What is the function of IPTABLES and mean?, IPTABLES FIREWALL itself to function properly and indeed he was a FIREWALL standard or default when you install Linux. You just have to give a sign of Check Up LINUX install time to install it for all. And what is meant IPTABLES? IPTABLES is a series of commands that are prepared or modified manually or by our own so that the formation of a Network Protection. Well I think the purpose and function is clear enough, let's see how to configure IPTABLES itself. Here I will only menjeleskan little and as quickly as possible, to further please your search Ebooksnya in ilmukomputer.com or I'll write the next tutorial is complete and clear, here are described only for Ethernet and ICS alone. Well let's get straight to the main discussion.
Because this form of server, it would be nice if you protect the INPUT of the local network itself, is useful if the user client you like or love to download the files that are not desirable and could have it be a Spy or a virus is not to get into your server, because This will make your own headache. Well lets look to close the INPUT of your client network, see below for settingannya IPTABLES-A INPUT-s 192.168.0.2-d 192.168.0.1-j DROP
Do it all for your client IP address, how many clients you then I suggest to close all the input from all of your client, this has no effect for the ICS later. It was explained that why not choose the type of protocol to close? why not choose the port to not to close? and how to or if you close the Options OUTPUT? Well let me explain.
Protocol for IPTABLES is not specified because it prevents the possibility of Spy or virus will be transmitted through one of the protocols we do not know. Let us close the TCP protocol and did not rule Spy or virus can spread via UDP, so berbahayabukan? I therefore do not vote for the type of protocol and I think it is better to close all types of protocol itself. And what about the PORT? I now ask you, do you know what ports approximately Virus or Spy that will pass? difficult to determine it? that's why I did not specify the port as well.
To OUTPUT I do not close it because of my own server multifunction, the term used for activities as well so if we close or say DROP / REJECT OUTPUT option, then you or your own server will not be able to access the Internet. Unless you want to make it special for the server, then it is better at OUTPUT DROP / REJECT in order to prevent any access to exit that do not want.
Well till here I think is quite clear from my brief explanation, you need to know this can you put in "/ etc / rc.local" or your own text script and enter in rc.local had to keep it on the run when your computer restart or On Back.
No comments:
Post a Comment