debian下面的防火墙设置

2006/04/17

Tags: debian

rh下面的防火墙设置是保存在/etc/sysconfig/iptables文件中的,这样每次重启都会恢复防火墙设置。
debian木有这个文件,但是他提供了更加灵活的方式。
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup
看了下,似乎比较简单的就是设置interfaces文件了。
5.14.3.3 Configuring firewall rules through ifup
You can use also the network configuration in /etc/network/interfaces to setup your firewall rules. For this you will need to:

Create your firewalling ruleset for when the interface is active.
Save your ruleset with iptables-save to a file in /etc, for example /etc/iptables.up.rules
Configure etc/network/interfaces to use the configured ruleset:
    iface eth0 inet static
            address x.x.x.x
            [.. interface configuration ..]
            pre-up iptables-restore < /etc/iptables.up.rules
You can optionally also setup a set of rules to be applied when the network interface is down creating a set of rules, saving it in /etc/iptables.down.rules and adding this directive to the interface configuration:

        post-down iptables-restore < /etc/iptables.down.rules
For more advanced firewall configuration scripts through ifupdown you can use the hooks available to each interface as in the *.d/ directories called with run-parts (see run-parts(8)).

可以去http://easyfwgen.morizot.net/gen/ 在线生成一个防火墙脚本,然后pre-up指定一下。


Comments