- Timestamp:
- 01/25/2021 03:04:27 AM (4 years ago)
- Branches:
- 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, gimp3, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 498a011
- Parents:
- ff40dcf
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/iptables.xml
rff40dcf rab6bf6a 7 7 <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2"> 8 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-md5sum " bc0f0adccc93c09dc5b7507ccba93148">10 <!ENTITY iptables-size "70 0KB">11 <!ENTITY iptables-buildsize " 17MB">12 <!ENTITY iptables-time "0. 2SBU">9 <!ENTITY iptables-md5sum "602ba7e937c72fbb7b1c2b71c3b0004b"> 10 <!ENTITY iptables-size "704 KB"> 11 <!ENTITY iptables-buildsize "22 MB"> 12 <!ENTITY iptables-time "0.1 SBU"> 13 13 ]> 14 14 … … 32 32 <para> 33 33 <application>iptables</application> is a userspace command line program 34 used to configure Linux 2.4 and later kernel packet filtering ruleset.34 used to configure the Linux 2.4 and later kernel packet filtering ruleset. 35 35 </para> 36 36 … … 78 78 <xref linkend="libpcap"/> (required for nfsypproxy support), 79 79 <ulink url="https://github.com/tadamdam/bpf-utils">bpf-utils</ulink> 80 (required for Berkel y Packet Filter support),80 (required for Berkeley Packet Filter support), 81 81 <ulink url="https://netfilter.org/projects/libnfnetlink/">libnfnetlink</ulink> 82 82 (required for connlabel support), 83 <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack "</ulink>83 <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack</ulink> 84 84 (required for connlabel support), and 85 85 <ulink url="https://netfilter.org/projects/nftables/">nftables</ulink> … … 184 184 <para> 185 185 <parameter>--disable-nftables</parameter>: This switch disables building 186 nftables compat . <!--Omit this switch if you have installed186 nftables compatibility. <!--Omit this switch if you have installed 187 187 <xref linkend="nftables"/>.--> 188 188 </para> … … 195 195 196 196 <para> 197 <parameter>--with-xtlibdir=/lib/xtables</parameter>: Ensure all198 <application>iptables</application> modules are installed in the197 <parameter>--with-xtlibdir=/lib/xtables</parameter>: This switch ensures that 198 all <application>iptables</application> modules are installed in the 199 199 <filename class="directory">/lib/xtables</filename> directory. 200 200 </para> … … 207 207 <para> 208 208 <command>ln -sfv ../../sbin/xtables-legacy-multi /usr/bin/iptables-xml</command>: 209 Ensure the symbolic link for <command>iptables-xml</command> is relative. 209 This command ensures that the symbolic link for the 210 <command>iptables-xml</command> command is relative. 210 211 </para> 211 212 … … 241 242 <para> 242 243 A Personal Firewall is designed to let you access all the 243 services offered on the Internet , but keep your boxsecure and244 services offered on the Internet while keeping your computer secure and 244 245 your data private. 245 246 </para> … … 250 251 url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html"> 251 252 Linux 2.4 Packet Filtering HOWTO</ulink>. It is still applicable 252 to the Linux 3.x kernels.253 to the Linux 5.x kernels. 253 254 </para> 254 255 … … 322 323 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 323 324 324 # Log everything else. What's Windows' latest exploitable vulnerability?325 # Log everything else. 325 326 iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " 326 327 … … 400 401 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 401 402 402 # Log everything else. What's Windows' latest exploitable vulnerability?403 # Log everything else. 403 404 iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " 404 405 … … 434 435 435 436 <para> 436 A network Firewall has two interfaces, one connected to an437 A Network Firewall has two interfaces, one connected to an 437 438 intranet, in this example <emphasis role="strong">LAN1</emphasis>, 438 439 and one connected to the Internet, here <emphasis 439 440 role="strong">WAN1</emphasis>. To provide the maximum security 440 441 for the firewall itself, make sure that there are no unnecessary 441 servers running on it such as <application>X11</application> et al.442 servers running on it such as <application>X11</application>. 442 443 As a general principle, the firewall itself should not access 443 444 any untrusted service (think of a remote server giving answers that … … 756 757 </listitem> 757 758 <listitem> 758 <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptable example number 4">759 <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptables example number 4"> 759 760 If you are frequently accessing FTP servers or enjoy chatting, you 760 761 might notice delays because some implementations of these daemons … … 874 875 <seglistitem> 875 876 <seg> 876 ip6tables, ip6tables-restore, ip6tables-save, iptables, iptables-restore, 877 iptables-save, iptables-xml, nfsynproxy (optional) and xtables-multi 877 ip6tables, 878 ip6tables-apply, 879 ip6tables-legacy, 880 ip6tables-legacy-restore, 881 ip6tables-legacy-save, 882 ip6tables-restore, 883 ip6tables-save, 884 iptables, 885 iptables-apply, 886 iptables-legacy, 887 iptables-legacy-restore, 888 iptables-legacy-apply, 889 iptables-restore, 890 iptables-save, 891 iptables-xml, 892 nfsynproxy (optional), 893 and xtables-multi 878 894 </seg> 879 895 <seg> 880 libip4tc.so, libip6tc.so, libipq.so, libiptc.so, and libxtables.so 896 libip4tc.so, 897 libip6tc.so, 898 libipq.so, 899 libiptc.so, 900 and libxtables.so 881 901 </seg> 882 902 <seg> 883 /lib/xtables and /usr/include/libiptc 903 /lib/xtables and 904 /usr/include/libiptc 884 905 </seg> 885 906 </seglistitem> … … 904 925 </varlistentry> 905 926 927 <varlistentry id="iptables-apply"> 928 <term><command>iptables-apply</command></term> 929 <listitem> 930 <para> 931 is a safer way to update iptables remotely. 932 </para> 933 <indexterm zone="iptables iptables-apply"> 934 <primary sortas="b-iptables-apply">iptables-apply</primary> 935 </indexterm> 936 </listitem> 937 </varlistentry> 938 939 <varlistentry id="iptables-legacy"> 940 <term><command>iptables-legacy</command></term> 941 <listitem> 942 <para> 943 is used to interact with iptables using the legacy command set. 944 </para> 945 <indexterm zone="iptables iptables-legacy"> 946 <primary sortas="b-iptables-legacy">iptables-legacy</primary> 947 </indexterm> 948 </listitem> 949 </varlistentry> 950 951 <varlistentry id="iptables-legacy-restore"> 952 <term><command>iptables-legacy-restore</command></term> 953 <listitem> 954 <para> 955 is used to restore a set of legacy iptables rules. 956 </para> 957 <indexterm zone="iptables iptables-legacy-restore"> 958 <primary sortas="b-iptables-legacy-restore">iptables-legacy-restore</primary> 959 </indexterm> 960 </listitem> 961 </varlistentry> 962 963 <varlistentry id="iptables-legacy-save"> 964 <term><command>iptables-legacy-save</command></term> 965 <listitem> 966 <para> 967 is used to save a set of legacy iptables rules. 968 </para> 969 <indexterm zone="iptables iptables-legacy-save"> 970 <primary sortas="b-iptables-legacy-save">iptables-legacy-save</primary> 971 </indexterm> 972 </listitem> 973 </varlistentry> 974 906 975 <varlistentry id="iptables-restore"> 907 976 <term><command>iptables-restore</command></term>
Note:
See TracChangeset
for help on using the changeset viewer.