Бруй В.В., Карлов С.В. - Linux-сервер - пошаговые инструкции - инсталляции и настройки (1077321), страница 44

Просмтор этого файла доступен только зарегистрированным пользователям. Но у нас супер быстрая регистрация: достаточно только электронной почты!

Текст из файла (страница 44)

GIPTables Firewall – программное обеспечение для настройки IPTables157# Interface 0 POP3S incoming client requestINTERFACE0_POP3S_SERVER="no"INTERFACE0_POP3S_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_POP3S_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 POP3S incoming client requestINTERFACE1_POP3S_SERVER="no"INTERFACE1_POP3S_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_POP3S_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_POP3S_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_POP3S_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#************************************************************************#*#I M A P*#*#************************************************************************ACCEPT_IMAP="yes"#-----------------------------------------------------------------------# IMAP outgoing client request## Network 1 IMAP forwarded outgoing client requestNETWORK1_IMAP_CLIENT="yes"NETWORK1_IMAP_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_IMAP_OUT_DST_IPADDR[0]=$ANY_IPADDR#_----------------------------------------------------------------------# IMAP incoming client request## Interface 0 IMAP incoming client requestINTERFACE0_IMAP_SERVER="no"INTERFACE0_IMAP_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_IMAP_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 IMAP incoming client requestINTERFACE1_IMAP_SERVER="no"INTERFACE1_IMAP_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_IMAP_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_IMAP_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_IMAP_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#************************************************************************#*#I M A P S*#*#************************************************************************158Часть 2.

Система сетевой защитыACCEPT_IMAPS="no"#-----------------------------------------------------------------------# IMAPS outgoing client request## Network 1 IMAPS forwarded outgoing client requestNETWORK1_IMAPS_CLIENT="yes"NETWORK1_IMAPS_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_IMAPS_OUT_DST_IPADDR[0]=$ANY_IPADDR#----------------------------------------------------------------------# IMAPS incoming client request## Interface 0 IMAPS incoming client requestINTERFACE0_IMAPS_SERVER="no"INTERFACE0_IMAPS_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_IMAPS_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 IMAPS incoming client requestINTERFACE1_IMAPS_SERVER="no"INTERFACE1_IMAPS_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_IMAPS_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_IMAPS_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_IMAPS_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#*************************************************************************#*#H T T P*#*#*************************************************************************ACCEPT_HTTP="yes"#-----------------------------------------------------------------------# HTTP outgoing client request## Network 1 HTTP forwarded outgoing client requestNETWORK1_HTTP_CLIENT="yes"NETWORK1_HTTP_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_HTTP_OUT_DST_IPADDR[0]=$ANY_IPADDR#-----------------------------------------------------------------------# HTTP incoming client request## Interface 0 HTTP incoming client requestГлава 10.

GIPTables Firewall – программное обеспечение для настройки IPTables159INTERFACE0_HTTP_SERVER="no"INTERFACE0_HTTP_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_HTTP_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 HTTP incoming client requestINTERFACE1_HTTP_SERVER="no"INTERFACE1_HTTP_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_HTTP_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_HTTP_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_HTTP_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#************************************************************************#*#H T T P S*#*#************************************************************************ACCEPT_HTTPS="yes"#-----------------------------------------------------------------------# HTTPS outgoing client request## Network 1 HTTPS forwarded outgoing client requestNETWORK1_HTTPS_CLIENT="yes"NETWORK1_HTTPS_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_HTTPS_OUT_DST_IPADDR[0]=$ANY_IPADDR#-----------------------------------------------------------------------# HTTPS incoming client request## Interface 0 HTTPS incoming client requestINTERFACE0_HTTPS_SERVER="no"INTERFACE0_HTTPS_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_HTTPS_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 HTTPS incoming client requestINTERFACE1_HTTPS_SERVER="no"INTERFACE1_HTTPS_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_HTTPS_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_HTTPS_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_HTTPS_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#*************************************************************************#*#S Q U I D*#*#(************************************************************************160Часть 2.

Система сетевой защитыACCEPT_SQUID="no" # Squid in Proxy-Caching Mode#************************************************************************#*#W E B C A C H E*#*#************************************************************************ACCEPT_WEBCACHE="no" # Squid in HTTPD-Accelerator Mode#-----------------------------------------------------------------------# WEBCACHE outgoing client request## Network 1 WEBCACHE forwarded outgoing client requestNETWORK1_WEBCACHE_CLIENT="yes"NETWORK1_WEBCACHE_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_WEBCACHE_OUT_DST_IPADDR[0]=$ANY_IPADDR#-----------------------------------------------------------------------# WEBCACHE incoming client request## Interface 0 WEBCACHE incoming client requestINTERFACE0_WEBCACHE_SERVER="no"INTERFACE0_WEBCACHE_IN_SRC_IPADDR[0]=$ANY_IPADDRINTERFACE0_WEBCACHE_IN_DST_IPADDR[0]=$INTERFACE0_IPADDR# Interface 1 WEBCACHE incoming client requestINTERFACE1_WEBCACHE_SERVER="no"INTERFACE1_WEBCACHE_IN_SRC_IPADDR[0]=$NETWORK1INTERFACE1_WEBCACHE_IN_DST_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE1_WEBCACHE_IN_SRC_IPADDR[1]=$NETWORK1INTERFACE1_WEBCACHE_IN_DST_IPADDR[1]=$INTERFACE1_IPADDR#************************************************************************#*#S O C K S*#*#************************************************************************ACCEPT_SOCKS="no"#*************************************************************************#*#N N T P*#*#*************************************************************************ACCEPT_NNTP="yes"Глава 10.

GIPTables Firewall – программное обеспечение для настройки IPTables161#-----------------------------------------------------------------------# NNTP outgoing client request## Network 1 NNTP forwarded outgoing client requestNETWORK1_NNTP_CLIENT="yes"NETWORK1_NNTP_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_NNTP_OUT_DST_IPADDR[0]=$ANY_IPADDR#**************************************************************************#*#N N T P S*#*#**************************************************************************ACCEPT_NNTPS="no"#**************************************************************************#*#M Y S Q L*#*#**************************************************************************ACCEPT_MYSQL="no"#***************************************************************************#*#P O S T G R E S*#*#*************************************************************************ACCEPT_POSTGRES="no"#**************************************************************************#*#O R A C L E*#*#**************************************************************************ACCEPT_ORACLE="no"162Часть 2.

Система сетевой защиты#**************************************************************************#*#M S S Q L*#*#**************************************************************************ACCEPT_MSSQL="no"#**************************************************************************#*#L D A P*#*#**************************************************************************ACCEPT_LDAP="no"#**************************************************************************#*#L D A P S*#*#**************************************************************************ACCEPT_LDAPS="no"#************************************************************************#*#A U T H*#*#************************************************************************ACCEPT_AUTH="no"#-----------------------------------------------------------------------# AUTH outgoing client request## Reject, rather than deny, the outgoing auth client packets (Net-HOWTO)INTERFACE0_AUTH_OUT_REJECT="yes"INTERFACE1_AUTH_OUT_REJECT="yes"NETWORK1_AUTH_OUT_REJECT="yes"#-----------------------------------------------------------------------# AUTH incoming client request## Reject, rather than deny, the incoming auth client packets (Net-HOWTO)Глава 10.

GIPTables Firewall – программное обеспечение для настройки IPTables163INTERFACE0_AUTH_IN_REJECT="yes"INTERFACE1_AUTH_IN_REJECT="yes"NETWORK1_AUTH_IN_REJECT="yes"#-----------------------------------------------------------------------# AUTH outgoing client request## Interface 0 AUTH outgoing client requestINTERFACE0_AUTH_CLIENT="yes"INTERFACE0_AUTH_OUT_SRC_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE0_AUTH_OUT_DST_IPADDR[0]=$ANY_IPADDR# Interface 1 AUTH outgoing client requestINTERFACE1_AUTH_CLIENT="yes"INTERFACE1_AUTH_OUT_SRC_IPADDR[0]=$INTERFACE1_IPADDRINTERFACE1_AUTH_OUT_DST_IPADDR[0]=$NETWORK1# Network 1 AUTH forwarded outgoing client requestNETWORK1_AUTH_CLIENT="yes"NETWORK1_AUTH_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_AUTH_OUT_DST_IPADDR[0]=$ANY_IPADDR#***********************************************************************#*#W H O I S*#*#***********************************************************************ACCEPT_WHOIS="no"#----------------------------------------------------------------------# WHOIS outgoing client request## Interface 0 WHOIS outgoing client requestINTERFACE0_WHOIS_CLIENT="yes"INTERFACE0_WHOIS_OUT_SRC_IPADDR[0]=$INTERFACE0_IPADDRINTERFACE0_WHOIS_OUT_DST_IPADDR[0]=$ANY_IPADDR# Interface 1 WHOIS outgoing client requestINTERFACE1_WHOIS_CLIENT="yes"INTERFACE1_WHOIS_OUT_SRC_IPADDR[0]=$INTERFACE1_IPADDRINTERFACE1_WHOIS_OUT_DST_IPADDR[0]=$NETWORK1# Network 1 WHOIS forwarded outgoing client requestNETWORK1_WHOIS_CLIENT="yes"NETWORK1_WHOIS_OUT_SRC_IPADDR[0]=$NETWORK1NETWORK1_WHOIS_OUT_DST_IPADDR[0]=$ANY_IPADDR#************************************************************************#*164Часть 2.

Характеристики

Список файлов книги