Oskar Andreasson - Iptables Tutorial 1.2.2

Читать бесплатно Oskar Andreasson - Iptables Tutorial 1.2.2. Жанр: Интернет издательство неизвестно, год 2004. Так же читаем полные версии (весь текст) онлайн без регистрации и SMS на сайте kniga-online.club или прочесть краткое содержание, предисловие (аннотацию), описание и ознакомиться с отзывами (комментариями) о произведении.

Назад 1 ... 38 39 40 41 42 ... 50 Вперед

Перейти на страницу:

• http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/index.html - Rusty Russells Unreliable Guide to packet filtering. Excellent documentation about basic packet filtering with iptables written by one of the core developers of iptables and Netfilter.

• http://www.netfilter.org/unreliable-guides/NAT-HOWTO/index.html - Rusty Russells Unreliable Guide to Network Address Translation. Excellent documentation about Network Address Translation in iptables and Netfilter written by one of the core developers, Rusty Russell.

• http://www.netfilter.org/unreliable-guides/netfilter-hacking-HOWTO/index.html - Rusty Russells Unreliable Netfilter Hacking HOW-TO. One of the few documentations on how to write code in the Netfilter and iptables user-space and kernel space code-base. This was also written by Rusty Russell.

• http://www.linuxguruz.org/iptables/ - Excellent link-page with links to most of the pages on the Internet about iptables and Netfilter. Also maintains a list of iptables scripts for different purposes.

• Policy Routing using Linux - The best book I have ever read on Policy routing nad linux. This is an absolute must when it comes to routing in linux. Written by Matthew G. Marsh.

• Implementing Quality of Service Policies with DSCP - A link about the cisco implementation of DSCP. This shows some classes used in DSCP, and so on.

• IETF SIP Working Group - SIP is one of the "next big things" it seems. Basically it is the defacto standards for Internet telephony today. It is horribly complex as you can see from the amount of documentation on the working groups homepage, and should hopefully be able to cope with pretty much any needs of session initiation in the future. It is used mainly to setup peer to peer connections between known users, for example to connect to [email protected] and setup a phone connection to that user. This is the IETF Working group handling all SIP work.

• IETF TLS Working Group - TLS is a transport layer security model that is one of the most common host to server based security mechanisms. The current version is running is 1.1 and work is ongoing to get 1.2 out the door with support for newer and better cryptos as of this writing. This is a standardized way of sending and receiving public keys for servers and handling trusted certificate agents etc. For more information, read the RFC's on this page.

• IPSEC Howto - This is the official IPSEC howto for Linux 2.6 kernels. It describes how IPSEC works in the 2.6 kernels and up, however, it is not the place to find out exactly how the Linux 2.2 and 2.4 kernels worked when it comes to IPSEC. Go to the FreeS/WAN site for that information.

• FreeS/WAN - This is the official site for FreeS/WAN, an IPSEC implementation for the Linux 2.2 and 2.4 kernel series. This site contains documentation and all necessary downloads for the IPSEC implementation. This effort has been discontinued due to several reasons discussed on the page, but efforts will still be put into bugfixes, documentation and the forums. For an IPSEC implementation for Linux 2.6 kernels, please look at the IPSEC Howto site and the information there.

• http://www.islandsoft.net/veerapen .html -Excellent discussion on automatic hardening of iptables and how to make small changes that will make your computer automatically add hostile sites to a special ban list in iptables .

• /etc/protocols - An example protocols file taken from the Slackware distribution. This can be used to find out what protocol number different protocols have, such as the IP, ICMP or TCP protocols have.

• /etc/services - An example services file taken from the Slackware distribution. This is extremely good to get used to reading once in a while, specifically if you want to get a basic look at what protocols runs on different ports.

• Internet Assigned Numbers Authority - The IANA is the organisation that is responsible for fixing all numbers in the different protocols in an orderly fashion. If anyone has a specific addition to make to a protocol (for example, adding a new TCP option), they need to contact the IANA, which will assign the numbers requested. In other words, extremely important site to keep an eye on.

• RFC-editor.org - This is an excellent site for finding RFC documents in a fast and orderly way. Functions for searching RFC documents, and general information about the RFC community (I.e., errata, news, et cetera).

• Internet Engineering Task Force - This is one of the biggest groups when it comes to setting and maintaining Internet standards. They are the ones maintaining the RFC repository, and consist of a large group of companies and individuals that work together to ensure the interoperability of the Internet.

• Linux Advanced Routing and Traffic Control HOW-TO - This site hosts the Linux Advanced Routing and Traffic Control HOWTO. It is one of the biggest and best documents regarding Linux advanced routing. Maintained by Bert Hubert.

• Paksecured Linux Kernel patches - A site containing all of the kernel patches written by Matthew G. Marsh. Among others, the FTOS patch is available here.

• ULOGD project page - The homepage of the ULOGD site.

• The Linux Documentation Project is a great site for documentation. Most big documents for Linux is available here, and if not in the TLDP, you will have to search the net very carefully. If there is anything you want to know more about, check this site out.

• Snort - this is an excellent open source "network intrusion detection system" (NIDS) which looks for signatures in the packets that it sees, and if it sees a signature of some kind of attack or break-in it can do different actions that can be defined (notifying the administrator, or take action, or simply logging it).

• Tripwire - tripwire is an excellent security tool which can be used to find out about host intrusions. It makes checksums of all the files specified in a configuration file, and then it tells the administrator about any files that has been tampered with in an illegit way every time it is run.

• Squid - This is one of the most known webproxies available on the market. It is open source, and free. It can do several of the filtering tasks that should be done before the traffic actually hits your webserver, as well as doing the standard webcaching functions for your networks.

• http://kalamazoolinux.org/presentations/20010417/conntrack.html - This presentation contains an excellent explanation of the conntrack modules and their work in Netfilter. If you are interested in more documentation on conntrack, this is a "must read".

• http://www.docum.org - Excellent information about the CBQ, tc and the ip commands in Linux. One of the few sites that has any information at all about these programs. Maintained by Stef Coene.

• http://lists.samba.org/m ailman/listinfo/netfilter- The official Netfilter mailing-list. Extremely useful in case you have questions about something not covered in this document or any of the other links here.

And of course the iptables source, documentation and individuals who helped me.

Appendix F. Acknowledgments

I would like to thank the following people for their help on this document:

• Fabrice Marie, For major updates to my horrible grammar and spelling. Also a huge thanks for updating the tutorial to DocBook format with make files etc.

• Marc Boucher, For helping me out on some aspects on using the state matching code.

• Frode E. Nyboe, For greatly improving the rc.firewall rules and giving great inspiration while i was to rewrite the rule-set and being the one who introduced the multiple table traversing into the same file.

• Chapman Brad, Alexander W. Janssen, Both for making me realize I was thinking wrong about how packets traverse the basic NAT and filters tables and in which order they show up.

• Michiel Brandenburg, Myles Uyema, For helping me out with some of the state matching code and getting it to work.

• Kent `Artech' Stahre, For helping me out with the graphics. I know I suck at graphics, and you're better than most I know who do graphics;). Also thanks for checking the tutorial for errors etc.

• Anders 'DeZENT' Johansson, For hinting me about strange ISPs and so on that uses reserved networks on the Internet, or at least on the Internet for you.

• Jeremy `Spliffy' Smith, For giving me hints at stuff that might screw up for people and for trying it out and checking for errors in what I've written.

And of course everyone else I talked to and asked for comments on this file, sorry for not mentioning everyone.

Appendix G. History

Version 1.2.2 (19 Nov 2006)

http://iptables-tutorial.frozentux.net

By Oskar Andreasson

Contributors: Jens Larsson and G. W. Haywood.

Version 1.2.1 (29 Sep 2006)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Ortwin Glueck, Mao, Marcos Roberto Greiner, Christian Font,

Tatiana, Andrius, Alexey Dushechkin, Tatsuya Nonogaki and Fred.

Version 1.2.0 (20 July 2005)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Corey Becker, Neil Perrins, Watz and Spanish translation team.

Version 1.1.19 (21 May 2003)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Peter van Kampen, Xavier Bartol, Jon Anderson, Thorsten Bremer

and Spanish Translation Team.

Version 1.1.18 (24 Apr 2003)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Stuart Clark, Robert P. J. Day, Mark Orenstein and Edmond Shwayri.

Version 1.1.17 (6 Apr 2003)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Geraldo Amaral Filho, Ondrej Suchy, Dino Conti, Robert P. J. Day,

Velev Dimo, Spencer Rouser, Daveonos, Amanda Hickman, Olle Jonsson and

Bengt Aspvall.

Version 1.1.16 (16 Dec 2002)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Clemens Schwaighower, Uwe Dippel and Dave Wreski.

Version 1.1.15 (13 Nov 2002)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Mark Sonarte, A. Lester Buck, Robert P. J. Day, Togan Muftuoglu,

Antony Stone, Matthew F. Barnes and Otto Matejka.

Version 1.1.14 (14 Oct 2002)

http://iptables-tutorial.frozentux.net

By: Oskar Andreasson

Contributors: Carol Anne, Manuel Minzoni, Yves Soun, Miernik, Uwe Dippel,

Dave Klipec and Eddy L O Jansson.

Version 1.1.13 (22 Aug 2002)

http://iptables-tutorial.haringstad.com

By: Oskar Andreasson

Contributors: Tons of people reporting bad HTML version.

Version 1.1.12 (19 Aug 2002)

http://www.netfilter.org/tutorial/

By: Oskar Andreasson

Contributors: Peter Schubnell, Stephen J. Lawrence, Uwe Dippel, Bradley

Dilger, Vegard Engen, Clifford Kite, Alessandro Oliveira, Tony Earnshaw,

Harald Welte, Nick Andrew and Stepan Kasal.

Version 1.1.11 (27 May 2002)

http://www.netfilter.org/tutorial/

By: Oskar Andreasson

Contributors: Steve Hnizdur, Lonni Friedman, Jelle Kalf, Harald Welte,

Valentina Barrios and Tony Earnshaw.

Version 1.1.10 (12 April 2002)

http://www.boingworld.com/workshops/linux/iptables-tutorial/

By: Oskar Andreasson

Contributors: Jelle Kalf, Theodore Alexandrov, Paul Corbett, Rodrigo

Rubira Branco, Alistair Tonner, Matthew G. Marsh, Uwe Dippel, Evan

Nemerson and Marcel J.E. Mol.

Version 1.1.9 (21 March 2002)

http://www.boingworld.com/workshops/linux/iptables-tutorial/

By: Oskar Andreasson

Contributors: Vince Herried, Togan Muftuoglu, Galen Johnson, Kelly Ashe, Janne

Johansson, Thomas Smets, Peter Horst, Mitch Landers, Neil Jolly, Jelle Kalf,

Jason Lam and Evan Nemerson.

Version 1.1.8 (5 March 2002)

http://www.boingworld.com/workshops/linux/iptables-tutorial/

By: Oskar Andreasson

Version 1.1.7 (4 February 2002)

http://www.boingworld.com/workshops/linux/iptables-tutorial/

By: Oskar Andreasson

Contributors: Parimi Ravi, Phil Schultz, Steven McClintoc, Bill Dossett,

Dave Wreski, Erik Sj�lund, Adam Mansbridge, Vasoo Veerapen, Aladdin and

Rusty Russell.

Version 1.1.6 (7 December 2001)

http://people.unix-fu.org/andreasson/

By: Oskar Andreasson

Contributors: Jim Ramsey, Phil Schultz, G�ran B�ge, Doug Monroe, Jasper

Aikema, Kurt Lieber, Chris Tallon, Chris Martin, Jonas Pasche, Jan

Labanowski, Rodrigo R. Branco, Jacco van Koll and Dave Wreski.

Version 1.1.5 (14 November 2001)

http://people.unix-fu.org/andreasson/

By: Oskar Andreasson

Contributors: Fabrice Marie, Merijn Schering and Kurt Lieber.

Version 1.1.4 (6 November 2001)