pyth0n3 Posted March 15, 2012 Report Share Posted March 15, 2012 (edited) In acest mini-how to voi explica cum trebuie configurat firewall-ul intrun sistem Unix/Solaris10[blade]# uname -aSunOS blade 5.10 Generic_147440-01 sun4u sparc SUNW,Sun-BladePentru a porni firewall-ul vor trebui puse online 3 servicii [blade]# svcadm enable svc:/network/pfil:default[blade]# svcadm enable svc:/network/ipfilter:default[blade]# svcadm enable svc:/system/rmtmpfiles:defaultPentru a verifica daca serviciile sunt online [blade]# svcs | egrep '(pfil|ipfilter)'online 17:52:51 svc:/network/pfil:defaultonline 17:53:04 svc:/network/ipfilter:defaultonline 17:53:05 svc:/system/rmtmpfiles:default/etc/ipf/pfil.ap va trebui populat cu numele interfetei de reteaPentru a vedea numele interfetei de retea se va folosi ifconfig [blade]# ifconfig -alo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.123.110 netmask ffffff00 broadcast 192.168.123.255 ether 0:3:ba:92:89:ec [blade]#Interfata de retea este bge0Numele interfetei bge . 0 fiind valoare primei interfeteIn fisierul /etc/ipf/pfil.ap se va introduce urmatoarea linie de ced echo "bge -1 0 pfil" > /etc/ipf/pfil.apRegulile firewall-ului pot fi puse in /etc/ipf/ipf.confUrmatorul comand va face in asa fel incat regulile sa fie citite din fisier ,deobicei vine rulat dupa ce vin introduse regulile ipf -Fa -f /etc/ipf/ipf.confUrmatorul comand afiseaza in terminal regulile care au fost introduse si vin procesate de catre ipf[blade]# ipfstat -io block out log on bge0 all head 150# Group 150pass out quick proto tcp from any to any flags S/SA keep state group 150pass out quick proto udp from any to any keep state group 150pass out quick proto icmp from any to any keep state group 150block in log on bge0 all head 100# Group 100pass in quick proto tcp from any to any port = ssh keep state group 100pass in quick proto tcp from any to any port = 443 keep state group 100pass in quick proto tcp from any to any port = 8080 keep state group 100pass in quick proto icmp from any to any icmp-type echo keep state group 100[blade]# Pentru a intelege structura regulilor puteti vizita urmatorul linkIPFilter FAQ Edited March 24, 2012 by pyth0n3 Quote Link to comment Share on other sites More sharing options...
