Na-enyocha nhazi nke ọkụ ọkụ Shorewall yana nhọrọ ahịrị iwu

N'edemede m gara aga, anyị lere anya na Shorewall, otu esi etinye ya, melite faịlụ nhazi, na hazie ọdụ ụgbọ mmiri n'elu NAT. N'isiokwu a, anyị ga-enyocha ụfọdụ njehie Shorewall na-emekarị, ụfọdụ ngwọta, ma nweta mmeghe na nhọrọ ahịrị iwu ya.

Shorewall – Firewall dị elu maka ịhazi sava Linux – Nkebi nke 1

Shorewall na-enye ọtụtụ iwu nke enwere ike ịgba ọsọ na ahịrị iwu. Ileba anya na man shorewall kwesịrị inye gị ọtụtụ ihe ịhụ, mana ọrụ mbụ anyị ga-arụ bụ ịlele faịlụ nhazi anyị.

$ sudo shorewall check

Shorewall ga-ebipụta akwụkwọ nlele nke faịlụ nhazi gị niile yana nhọrọ ndị dị n'ime ha. Nsonaazụ ga-adị ka nke a.

Determining Hosts in Zones...
Locating Actions Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/shrae/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn..
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking /usr/share/shorewall/action.Invalid for chain %Invalid...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /etc/shorewall/routestopped...
Shorewall configuration verified

Ahịrị anwansi anyị na-achọ bụ nke dị n'okpuru ebe a na-agụ:\akwadoro nhazi nke Shorewall Ọ bụrụ na enwetara mperi ọ bụla, ọ ga-abụ n'ihi modul efu na nhazi kernel gị.

M ga-egosi gị otu esi edozi abụọ n'ime njehie ndị a na-ahụkarị, mana ọ kwesịrị ka ị were modul niile dị mkpa chịkọta kernel gị ma ọ bụrụ na ị na-eme atụmatụ iji igwe gị dị ka firewall.

Njehie mbụ, na nke a na-ahụkarị, bụ njehie gbasara NAT.

Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Actions Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/shrae/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn..
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /etc/shorewall/masq...
    ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15)

Ọ bụrụ na ị na-ahụ ihe yiri nke a, ohere bụ na ejikọtaghị kernel gị ugbu a na nkwado maka NAT. Nke a bụ ihe a na-ahụkarị na ọtụtụ kernel ndị na-apụ apụ. Biko gụọ nkuzi m na \Otu esi achịkọta Debian Kernel ka ị malite.

Njehie ọzọ na-emekarị site na nlele bụ njehie banyere iptables na ịde osisi.

[email :/etc/shorewall# shorewall check
Checking...
Processing /etc/shorewall/params...
Processing /etc/shorewall/shorewall.conf
Loading Modules..
   ERROR: Log level INFO requires LOG Target in your kernel and iptables

Nke a bụkwa ihe ị nwere ike ikpokọta na kernel ọhụrụ, mana enwere ngwa ngwa maka ya, ma ọ bụrụ na ịchọrọ iji ULOG. ULOG bụ usoro ndekọ dị iche na syslog. Ọ dị mfe iji.

Iji tọọ nke a, ị ga-agbanwerịrị \ozi ka ọ bụrụ \ULOG na faịlụ nhazi gị niile na /etc/shorewall. Iwu na-esonụ nwere ike imere gị nke ahụ.

$ cd /etc/shorewall
$ sudo sed –i ‘s/info/ULOG/g’ *

Mgbe nke ahụ gasịrị, dezie faịlụ /etc/shorewall/shorewall.conf wee tọọ ahịrị.

LOGFILE=

N'ebe ị ga-achọ ka echekwara ndekọ gị. Nke m dị na /var/log/shorewall.log.

LOGFILE=/var/log/shorewall.log

Ịgba ọsọ sudo shorewall check kwesịrị inye gị ụgwọ ahụike dị ọcha.

Usoro ahịrị ahịrị iwu Shorewall na-abịa na ọtụtụ ndị na-ahụ maka ndị na-ahụ maka sistemụ. Otu iwu a na-ejikarị eme ihe, ọkachasị mgbe a na-eme ọtụtụ mgbanwe na firewall, bụ ịchekwa ọnọdụ nhazi ugbu a ka ị nwee ike ịtụgharị azụ ma ọ bụrụ na enwere nsogbu ọ bụla. Okwu syntax maka nke a dị mfe.

$ sudo shorewall save <filename>

Ịtụgharị azụ dị nnọọ mfe:

$ sudo shorewall restore <filename>

Enwere ike ịmalite ma hazie Shorewall ka ọ jiri akwụkwọ ndekọ aha nhazi ọzọ. Ị nwere ike ịkọwa nke a bụ iwu mmalite, mana ị ga-achọ ibu ụzọ lelee ya.

$ sudo shorewall check <config-directory>

Ọ bụrụ na ịchọrọ ịnwale nhazi ahụ, ma ọ bụrụ na ọ na-arụ ọrụ, malite ya, ị nwere ike ịkọwapụta nhọrọ ịnwale.

$ sudo shorewall try <config-directory> [  ]

Shorewall bụ naanị otu n'ime ọtụtụ ngwa ọkụ ọkụ siri ike dị na sistemụ Linux. N'agbanyeghị njedebe nke netwọk netwọk ị na-ahụ onwe gị na ya, ọtụtụ na-achọpụta na ọ dị mfe ma baa uru.

Nke a bụ obere mmalite, yana nke nwere ike ime ka ị banye n'ụzọ gị na-abanyeghị n'ime echiche netwọkụ. Dị ka oge niile, biko nyochaa ma lelee ibe nwoke na ihe ndị ọzọ. Ndepụta nzipu ozi Shorewall bụ ebe mara mma, yana emelitere yana nke ọma.