Bincika Kanfigareshan Tashar Wuta ta Shorewall da Zaɓuɓɓukan Layin Umurni
A cikin labarina na baya, mun kalli Shorewall, yadda ake shigar da shi, saita fayilolin daidaitawa, da kuma daidaita jigilar tashar jiragen ruwa akan NAT. A cikin wannan labarin, za mu bincika wasu kurakurai na kowa na Shorewall, wasu mafita, da samun gabatarwa ga zaɓuɓɓukan layin umarni.
- Shorewall - Wutar Wuta mai Girma don Haɓaka Sabar Linux - Kashi na 1
Shorewall yana ba da umarni da yawa waɗanda za a iya gudanar da su akan layin umarni. Samun kallon man shorewall ya kamata ya ba ku yalwa don gani, amma aikin farko da za mu yi shine duba fayilolin daidaitawar mu.
$ sudo shorewall check
Shorewall zai buga rajistan duk fayilolin daidaitawar ku, da zaɓuɓɓukan da ke ƙunshe a cikinsu. Fitowar za ta yi kama da wani abu kamar haka.
Determining Hosts in Zones... Locating Actions Files... Checking /usr/share/shorewall/action.Drop for chain Drop... Checking /usr/share/shorewall/action.Broadcast for chain Broadcast... Checking /usr/shrae/shorewall/action.Invalid for chain Invalid... Checking /usr/share/shorewall/action.NotSyn for chain NotSyn.. Checking /usr/share/shorewall/action.Reject for chain Reject... Checking /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Checking TCP Flags filtering... Checking Kernel Route Filtering... Checking Martian Logging... Checking Accept Source Routing... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall/rules... Checking /usr/share/shorewall/action.Invalid for chain %Invalid... Checking MAC Filtration -- Phase 2... Applying Policies... Checking /etc/shorewall/routestopped... Shorewall configuration verified
Layin sihirin da muke nema shine wanda ke ƙasa wanda ke karanta: \Tabbatar da daidaitawar Shorewall Idan kun sami wasu kurakurai, wataƙila sun kasance saboda bacewar kayayyaki a cikin tsarin kernel ɗinku.
Zan nuna muku yadda ake warware guda biyu daga cikin kurakuran gama gari, amma ya kamata ku sake tattara kernel ɗinku tare da duk samfuran da ake buƙata idan kuna shirin yin amfani da injin ku azaman Tacewar zaɓi.
Kuskuren farko, kuma mafi yawanci, shine kuskure game da NAT.
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Actions Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/shrae/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn..
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /etc/shorewall/masq...
ERROR: a non-empty masq file requires NAT in your kernel and iptables /etc/shorewall/masq (line 15)Idan kuna ganin wani abu mai kama da wannan, da alama ba a haɗa Kernel ɗin ku na yanzu tare da tallafi ga NAT ba. Wannan ya zama ruwan dare tare da mafi yawan Kernels na waje. Da fatan za a karanta koyawa na akan \Yadda ake hada Debian Kernel don farawa.
Wani kuskuren gama gari da rajistan ya haifar shine kuskure game da iptables da shiga.
[email :/etc/shorewall# shorewall check Checking... Processing /etc/shorewall/params... Processing /etc/shorewall/shorewall.conf Loading Modules.. ERROR: Log level INFO requires LOG Target in your kernel and iptables
Wannan kuma wani abu ne da zaku iya tattarawa cikin sabon Kernel, amma akwai saurin gyara shi, idan kuna son amfani da ULOG. ULOG wata hanyar shiga ce ta daban daga syslog. Yana da kyawawan sauki don amfani.
Don saita wannan, dole ne ku canza kowane misalin \bayanai zuwa \ULOG a cikin duk fayilolin daidaitawar ku a /etc/shorewall. Umurnin da ke gaba zai iya yin hakan a gare ku.
$ cd /etc/shorewall $ sudo sed –i ‘s/info/ULOG/g’ *
Bayan haka, gyara fayil ɗin /etc/shorewall/shorewall.conf kuma saita layin.
LOGFILE=
Zuwa inda kuke son a adana log ɗin ku. Nawa yana cikin /var/log/shorewall.log.
LOGFILE=/var/log/shorewall.log
Gudun sudo shorewall check ya kamata ya ba ku lissafin lafiya mai tsabta.
Tsarin layin umarni na Shorewall ya zo tare da masu amfani da layi ɗaya masu yawa don masu gudanar da tsarin. Umarni ɗaya da ake yawan amfani da shi, musamman lokacin da ake yin sauye-sauye masu yawa ga Tacewar zaɓi, shine adana yanayin daidaitawa na yanzu don ku iya jujjuya baya idan akwai wasu matsaloli. Ma'anar wannan abu mai sauƙi ne.
$ sudo shorewall save <filename>
Juyawa baya yana da sauƙi kamar haka:
$ sudo shorewall restore <filename>
Hakanan za'a iya farawa da daidaita Shorewall don amfani da madadin tsarin saiti. Kuna iya ƙayyade wannan shine umarnin farawa, amma kuna so ku fara duba shi.
$ sudo shorewall check <config-directory>
Idan kawai kuna son gwada tsarin, kuma idan yana aiki, fara shi, zaku iya tantance zaɓin gwadawa.
$ sudo shorewall try <config-directory> [ ]
Shorewall ɗaya ne kawai daga cikin ingantattun hanyoyin magance tacewar wuta waɗanda ake samu akan tsarin Linux. Komai ƙarshen bakan sadarwar da kuka sami kanku, da yawa suna ganin yana da sauƙi kuma mai amfani.
Wannan ƙaramin farawa ne, kuma wanda zai iya kai ku kan hanyarku ba tare da shiga cikin dabarun sadarwar ba. Kamar koyaushe, don Allah bincika kuma ku duba shafukan mutumin da sauran albarkatun. Jerin aikawasiku na Shorewall wuri ne mai ban sha'awa, kuma an sabunta shi kuma ana kiyaye shi sosai.