Back to Question Center
0

Yadda za a gyara ƙudan zuma mai nisa tare da firewalls

1 answers:

How to fix Semalt beef with firewalls

Ban san abin da wannan ke nufi ba, amma na tabbata wasu daga cikinku tare da Semalt sun shiga cikin matsala ta hanyar tacewar wuta don haka watakila za ku iya yin hakan daga wannan.

Gudura don tip, windexh8er!

Kamar yadda shawarar da windexh8er ya nuna, a nan ne tsarin dokokin ipfw don tsarawa don tsarin Macs ko FreeBSD. Lura cewa gidan sadarwar gidanka na sirri yana da wani nauyin IP, ba tare da goyon bayan VPN ba a tsakanin tsattsauran IP, kuma don inganta tsaro, don haka dokokinka na sirri ba su dace da wasu cibiyoyin da za ka iya samun kanka ba.

Dokoki suna ƙasa, amma tabbas za ku sami sauƙi idan kun sauke fayil din daga http: // securosis - asphalt service anne arundel county. com / wp-content / uploads / 2007/11 / ipfw-securosis. txt.

A WaterRoof, zaka iya shigo da waɗannan dokoki tare da "Kayan aiki> Kanfigawar Dokokin> Shigo da dokoki daga fayil. ". Don bincika dokokin ipfw, yi amfani da "sudo ipfw list". Idan kun yarda da dokokinku, shigar da su don sake dawowa ta gaba tare da "Kayan aiki> Kanfigawar Dokokin> Ajiye don farawa sanyi" da "Kayan aiki> Rubutun farawa> Shigar da Rubutun farawa".

# BA YA KARANYA KUMAN RULU ba tare da sanya su ba na farko!
# Shafin: 2007/11/15

# Don ƙarin bayani, duba http: // securosis. com / 2007/11/15 / ipfw-dokoki /

# Wadannan dokoki * MUST * za a daidaita su don bukatunku.
# Musamman, idan kuna da gidan sadarwar gida mai zaman kansa (a baya wani AirPort
# Shafin Farko, Linksys WRT54G, da dai sauransu), canza "10. 42. 24. 0/24 "a kasa zuwa
# kuɗin yanar gizonku na sirri.
# Bugu da ƙari, ƙyale kawai mashigai ka zahiri amfani; wasu mashigai su zama
# an katange ta tafin wuta na ipfw.

# Na gode da:
# Rich Mogull http: // securosis. com
# windexh8er: http: // www. slash32. com /
# Lee: http: // thnetos. wordpress. com /
# Chris Pepper http: // www. extrapepperoni. com /
# Apple (Admin Sadarwar hanya ce mai kyau don ƙirƙirar dokffw ruleset)
# http: // www. apple. com / server / macosx /
# FreeBSD (inda Apple samu ipfw) http: // www. freebsd. org /

# Ba mu son wannan ba, amma ba a iya yiwuwa ba a Mac OS X Server, don haka
# rubuta shi a nan (serialnumberd)
# 100 ba dama udp daga kowane 626 zuwa kowane tashar jiragen ruwa 626

# Bari in yi magana da kaina a kan loopback
ƙara 200 bada ip daga kowane zuwa wani via lo0

# Adireshin Loopback akan wadanda ba a ba da shi ba ne
ƙara 300 ƙaryata log logamount 1000 ip daga kowane zuwa 127. 0. 0. 0/8
ƙara 310 ƙaryatãwa logamount 1000 ip daga 224. 0. 0. 0/4 zuwa wani a cikin

# Block multicast idan ba ku yi amfani da shi ba
# ƙara 400 rikici daga 224. 0. 0. 0/4 zuwa kowane a cikin

# Yarda da martani ga shirye-shirye na abokin ciniki
Ƙara alamar rajista 500

# Idan muka bari tattaunawa ta fara, bari ya ci gaba
Ƙara 600 ba da damar tcp daga kowane zuwa kowane kafa

# Bari shirye-shiryenku su fita.
Ƙara 700 yada tcp daga kowane zuwa duk wani ci gaba-ƙasa
ƙara 710 ba da damar udp daga kowane zuwa kowane waje-ci gaba

# Canja wannan zuwa gajerun DENY idan ba ka buƙatar su.
ƙara 800 damar udp daga kowane zuwa kowane a frag

# Block inbounds cewa sun ce sun kafa
# ƙara 900 ƙaryatãwa game da tcp daga kowane zuwa kowane kafa a

# Ƙara 1000 ya ba da izinin icmp daga 10. 9. 7. 0/24 zuwa kowane icmptypes 8

# Admin Adireshin yana bada waɗannan ta hanyar tsoho
Ƙara 1100 ba da damar icmp daga wani zuwa kowane icmptypes 0
ƙara 1110 ƙyale izinin daga wani zuwa kowane

# mDNS (Bonjour) daga cibiyar sadarwa na gida (kun cika naka,
# mafi dacewa ba misali, cibiyoyin sadarwa bayan 'daga')
# Don Komawa zuwa Mac, zaka iya buƙatar wannan daga 'kowane'
# ƙara 5000 ƙyale udp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 5353
# ƙara 5010 ba da damar udp daga 10. 42. 24. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 3689

# AFP
#add 5400 ba da damar tcp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 548

# HTTP (Apache); HTTPS
# ƙara 5500 ba da damar tcp daga kowane zuwa kowane tashar jiragen ruwa 80
# ƙara 5510 ba da damar tcp daga kowane zuwa tashar jiragen ruwa 443

# L2TP VPN
# ƙara 5600 ba da damar udp daga kowane zuwa tashar jiragen ruwa 1701
# ƙara 5610 ba da damar esp daga kowane zuwa wani
# ƙara 5620 ba da izp daga kowane zuwa kowane tashar jiragen ruwa 500
# ƙara 5630 ƙyale udp daga kowane zuwa kowane tashar jiragen ruwa 4500

# iChat: gida
#add 5700 ba da damar tcp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 5298
#add 5710 ba da damar udp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 5298
#add 5720 ba dama udp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 5297,5678

# Admin Adireshin SSL (Mac OS X Server kawai)
# ƙara 5800 ya bada damar tcp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 311
# ƙara 5810 ba da damar tcp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 427
# ƙara 5820 ba dama udp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 427

# syslog
# ƙara 5900 ba dama udp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 514

# ipp (CUPS bugu)

# ƙara 6000 ƙyale tcp daga 10. 42. 24. 0/24 zuwa kowane tashar jiragen ruwa 631

# MTU binciken
ƙara 10000 ƙyale icmp daga kowane zuwa kowane gumaki 3

# Hannun kayan shafa
ƙara 10100 ba da izinin gumaka daga wani zuwa kowane gumaki 4

# Turawa; yarda da amsoshin ping
ƙara 10200 ƙyale icmp daga kowane zuwa kowane icmptypes 8 out
ƙara 10210 ƙyale icmp daga kowane zuwa kowane icmptypes 0 a

# Ka bani damar in gano
ƙara 10300 ƙyale icmp daga wani zuwa kowane icmptypes 11 a

# Manufar ta na gaba: shiga da sauke wani abu wanda bai dace ba da izinin
# mulkin sama
ƙara 65534 ƙin log logamount 1000 ip daga kowane zuwa wani

# Daidaita tsoho da aka ƙyale izinin sarauta (wanda aka haɗa zuwa Darwin kernel)
ƙara 65535 ba da damar ip daga kowane zuwa wani

March 10, 2018