iptables tutorialIntroduce IP table, the flowchart

文件名称: iptables tutorial

所属分类: 其它

开发工具:

文件大小: 16mb

下载次数: 0

上传时间: 2019-04-20

提供者: lst****

下载 (16mb)

不能下载？报告错误

详细说明：Introduce IP table, the flowchart, the principle and syntax, very clear. English editionDedications I would like to dedicate this document to my wonderful sister, niece and brother-in-law for giving me inspiration and feedback. They are a source of joy and a ray of light when I have need of it. Thank you! A special word should also be extended to Ninel for always encouraging my writing and for taking care of me when I needed it the most. Thank ou! Second of all, I would like to dedicate this work to all of the incredibly hard working Linux developers and maintainers. It is people like those who make this wonderful operating system possible Table of contents About the author How to read XVI Prerequisites.mem.. XVII Conventions used in this document XIX 1. Introduction.… Why this document was written How it was written Terms used in this document What's next? 2. TCP/P repetition 245 5 TCP/P Layers IP characteristics iP headers 12 TCP characteristics TCP headers .18 UDP characteristics∴ 21 UDP headers ..22 ICMP characteristics 23 ICMP headers ..24 ICMP Echo Request/Reply 25 ICMP Destination Unreachable 26 Source Quench 28 Redirect 29 TTL equals 0 30 Parameter problem 31 Timestamp request/reply.…… 31 Information request/reply 32 SCTP Characteristics 33 Initialization and association 35 Data sending and control session 35 Shutdown and abort 35 SCTP Headers 36 SCTP Generic header format 36 /V SCTP Common and generic headers 37 SCTP ABORT chunk 40 SCTP COOKIE ACK chunk 41 SCTP COOKIE ECHO chunk 41 SCTP DATA chunk 42 SCTP ERROR chunk 44 SCTP HEARTBEAT chunk 45 SCTP HEARTBEAT ACK chunk 46 SCTP INIT chunk 46 SCTP INIT ACK chunk .50 SCTP SACK chunk 52 SCTP SHUTDOWN chunk .55 SCTP SHUTDOWN ACK chunk 56 SCTP SHUTDOWN COMPLETE chunk .56 TCP/IP destination driven routing 57 What's next? .58 3. IP filtering introduction……,…,…,…,…,…,…,…,,………59 What is an iP filter ..59 IP filtering terms and expressions 61 How to plan an iP filter 64 What's next? 68 4. Network Address Translation Introduction 69 What NAT is used for and basic terms and expressions ............69 Caveats using NAT 71 Example NAT machine in theory 72 What is needed to build a nat machine 72 Placement of nat machines 74 How to place proxies 74 The final stage of our nat machine .75 What's next? 77 5. Preparations.……,,……,…,…,…,…,…,………79 Where to get iptables 79 Kernel setup 79 User-land setup… 84 Compiling the user-land applications 85 Installation on Red hat 7.1 87 What's next? 90 6. Traversing of tables and chains 92 General 92 Mangle table…… 99 Nat table 101 Raw table 102 Filter table 102 User specified chains 103 What's next? 105 7. The state machine 106 Introduction 106 The conntrack entries ……107 User-land states 109 TCP connections…..……112 UDP connections 117 ICMP connections 119 Default connections 123 Untracked connections and the raw table ................................124 Complex protocols and connection tracking 125 What's next? 128 8. Saving and restoring large rule-sets 130 Speed considerations 130 Drawbacks with restore 131 iptables-save 132 iptables-restore 135 What's next? 136 9. How a rule is built 138 Basics of the iptables command 138 Tabl 139 Commands… 142 What's next? 148 10. Iptables matches… 149 Generic matches 149 Implicit matches 153 TCP matches 154 UDP matches .158 ICMP matches 160 SCTP matches .161 Explicit matches 164 Addrtype match .165 AH/ESP match 168 Comment match 170 Connmark match 170 Conntrack match .171 Dscp match 176 Ecn match .177 Hashlimit match 179 Helper match… 182 IP range match 183 Length match .184 Limit match 185 Mac match 187 Mark match 188 Multiport match 189 Owner match 191 Packet type match 193 Realm match 194 Recent match .195 State match 201 Tcpmss match .202 Tos match 203 Ttl match 204 Unclean match 206 What's next? 206 11. Iptables targets and jumps 208 ACCEPT target.… .209 CLASSIFY target 4国 209 CLUSTERIP target 210 CoNNMARK target.… 214 CONNSECMARK target 216 DNAT target…… 217 DROP target .223 DSCP target 223 Ecn target .224 LOG target options 225 MARK target .228 MASQUERADE target 229 MIRROR target…… .231 NETMAP target 232 NFQUEUE target .233 NOTRACK target 234 QUEUE target .234 REDIRECT target 235 REJECT target .236 RETURn target 238 SAME target .238 SECMARK target 239 SNAT target .240 TCPMSS target 242 TOS target 244 TTL target 246 ULOG target 249 What's next? 25 12. Debugging your scripts………………………253 Debugging, a necessity 253 Bash debugging tips 254 System tools used for debugging 258 Iptables debugging… .260 Other debugging tools 263 Nmap .263 Nessus 265 What's next? .267 13. rc firewall file 269 example rc firewall 269 explanation of rc firewall.............................. 269 Configuration options 270 Initial loading of extra modules 271 proc set up∴……… .273 Displacement of rules to different chains 274 Setting up default policies 279 Setting up user specified chains in the filter table 279 The bad tcp packets chain 280 The allowed chain 281 The tCP chain 282 The UdP chain 283 The ICMP chain 284 NPUT chain 286 FORWARD chain 288 OUTPUT chain 289 PREROUTING chain of the nat table 289 Starting SNAT and the POSTROUtING chain 290 What's next? 291 14. Example scripts…… 292 rc firewall. txt script structure .292 The structure 292 rc firewall. txt .299 rc DMZ firewall. txt 301 rc DHCPfirewall. txt .304 rc. UTIN firewall tx 308 rc. test-iptables txt 310 rc. flush-iptables txt 311 Limit-match. txt 312 Pid-owner. txt 312 Recent-match. txt 313 Sid-owner. txt 313 TtI-inc. txt 313 Iptables-save ruleset 313 What's next? 314 15. Graphical User Interfaces for Iptables/netfilter 315 fWbu|der.… 315 Turtle Firewall Project ….316 Integrated Secure Communications System 320 IPMenu .321 X Easy Firewall Generator 322 What's next? 325 16. Commercial products based on Linux, iptables and netfilter 326 Ingate Firewall 1200 326 What's next? .328 A Detailed explanations of special commands 329 Listing your active rule-set 329 Updating and flushing your tables 330 B. Common problems and questions……………………………331 Problems loading modules 331 State NEW packets but no sYn bit set .333 SYN/ACK and neW packets 334 Internet Service Providers who use assigned IP addresses..335 Letting dHCP requests through iptables 336 m| RC DCC problems.… .337 c. CMP types......……….…….…………………338 D. TCP options.,,,,,…,,…,,…,…,………341 E. Other resources and links 343 F. Acknowledgments… n351 G History .ammmammeaannaannaneaa ana 352 H GNU Free Documentation License mmm 356 0. PREAMBLE .356 1. APPLICABILITY AND DEFINITIONS ...... 356 2. VERBATIM COPYING 358 3.C○ PYING IN QUANT|Y.…358 4. MODIFICATIONS .359 5. COMBINING DOCUMENTS.…………362 6. COLLECTIONS OF DOCUMENTS 362 7. AGGREGATION WITH INDEPENDENT WORKS. ...............363 8. TRANSLATION 363 9. TERMINATION 364 10. FUTURE REVISIONS OF THIS LICENSE 364 How to use this license for your documents .365

(系统自动生成,下载前可以参看下载内容)