le gba ọ ni ọna rẹ laisi lilọ si darale sinu awọn imọran nẹtiwọọki. Gẹgẹbi igbagbogbo, jọwọ ṣe iwadi ki o wo oju-iwe eniyan ati awọn orisun miiran. Atokọ ifiweranṣẹ Shorewall jẹ aye ti o ni ẹru, ati pe o wa ni imudojuiwọn ati itọju daradara.