This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_firewall [2022/07/26 06:29] val [Linux (iptables)] |
сервис_firewall [2024/05/07 12:03] val [Debian/Ubuntu (iptables)] |
||
---|---|---|---|
Line 6: | Line 6: | ||
===== Конфигурация для рабочей станции ===== | ===== Конфигурация для рабочей станции ===== | ||
- | ==== Linux (iptables) ==== | + | ==== nftables ==== |
+ | * [[https://habr.com/ru/companies/ruvds/articles/580648/|Переход с iptables на nftables. Краткий справочник]] | ||
* [[https://cryptoworld.su/kak-perejti-s-iptables-na-nftables-polnaya-istrukciya/|Как перейти с iptables на Nftables — полная инструкция]] | * [[https://cryptoworld.su/kak-perejti-s-iptables-na-nftables-polnaya-istrukciya/|Как перейти с iptables на Nftables — полная инструкция]] | ||
+ | |||
+ | ==== Linux (iptables) ==== | ||
+ | |||
+ | |||
* [[https://help.ubuntu.com/community/IptablesHowTo|ubuntu.com community IptablesHowTo]] | * [[https://help.ubuntu.com/community/IptablesHowTo|ubuntu.com community IptablesHowTo]] | ||
* [[https://ru.wikibooks.org/wiki/Iptables|Материал из Викиучебника iptables — утилита командной строки]] | * [[https://ru.wikibooks.org/wiki/Iptables|Материал из Викиучебника iptables — утилита командной строки]] | ||
Line 79: | Line 84: | ||
==== CentOS ==== | ==== CentOS ==== | ||
- | === CentOS 7 === | + | === CentOS 7, AlmaLinux 9 === |
* [[https://bozza.ru/art-259.html|Настройка firewalld CentOS 7 с примерами команд]] | * [[https://bozza.ru/art-259.html|Настройка firewalld CentOS 7 с примерами команд]] | ||
Line 410: | Line 415: | ||
</code><code> | </code><code> | ||
root@gate:~# tail -f /var/log/syslog | root@gate:~# tail -f /var/log/syslog | ||
+ | root@gate:~# journalctl -f | ||
root@gate:~# cat /proc/net/xt_recent/DEFAULT | root@gate:~# cat /proc/net/xt_recent/DEFAULT | ||
Line 418: | Line 424: | ||
</code> | </code> | ||
+ | ==== nftables ==== | ||
+ | |||
+ | * [[https://access.redhat.com/documentation/ru-ru/red_hat_enterprise_linux/7/html/security_guide/sec-using_nftables_to_limit_the_amount_of_connections|Using nftables to limit the amount of connections]] | ||
+ | |||
+ | <code> | ||
+ | gate# cat /etc/nftables.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | table inet filter { | ||
+ | set denylist { | ||
+ | type ipv4_addr | ||
+ | size 65535 | ||
+ | flags dynamic,timeout | ||
+ | timeout 5m | ||
+ | } | ||
+ | ... | ||
+ | chain forward { | ||
+ | type filter hook forward priority filter; policy accept; | ||
+ | ip protocol tcp ct state new,untracked limit rate over 10/second add @denylist { ip saddr } | ||
+ | ip saddr @denylist drop | ||
+ | } | ||
+ | ... | ||
+ | </code> | ||
==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||