firewall
Download
Skip this Video
Download Presentation
FireWall

Loading in 2 Seconds...

play fullscreen
1 / 18

FireWall - PowerPoint PPT Presentation


  • 232 Views
  • Uploaded on

FireWall. Grzegorz Śliwiński. Strefy bezpieczeństwa. T ypy zapór ogniowych. Zapora sieciowa filtruj ą ca pakiety (packet-filtering firewall) , Zapora sieciowa z inspekcj ą stanów (stateful-inspection firewall) , Zapora sieciowa po ś rednicz ą ca (application proxy firewall).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FireWall' - eyad


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
firewall

FireWall

Grzegorz Śliwiński

t ypy zap r ogniowych
Typyzapórogniowych
  • Zapora sieciowa filtrująca pakiety (packet-filtering firewall),
  • Zapora sieciowa z inspekcją stanów (stateful-inspection firewall),
  • Zapora sieciowa pośrednicząca (application proxy firewall)
architektury zap r ogniowych
Architektury zapór ogniowych

Trzy typy:

  • Zapora ogniowa z dwiema kartami,
  • Zapora ogniowa z ruterem ekranującym,
  • Zapora ogniowa z dwoma ruterami ekranującymi.

oraz ich kombinacje.

ipchains
IPCHAINS
  • Input (wejście)
  • Output (wyjście)
  • Forward (przenoszenie)
ipchains1
IPCHAINS

:input ACCEPT

:forward DENY

:output ACCEPT

-A input -s 0/0 -d 0/0 8080:8080 -j REDIRECT 8080 -p tcp

-A input -s 0/0 -d 0/0 8080:8080 -j REDIRECT 8080 -p udp

-A input -s 0/0 -d 0/0 53:53 -j REDIRECT 53 -p tcp

-A input -s 0/0 -d 0/0 53:53 -j REDIRECT 53 -p udp

-A input -s 213.155.164.2 -j ACCEPT

-A input -s 0/0 20:20 -d 217.98.190.90 1024:65535 -j ACCEPT -p tcp

-A input -s 0/0 20:20 -d 217.98.190.90 1024:65535 -j ACCEPT -p udp

-A input -d 217.98.190.90 21:22 -j ACCEPT -p tcp

-A input -d 217.98.190.90 25:25 -j ACCEPT -p tcp

-A input -d 217.98.190.90 80:80 -j ACCEPT -p tcp

-A input -d 217.98.190.90 443:443 -j ACCEPT -p tcp

-A input -s 213.155.164.47 -d 217.98.190.90 2401:2401 -j ACCEPT -p tcp

-A input -s 213.155.164.47 -d 217.98.190.90 2401:2401 -j ACCEPT -p udp

-A input -s 212.160.88.35 -d 217.98.190.90 2401:2401 -j ACCEPT -p tcp

-A input -s 212.160.88.35 -d 217.98.190.90 2401:2401 -j ACCEPT -p udp

-A input -s 217.98.190.90 -j ACCEPT

-A input -s 192.168.1.1 -j ACCEPT

-A input -s 192.168.1.10 -j ACCEPT

-A input -d 217.98.190.90 -j DENY -y -p tcp

-A forward -s 192.168.1.0/24 -j MASQ

slide18
*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [2:328]

:OUTPUT ACCEPT [3:388]

-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 8080

-A PREROUTING -i eth0 -p udp -m udp --dport 8080 -j REDIRECT --to-ports 8080

-A PREROUTING -i eth0 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53

-A PREROUTING -i eth0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53

-A POSTROUTING -o ppp0 -j SNAT --to-source 217.98.190.90

COMMIT

*mangle

:PREROUTING ACCEPT [81:13394]

:INPUT ACCEPT [79:13247]

:FORWARD ACCEPT [2:147]

:OUTPUT ACCEPT [73:18301]

:POSTROUTING ACCEPT [77:18951]

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [73:18301]

-A INPUT -i eth0 -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -s 213.155.164.2 -j ACCEPT

-A INPUT -d 217.98.190.90 -p tcp -m tcp --sport 20 --dport 1024:65535 -j ACCEPT

-A INPUT -d 217.98.190.90 -p udp -m udp --sport 20 --dport 1024:65535 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

-A INPUT -s 213.155.164.47 -d 217.98.190.90 -p tcp -m tcp --dport 2401 -j ACCEPT

-A INPUT -s 213.155.164.47 -d 217.98.190.90 -p udp -m udp --dport 2401 -j ACCEPT

-A INPUT -s 212.160.88.35 -d 217.98.190.90 -p tcp -m tcp --dport 2401 -j ACCEPT

-A INPUT -s 212.160.88.35 -d 217.98.190.90 -p udp -m udp --dport 2401 -j ACCEPT

-A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP

-A FORWARD -s 192.168.1.1 -i eth0 -o ppp0 -j ACCEPT

-A FORWARD -d 192.168.1.1 -i ppp0 -o eth0 -j ACCEPT

-A FORWARD -s 192.168.1.10 -i eth0 -o ppp0 -j ACCEPT

-A FORWARD -d 192.168.1.10 -i ppp0 -o eth0 -j ACCEPT

-A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

COMMIT

ad