Search the Community
Showing results for tags 'svcadm'.
Found 1 result
-
In acest mini-how to voi explica cum trebuie configurat firewall-ul intrun sistem Unix/Solaris10 [blade]# uname -a SunOS blade 5.10 Generic_147440-01 sun4u sparc SUNW,Sun-Blade Pentru a porni firewall-ul vor trebui puse online 3 servicii [blade]# svcadm enable svc:/network/pfil:default [blade]# svcadm enable svc:/network/ipfilter:default [blade]# svcadm enable svc:/system/rmtmpfiles:default Pentru a verifica daca serviciile sunt online [blade]# svcs | egrep '(pfil|ipfilter)' online 17:52:51 svc:/network/pfil:default online 17:53:04 svc:/network/ipfilter:default online 17:53:05 svc:/system/rmtmpfiles:default /etc/ipf/pfil.ap va trebui populat cu numele interfetei de retea Pentru a vedea numele interfetei de retea se va folosi ifconfig [blade]# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.123.110 netmask ffffff00 broadcast 192.168.123.255 ether 0:3:ba:92:89:ec [blade]# Interfata de retea este bge0 Numele interfetei bge . 0 fiind valoare primei interfete In fisierul /etc/ipf/pfil.ap se va introduce urmatoarea linie de ced echo "bge -1 0 pfil" > /etc/ipf/pfil.ap Regulile firewall-ului pot fi puse in /etc/ipf/ipf.conf Urmatorul comand va face in asa fel incat regulile sa fie citite din fisier ,deobicei vine rulat dupa ce vin introduse regulile ipf -Fa -f /etc/ipf/ipf.conf Urmatorul comand afiseaza in terminal regulile care au fost introduse si vin procesate de catre ipf [blade]# ipfstat -io block out log on bge0 all head 150 # Group 150 pass out quick proto tcp from any to any flags S/SA keep state group 150 pass out quick proto udp from any to any keep state group 150 pass out quick proto icmp from any to any keep state group 150 block in log on bge0 all head 100 # Group 100 pass in quick proto tcp from any to any port = ssh keep state group 100 pass in quick proto tcp from any to any port = 443 keep state group 100 pass in quick proto tcp from any to any port = 8080 keep state group 100 pass in quick proto icmp from any to any icmp-type echo keep state group 100 [blade]# Pentru a intelege structura regulilor puteti vizita urmatorul link IPFilter FAQ
