[Unix/Solaris] Enable Firewall

pyth0n3 · March 15, 2012

In acest mini-how to voi explica cum trebuie configurat firewall-ul intrun sistem Unix/Solaris10

[blade]# uname -a
SunOS blade 5.10 Generic_147440-01 sun4u sparc SUNW,Sun-Blade

Pentru a porni firewall-ul vor trebui puse online 3 servicii


[blade]# svcadm enable svc:/network/pfil:default
[blade]# svcadm enable svc:/network/ipfilter:default
[blade]# svcadm enable svc:/system/rmtmpfiles:default

Pentru a verifica daca serviciile sunt online


[blade]# svcs | egrep '(pfil|ipfilter)'
online         17:52:51 svc:/network/pfil:default
online         17:53:04 svc:/network/ipfilter:default
online         17:53:05 svc:/system/rmtmpfiles:default

/etc/ipf/pfil.ap va trebui populat cu numele interfetei de retea

Pentru a vedea numele interfetei de retea se va folosi ifconfig



[blade]# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.168.123.110 netmask ffffff00 broadcast 192.168.123.255
        ether 0:3:ba:92:89:ec 
[blade]#

Interfata de retea este bge0

Numele interfetei bge . 0 fiind valoare primei interfete

In fisierul /etc/ipf/pfil.ap se va introduce urmatoarea linie de ced

echo "bge    -1      0       pfil" > /etc/ipf/pfil.ap

Regulile firewall-ului pot fi puse in /etc/ipf/ipf.conf

Urmatorul comand va face in asa fel incat regulile sa fie citite din fisier ,deobicei vine rulat dupa ce vin introduse regulile

ipf -Fa -f /etc/ipf/ipf.conf

Urmatorul comand afiseaza in terminal regulile care au fost introduse si vin procesate de catre ipf


[blade]# ipfstat -io                                 
block out log on bge0 all head 150
# Group 150
pass out quick proto tcp from any to any flags S/SA keep state group 150
pass out quick proto udp from any to any keep state group 150
pass out quick proto icmp from any to any keep state group 150
block in log on bge0 all head 100
# Group 100
pass in quick proto tcp from any to any port = ssh keep state group 100
pass in quick proto tcp from any to any port = 443 keep state group 100
pass in quick proto tcp from any to any port = 8080 keep state group 100
pass in quick proto icmp from any to any icmp-type echo keep state group 100
[blade]#

Pentru a intelege structura regulilor puteti vizita urmatorul link

IPFilter FAQ

Edited March 24, 2012 by pyth0n3

Sign In

[Unix/Solaris] Enable Firewall

Recommended Posts

pyth0n3

Join the conversation

Browse

Activity

Pages