This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_firewall [2020/12/09 11:56] val [Linux (iptables)] |
сервис_firewall [2022/07/26 06:29] val [Linux (iptables)] |
||
---|---|---|---|
Line 8: | Line 8: | ||
==== Linux (iptables) ==== | ==== Linux (iptables) ==== | ||
- | * [[https://help.ubuntu.com/community/IptablesHowTo]] | + | * [[https://cryptoworld.su/kak-perejti-s-iptables-na-nftables-polnaya-istrukciya/|Как перейти с iptables на Nftables — полная инструкция]] |
- | * [[http://ru.wikibooks.org/wiki/Iptables]] | + | * [[https://help.ubuntu.com/community/IptablesHowTo|ubuntu.com community IptablesHowTo]] |
- | * [[https://ru.wikipedia.org/wiki/Netfilter]] | + | * [[https://ru.wikibooks.org/wiki/Iptables|Материал из Викиучебника iptables — утилита командной строки]] |
+ | * [[https://ru.wikipedia.org/wiki/Netfilter|Материал из Википедии netfilter — межсетевой экран]] | ||
=== Настройка фильтра === | === Настройка фильтра === | ||
Line 44: | Line 45: | ||
</code> | </code> | ||
- | === Сохранение состояния iptables === | + | === Управление состоянием iptables === |
+ | |||
+ | == Вариант 1 == | ||
+ | |||
+ | == Сохранение состояния iptables == | ||
<code> | <code> | ||
- | # iptables-save > /etc/iptables.rules | + | root@gate:~# iptables-save > /etc/iptables.rules |
</code> | </code> | ||
- | === Восстановление состояния iptables === | + | == Восстановление состояния iptables == |
<code> | <code> | ||
- | # iptables-restore < /etc/iptables.rules | + | root@gate:~# iptables-restore < /etc/iptables.rules |
</code> | </code> | ||
- | === Восстановление состояния iptables при загрузке === | + | == Восстановление состояния iptables при загрузке == |
- | + | ||
- | == Debian/Ubuntu == | + | |
<code> | <code> | ||
- | # cat /etc/network/interfaces | + | root@gate:~# cat /etc/network/interfaces |
</code><code> | </code><code> | ||
... | ... | ||
Line 65: | Line 68: | ||
pre-up iptables-restore < /etc/iptables.rules | pre-up iptables-restore < /etc/iptables.rules | ||
... | ... | ||
+ | </code> | ||
+ | |||
+ | == Вариант 2 == | ||
+ | <code> | ||
+ | # apt install iptables-persistent | ||
+ | |||
+ | # netfilter-persistent save | ||
</code> | </code> | ||
Line 427: | Line 437: | ||
# pfctl -t fail2ban -T add 172.16.1.254 | # pfctl -t fail2ban -T add 172.16.1.254 | ||
+ | # pfctl -k 172.16.1.254 | ||
# pfctl -t fail2ban -T flush | # pfctl -t fail2ban -T flush | ||
Line 444: | Line 455: | ||
<code> | <code> | ||
[gate:~] # pfctl -vs state | [gate:~] # pfctl -vs state | ||
+ | |||
+ | [gate:~] # pfctl -k 0.0.0.0/0 -k 172.16.1.254 | ||
[gate:~] # pfctl -F states | [gate:~] # pfctl -F states |