开发工具:
文件大小: 16mb
下载次数: 0
上传时间: 2019-04-20
详细说明:Introduce IP table, the flowchart, the principle and syntax, very clear. English editionDedications
I would like to dedicate this document to my wonderful sister, niece and
brother-in-law for giving me inspiration and feedback. They are a source
of joy and a ray of light when I have need of it. Thank you!
A special word should also be extended to Ninel for always encouraging
my writing and for taking care of me when I needed it the most. Thank
ou!
Second of all, I would like to dedicate this work to all of the incredibly
hard working Linux developers and maintainers. It is people like those
who make this wonderful operating system possible
Table of contents
About the author
How to read
XVI
Prerequisites.mem..
XVII
Conventions used in this document
XIX
1. Introduction.…
Why this document was written
How it was written
Terms used in this document
What's next?
2. TCP/P repetition
245
5
TCP/P Layers
IP characteristics
iP headers
12
TCP characteristics
TCP headers
.18
UDP characteristics∴
21
UDP headers
..22
ICMP characteristics
23
ICMP headers
..24
ICMP Echo Request/Reply
25
ICMP Destination Unreachable
26
Source Quench
28
Redirect
29
TTL equals 0
30
Parameter problem
31
Timestamp request/reply.……
31
Information request/reply
32
SCTP Characteristics
33
Initialization and association
35
Data sending and control session
35
Shutdown and abort
35
SCTP Headers
36
SCTP Generic header format
36
/V
SCTP Common and generic headers
37
SCTP ABORT chunk
40
SCTP COOKIE ACK chunk
41
SCTP COOKIE ECHO chunk
41
SCTP DATA chunk
42
SCTP ERROR chunk
44
SCTP HEARTBEAT chunk
45
SCTP HEARTBEAT ACK chunk
46
SCTP INIT chunk
46
SCTP INIT ACK chunk
.50
SCTP SACK chunk
52
SCTP SHUTDOWN chunk
.55
SCTP SHUTDOWN ACK chunk
56
SCTP SHUTDOWN COMPLETE chunk
.56
TCP/IP destination driven routing
57
What's next?
.58
3. IP filtering introduction……,…,…,…,…,…,…,…,,………59
What is an iP filter
..59
IP filtering terms and expressions
61
How to plan an iP filter
64
What's next?
68
4. Network Address Translation Introduction
69
What NAT is used for and basic terms and expressions ............69
Caveats using NAT
71
Example NAT machine in theory
72
What is needed to build a nat machine
72
Placement of nat machines
74
How to place proxies
74
The final stage of our nat machine
.75
What's next?
77
5. Preparations.……,,……,…,…,…,…,…,………79
Where to get iptables
79
Kernel setup
79
User-land setup…
84
Compiling the user-land applications
85
Installation on Red hat 7.1
87
What's next?
90
6. Traversing of tables and chains
92
General
92
Mangle table……
99
Nat table
101
Raw table
102
Filter table
102
User specified chains
103
What's next?
105
7. The state machine
106
Introduction
106
The conntrack entries
……107
User-land states
109
TCP connections…..……112
UDP connections
117
ICMP connections
119
Default connections
123
Untracked connections and the raw table ................................124
Complex protocols and connection tracking
125
What's next?
128
8. Saving and restoring large rule-sets
130
Speed considerations
130
Drawbacks with restore
131
iptables-save
132
iptables-restore
135
What's next?
136
9. How a rule is built
138
Basics of the iptables command
138
Tabl
139
Commands…
142
What's next?
148
10. Iptables matches…
149
Generic matches
149
Implicit matches
153
TCP matches
154
UDP matches
.158
ICMP matches
160
SCTP matches
.161
Explicit matches
164
Addrtype match
.165
AH/ESP match
168
Comment match
170
Connmark match
170
Conntrack match
.171
Dscp match
176
Ecn match
.177
Hashlimit match
179
Helper match…
182
IP range match
183
Length match
.184
Limit match
185
Mac match
187
Mark match
188
Multiport match
189
Owner match
191
Packet type match
193
Realm match
194
Recent match
.195
State match
201
Tcpmss match
.202
Tos match
203
Ttl match
204
Unclean match
206
What's next?
206
11. Iptables targets and jumps
208
ACCEPT target.…
.209
CLASSIFY target
4国
209
CLUSTERIP target
210
CoNNMARK target.…
214
CONNSECMARK target
216
DNAT target……
217
DROP target
.223
DSCP target
223
Ecn target
.224
LOG target options
225
MARK target
.228
MASQUERADE target
229
MIRROR target……
.231
NETMAP target
232
NFQUEUE target
.233
NOTRACK target
234
QUEUE target
.234
REDIRECT target
235
REJECT target
.236
RETURn target
238
SAME target
.238
SECMARK target
239
SNAT target
.240
TCPMSS target
242
TOS target
244
TTL target
246
ULOG target
249
What's next?
25
12. Debugging your scripts………………………253
Debugging, a necessity
253
Bash debugging tips
254
System tools used for debugging
258
Iptables debugging…
.260
Other debugging tools
263
Nmap
.263
Nessus
265
What's next?
.267
13. rc firewall file
269
example rc firewall
269
explanation of rc firewall.............................. 269
Configuration options
270
Initial loading of extra modules
271
proc set up∴………
.273
Displacement of rules to different chains
274
Setting up default policies
279
Setting up user specified chains in the filter table
279
The bad tcp packets chain
280
The allowed chain
281
The tCP chain
282
The UdP chain
283
The ICMP chain
284
NPUT chain
286
FORWARD chain
288
OUTPUT chain
289
PREROUTING chain of the nat table
289
Starting SNAT and the POSTROUtING chain
290
What's next?
291
14. Example scripts……
292
rc firewall. txt script structure
.292
The structure
292
rc firewall. txt
.299
rc DMZ firewall. txt
301
rc DHCPfirewall. txt
.304
rc. UTIN firewall tx
308
rc. test-iptables txt
310
rc. flush-iptables txt
311
Limit-match. txt
312
Pid-owner. txt
312
Recent-match. txt
313
Sid-owner. txt
313
TtI-inc. txt
313
Iptables-save ruleset
313
What's next?
314
15. Graphical User Interfaces for Iptables/netfilter
315
fWbu|der.…
315
Turtle Firewall Project
….316
Integrated Secure Communications System
320
IPMenu
.321
X
Easy Firewall Generator
322
What's next?
325
16. Commercial products based on Linux, iptables and netfilter 326
Ingate Firewall 1200
326
What's next?
.328
A Detailed explanations of special commands
329
Listing your active rule-set
329
Updating and flushing your tables
330
B. Common problems and questions……………………………331
Problems loading modules
331
State NEW packets but no sYn bit set
.333
SYN/ACK and neW packets
334
Internet Service Providers who use assigned IP addresses..335
Letting dHCP requests through iptables
336
m| RC DCC problems.…
.337
c. CMP types......……….…….…………………338
D. TCP options.,,,,,…,,…,,…,…,………341
E. Other resources and links
343
F. Acknowledgments…
n351
G History .ammmammeaannaannaneaa ana 352
H GNU Free Documentation License mmm 356
0. PREAMBLE
.356
1. APPLICABILITY AND DEFINITIONS ...... 356
2. VERBATIM COPYING
358
3.C○ PYING IN QUANT|Y.…358
4. MODIFICATIONS
.359
5. COMBINING DOCUMENTS.…………362
6. COLLECTIONS OF DOCUMENTS
362
7. AGGREGATION WITH INDEPENDENT WORKS. ...............363
8. TRANSLATION
363
9. TERMINATION
364
10. FUTURE REVISIONS OF THIS LICENSE
364
How to use this license for your documents
.365
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.