Initial SIMPLE IP Firewall script for Linux and iptables

最新推荐文章于 2024-11-04 12:22:27 发布
最新推荐文章于 2024-11-04 12:22:27 发布
阅读量144 收藏
点赞数
分类专栏: Linux系统 文章标签: 网络 p2p 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yunlin2000/article/details/125135691
版权 
#!/bin/sh

#################################################################################
#										#
# rc.firewall - Initial SIMPLE IP Firewall script for Linux and iptables        #
#										#
# 02/17/2020  Created by Dijiang Huang ASU SNAC Lab      			#
#										#
#################################################################################
#                                                                               #
#                                                                               #
# Configuration options, these will speed you up getting this script to         #
# work with your own setup.                                                     #
#                                                                               #
# your LAN's IP range and localhost IP. /24 means to only use the first 24      #
# bits of the 32 bit IP address. the same as netmask 255.255.255.0              #
#                                                                               #
#                                                                               # 
#################################################################################
#
# 1. Configuration options.
# NOTE that you need to change the configuration based on your own network setup.
# The defined alias and variables allow you to manage and update the entire 
# configurations easily, and more readable :-)
#
# Lab Network Topology
#
# ---------              ----------              ---------  
# |Client |__Client_NET__|Gateway |__Server_NET__|Server |
# ---------              ----------              --------- 
#                            |
#                            |Internet           
#                            |              ________ 
#                        ----------        /        \
#                        |External|________|Internet|
#                        |Router  |        \________/ 
#                        ----------
#

####
# 1.1. Internet ip address
# 
#
Internet_IP="172.16.0.11"
Internet_IP_RANGE="172.16.0.0/12"
Internet_BCAST_ADRESS="172.31.255.255"
Internet_IFACE="ens5"

####
# 1.2 Client network configuration.
#
#

#
# IP addresses of the client-side network
#
Client_NET_IP="192.168.0.3"
Client_NET_IP_RANGE="192.168.0.0/24"
Client_NET_BCAST_ADRESS="192.168.0.255"
Client_NET_IFACE="ens3"

####
# 1.3 Server Network Configuration.
#

#
# IP addresses of the server-side network
#
Server_NET_IP="10.0.0.6"
Server_NET_IP_RANGE="10.0.0.0/8"
Server_NET_BCAST_ADRESS="10.255.255.255"
Server_NET_IFACE="ens4"

#
# IP aliases for the server (server's IP address)
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
WEB_IP_ADDRESS="10.0.0.9"
MAIL_IP_ADDRESS="10.0.0.9"
SSH_IP_ADDRESS="10.0.0.9"
DNS_IP_ADDRESS="10.0.0.9"
FTP_IP_ADDRESS="10.0.0.9"
#IP aliases for NATed services (this is the GW's ip on client network)
NAT_WEB_IP_ADDRESS="192.168.0.3"
NAT_MAIL_IP_ADDRESS="192.168.0.3"
NAT_SSH_IP_ADDRESS="192.168.0.3"
NAT_DNS_IP_ADDRESS="192.168.0.3"
NAT_FTP_IP_ADDRESS="192.168.0.3"
PASV_FTP_PORT_RANGE="30000:30099"

####
# 1.4 IPTables Configuration.
#

IPTABLES="/sbin/iptables"


#######################################################
#                                                     #
# 2. Module loading.                                  #
#                                                     #
#######################################################
#
# Needed to initially load modules
#
/sbin/depmod -a	 

#
# flush iptables
#
$IPTABLES -F 
$IPTABLES -X 
$IPTABLES -F -t nat

#####
# 2.1 Required modules
#

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state

#####
# 2.2 Non-frequently used modules
#

#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#/sbin/modprobe ip_nat_ftp

###########################################################################
#
# 3. /proc set up.
#

#
# 3.1 Required proc configuration
#

#
# Enable ip_forward, this is critical since it is turned off as defaul in 
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward

#
# 3.2 Non-Required proc configuration
#

#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr

###########################################################################
#
# 4. rules set up.
#

# The kernel starts with three lists of rules; these lists are called firewall
# chains or just chains. The three chains are called INPUT, OUTPUT and FORWARD.
#
# The chains are arranged like so:
#
#                     _____
#                    /     \
#  -->[Routing ]--->|FORWARD|------->
#     [Decision]     \_____/        ^
#          |                        |
#          v                       ____
#         ___                     /    \
#        /   \                   |OUTPUT|
#       |INPUT|                   \____/
#        \___/                      ^
#          |                        |
#           ----> Local Process ----
#
# 1. When a packet comes in (say, through the Ethernet card) the kernel first 
#    looks at the destination of the packet: this is called `routing'.
# 2. If it's destined for this box, the packet passes downwards in the diagram, 
#    to the INPUT chain. If it passes this, any processes waiting for that 
#    packet will receive it. 
# 3. Otherwise, if the kernel does not have forwarding enabled, or it doesn't 
#    know how to forward the packet, the packet is dropped. If forwarding is 
#    enabled, and the packet is destined for another network interface (if you 
#    have another one), then the packet goes rightwards on our diagram to the 
#    FORWARD chain. If it is ACCEPTed, it will be sent out. 
# 4. Finally, a program running on the box can send network packets. These 
#    packets pass through the OUTPUT chain immediately: if it says ACCEPT, then 
#    the packet continues out to whatever interface it is destined for. 
#


#####
# 4.1 Filter table
#

#
# 4.1.1 Set policies
#

#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#

# Whitelist (Whitelist is preferred)
#$IPTABLES -P INPUT DROP
#$IPTABLES -P OUTPUT DROP
#$IPTABLES -P FORWARD DROP

# Blacklist
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

#
# 4.1.2 Create user-specified chains
#

#
# Example of creating a chain for bad tcp packets
#

#$IPTABLES -N bad_tcp_packets

#
# Create separate chains for allowed (whitelist), ICMP, TCP and UDP to traverse
#

#$IPTABLES -N allowed
#$IPTABLES -N tcp_packets
#$IPTABLES -N udp_packets
#$IPTABLES -N icmp_packets

#
# In the following 4.1.x, you can provide individual user-specified rules


#
# 4.1.3 Example of create content in user-specified chains (bad_tcp_packets)
#

#
# bad_tcp_packets chain
#

#$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset 
#$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:"
#$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

#
# 4.1.4 Example of allowed chain (allow packets for initial TCP or already established TCP sessions)
#

#$IPTABLES -A allowed -p TCP --syn -j ACCEPT
#$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A allowed -p TCP -j DROP


#####
# 4.2 FORWARD chain
#

#
# Provide your forwarding rules below
#

# example of checking bad tcp packets
#$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

# Allow http traffic from client network to server network
#$IPTABLES -A FORWARD -p TCP --dport 80 -i $Client_NET_IFACE -s $Client_NET_IP_RANGE -d $WEB_IP_ADDRESS -j ACCEPT
#$IPTABLES -A FORWARD -p TCP --sport 80 -i $Server_NET_IFACE -s $WEB_IP_ADDRESS -d $Client_NET_IP_RANGE -j ACCEPT

# example of using allowed
#$IPTABLES -A FORWARD -p tcp -j allowed


#####
# 4.3 INPUT chain
#

#
# Provide your input rules below
#

#
# Example of checking bad TCP packets we don't want.
#

#$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

#####
# 4.3 OUTPUT chain
#

#
# Provide your output rules below
#

#
# Example of checking bad TCP packets we don't want.
#

#$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

#####################################################################
#                                                                   #
# 5. NAT setup                                                      #
#                                                                   #
#####################################################################

#####
# 5.1  PREROUTING chain.
#
#
# Provide your NAT PREROUTING rules (packets come into your private domain)
#

#
# Example of enable http to internal web server behind the firewall (port forwarding)
#

# web
#$IPTABLES -t nat -A PREROUTING -p tcp -d $NAT_WEB_IP_ADDRESS --dport 80 -j DNAT --to $WEB_IP_ADDRESS



#####
# 5.2 POSTROUTING chain.
#
#
# Provide your NAT PREROUTING rules (packets go to the public domain)
#

# Allow client and server network nodes to access to Internet using masquerade
$IPTABLES -t nat -A POSTROUTING -o $Internet_IFACE -j MASQUERADE

# Allow the web server reply to the client go through the NAT 
#$IPTABLES -t nat -A POSTROUTING -p tcp -s $WEB_IP_ADDRESS -o $Client_NET_IFACE --sport 80 -j SNAT --to $Client_NET_IP



#################################################################################
#										#
# rc.firewall - Initial SIMPLE IP Firewall script for Linux and iptables        #
#										#
# 02/17/2020  Created by Dijiang Huang ASU SNAC Lab      			#
#										#
#################################################################################
#                                                                               #
#                                                                               #
# Configuration options, these will speed you up getting this script to         #
# work with your own setup.                                                     #
#                                                                               #
# your LAN's IP range and localhost IP. /24 means to only use the first 24      #
# bits of the 32 bit IP address. the same as netmask 255.255.255.0              #
#                                                                               #
#                                                                               # 
#################################################################################
#
# 1. Configuration options.
# NOTE that you need to change the configuration based on your own network setup.
# The defined alias and variables allow you to manage and update the entire 
# configurations easily, and more readable :-)
#
# Lab Network Topology
#
# ---------              ----------              ---------  
# |Client |__Client_NET__|Gateway |__Server_NET__|Server |
# ---------              ----------              --------- 
#                            |
#                            |Internet           
#                            |              ________ 
#                        ----------        /        \
#                        |External|________|Internet|
#                        |Router  |        \________/ 
#                        ----------
#

####
# 1.1. Internet ip address
# 
#
Internet_IP="172.16.0.11"
Internet_IP_RANGE="172.16.0.0/12"
Internet_BCAST_ADRESS="172.31.255.255"
Internet_IFACE="ens5"

####
# 1.2 Client network configuration.
#
#

#
# IP addresses of the client-side network
#
Client_NET_IP="192.168.0.3"
Client_NET_IP_RANGE="192.168.0.0/24"
Client_NET_BCAST_ADRESS="192.168.0.255"
Client_NET_IFACE="ens3"

####
# 1.3 Server Network Configuration.
#

#
# IP addresses of the server-side network
#
Server_NET_IP="10.0.0.6"
Server_NET_IP_RANGE="10.0.0.0/8"
Server_NET_BCAST_ADRESS="10.255.255.255"
Server_NET_IFACE="ens4"

#
# IP aliases for the server (server's IP address)
#
LO_IFACE="lo"
LO_IP="127.0.0.1"
WEB_IP_ADDRESS="10.0.0.9"
MAIL_IP_ADDRESS="10.0.0.9"
SSH_IP_ADDRESS="10.0.0.9"
DNS_IP_ADDRESS="10.0.0.9"
FTP_IP_ADDRESS="10.0.0.9"
#IP aliases for NATed services (this is the GW's ip on client network)
NAT_WEB_IP_ADDRESS="192.168.0.3"
NAT_MAIL_IP_ADDRESS="192.168.0.3"
NAT_SSH_IP_ADDRESS="192.168.0.3"
NAT_DNS_IP_ADDRESS="192.168.0.3"
NAT_FTP_IP_ADDRESS="192.168.0.3"
PASV_FTP_PORT_RANGE="30000:30099"

####
# 1.4 IPTables Configuration.
#

IPTABLES="/sbin/iptables"


#######################################################
#                                                     #
# 2. Module loading.                                  #
#                                                     #
#######################################################
#
# Needed to initially load modules
#
/sbin/depmod -a	 

#
# flush iptables
#
$IPTABLES -F 
$IPTABLES -X 
$IPTABLES -F -t nat

#####
# 2.1 Required modules
#

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state

#####
# 2.2 Non-frequently used modules
#

#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#/sbin/modprobe ip_nat_ftp

###########################################################################
#
# 3. /proc set up.
#

#
# 3.1 Required proc configuration
#

#
# Enable ip_forward, this is critical since it is turned off as defaul in 
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward

#
# 3.2 Non-Required proc configuration
#

#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr

###########################################################################
#
# 4. rules set up.
#

# The kernel starts with three lists of rules; these lists are called firewall
# chains or just chains. The three chains are called INPUT, OUTPUT and FORWARD.
#
# The chains are arranged like so:
#
#                     _____
#                    /     \
#  -->[Routing ]--->|FORWARD|------->
#     [Decision]     \_____/        ^
#          |                        |
#          v                       ____
#         ___                     /    \
#        /   \                   |OUTPUT|
#       |INPUT|                   \____/
#        \___/                      ^
#          |                        |
#           ----> Local Process ----
#
# 1. When a packet comes in (say, through the Ethernet card) the kernel first 
#    looks at the destination of the packet: this is called `routing'.
# 2. If it's destined for this box, the packet passes downwards in the diagram, 
#    to the INPUT chain. If it passes this, any processes waiting for that 
#    packet will receive it. 
# 3. Otherwise, if the kernel does not have forwarding enabled, or it doesn't 
#    know how to forward the packet, the packet is dropped. If forwarding is 
#    enabled, and the packet is destined for another network interface (if you 
#    have another one), then the packet goes rightwards on our diagram to the 
#    FORWARD chain. If it is ACCEPTed, it will be sent out. 
# 4. Finally, a program running on the box can send network packets. These 
#    packets pass through the OUTPUT chain immediately: if it says ACCEPT, then 
#    the packet continues out to whatever interface it is destined for. 
#


#####
# 4.1 Filter table
#

#
# 4.1.1 Set policies
#

#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#

# Whitelist (Whitelist is preferred)
#$IPTABLES -P INPUT DROP
#$IPTABLES -P OUTPUT DROP
#$IPTABLES -P FORWARD DROP

# Blacklist
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

#
# 4.1.2 Create user-specified chains
#

#
# Example of creating a chain for bad tcp packets
#

#$IPTABLES -N bad_tcp_packets

#
# Create separate chains for allowed (whitelist), ICMP, TCP and UDP to traverse
#

#$IPTABLES -N allowed
#$IPTABLES -N tcp_packets
#$IPTABLES -N udp_packets
#$IPTABLES -N icmp_packets

#
# In the following 4.1.x, you can provide individual user-specified rules


#
# 4.1.3 Example of create content in user-specified chains (bad_tcp_packets)
#

#
# bad_tcp_packets chain
#

#$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset 
#$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:"
#$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP

#
# 4.1.4 Example of allowed chain (allow packets for initial TCP or already established TCP sessions)
#

#$IPTABLES -A allowed -p TCP --syn -j ACCEPT
#$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A allowed -p TCP -j DROP


#####
# 4.2 FORWARD chain
#

#
# Provide your forwarding rules below
#

# example of checking bad tcp packets
#$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

# Allow http traffic from client network to server network
#$IPTABLES -A FORWARD -p TCP --dport 80 -i $Client_NET_IFACE -s $Client_NET_IP_RANGE -d $WEB_IP_ADDRESS -j ACCEPT
#$IPTABLES -A FORWARD -p TCP --sport 80 -i $Server_NET_IFACE -s $WEB_IP_ADDRESS -d $Client_NET_IP_RANGE -j ACCEPT

# example of using allowed
#$IPTABLES -A FORWARD -p tcp -j allowed


#####
# 4.3 INPUT chain
#

#
# Provide your input rules below
#

#
# Example of checking bad TCP packets we don't want.
#

#$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

#####
# 4.3 OUTPUT chain
#

#
# Provide your output rules below
#

#
# Example of checking bad TCP packets we don't want.
#

#$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

#####################################################################
#                                                                   #
# 5. NAT setup                                                      #
#                                                                   #
#####################################################################

#####
# 5.1  PREROUTING chain.
#
#
# Provide your NAT PREROUTING rules (packets come into your private domain)
#

#
# Example of enable http to internal web server behind the firewall (port forwarding)
#

# web
#$IPTABLES -t nat -A PREROUTING -p tcp -d $NAT_WEB_IP_ADDRESS --dport 80 -j DNAT --to $WEB_IP_ADDRESS



#####
# 5.2 POSTROUTING chain.
#
#
# Provide your NAT PREROUTING rules (packets go to the public domain)
#

# Allow client and server network nodes to access to Internet using masquerade
$IPTABLES -t nat -A POSTROUTING -o $Internet_IFACE -j MASQUERADE

# Allow the web server reply to the client go through the NAT 
#$IPTABLES -t nat -A POSTROUTING -p tcp -s $WEB_IP_ADDRESS -o $Client_NET_IFACE --sport 80 -j SNAT --to $Client_NET_IP
yunlin2000
关注
专栏目录
超级详细的iptables介绍
sdytlm的专栏
06-14 3万+
Iptables 指南 1.1.19Oskar Andreasson     oan@frozentux.netCopyright © 2001-2003 by Oskar Andreasson 本文在符合 GNU Free Documentation 许可版本1.1的条件下,可以拷贝、分发、更改,但必须保留绪言 和所有的章节,如印刷成书,封面要包括
linux常用命令-part3
热门推荐
chinayuan的专栏
05-01 2万+
中文怎么发音 Ubuntu 有奔头,乌版图 Fedora 费德勒,菲朵拉 Debian 迪扁,德槟 CentOS 桑托斯 森头斯       Linux发展历史: 1) RedHat ---> 1.RedHat                2.CentOS                3.Fedora  桌面图形系统        rpm, yum 命令 2)
Linux IPv6 Iptables Firewall Script
weixin_34411563的博客
01-18 143
Linux IPv6 Iptables Firewall Script #!/bin/bash # A bash shell script for ip6tables to protect single hosting / dedicated / vps / colo server running CentOS / Debian / RHEL / or any other...
Linux firewall防火墙详解(二)——firewall配置
永远是少年
12-07 9649
本文主要内容是Linux firewall防火墙配置 一、Linux firewall常用命令 二、通过配置文件使用firewall
iptables配置
Qvip的专栏
04-06 1446
iptables官方网站:http://netfilter.org/ 数据包经过防火墙的路径 http://www.linux.gov.cn/netweb/iptables.htm禁止端口的实例禁止ssh端口只允许在192.168.62.1上使用ssh远程登录,从其它计算机上禁止使用ssh#iptables -A INPUT -s 192.168.62.
Linux firewall防火墙详解(一)——firewall基础知识简介
永远是少年
12-07 8745
本文主要内容是Linux firewall防火墙基础知识介绍 一、firewall基础知识 二、firewall区域介绍 三、firewall服务简介
NAT穿透
feiren127的专栏
05-09 8827
对于UDP:一种是Cone NAT,简单说就是NAT每次分配给内网的端口是一样的,即使连接不同的主机,NAT上的端口还是不变(除非过期)。类似这样的NAT或防火墙,已经有比较可靠的解决方法:Peer-to-Peer (P2P) communication across middleboxes 另外一种是Symmetric NAT,对于这种NAT,内网连接不同的其他主机,NAT分配给它的
Linux防火墙iptables配置详解
Greensun的专栏
03-13 1962
iptables官方网站:http://netfilter.org/ 数据包经过防火墙的路径禁止端口强制访问某站点发布内部网络服务器智能DNS端口映射通过NAT上网IP规则的保存与恢复iptables指令语法iptables实例 数据包经过防火墙的路径 图1比较完整地展示了一个数据包是如何经过防火墙的,考虑到节省空间,该图实际上包了三种情况: 来自外部,以防火墙(本机)为目的地的包,在
linux常用命令-part2
chinayuan的专栏
05-01 2万+
Ubuntu,Fedora,Debian,CentOS中文怎么发音 有奔头, 费德勒, 迪扁, 桑托斯。 乌版图 菲朵拉 德槟 森头斯 ================================ 使用find和wc命令统计代码行数 ================================ wc -l `find . -name "*.js" | xargs`
OpenStack-Train
YiGeXiaoBaia的博客
05-03 939
最小化OpenStack Train版 实验环境 主机名 IP地址 操作系统 角色 controller 10.0.0.11 、192.168.191.171 CentOS 7 控制节点、网络节点 compute1 10.0.0.31 、192.168.191.177 CentOS 7 计算节点 block1 10.0.0.41 、192.168.191.178 CentOS 7 块存储节点 1. 环境准备 1.1 基础配置 更改IP地址 关闭防火墙及SELinux 修改wind
Ubuntu The Complete Reference
10-19
- **Configuring Firewalls**: Detailed instructions for configuring firewalls using tools like `iptables` and `ufw`. - **Firewall Rules**: Explanation of firewall rules and how to create effective rule...
NAT 穿透是如何工作的:技术原理及企业级实践
云原生实验室
10-22 1197
译者序本文翻译自 2020 年的一篇英文博客:How NAT traversal works[1]。设想这样一个问题:在北京和上海各有一台局域网的机器(例如一台是家里的台式机,一 台是连接...
跨域问题解决方案(HttpClient安全跨域 & jsonp跨域)
Gavin的博客
03-09 1431
这篇blog很详细!很棒!收藏以下。 http://blog.csdn.net/lovesummerforever/article/details/38052213
为什么TCP(TIME_WAIT)2倍MSL
weixin_44102162的博客
11-01 674
MSL(最大报文段生存时间)是TCP协议中定义的一个常量,表示TCP报文在网络中存活的最长时间。等待2倍MSL的原因是为了给报文提供足够的时间消失或确认。第一个MSL:等待网络中的FIN和ACK报文到达对方,确保双方完成连接关闭。第二个MSL:等待可能在网络中滞留的所有旧报文完全失效,避免与未来的新连接混淆。TIME_WAIT状态在TCP协议中扮演了确保数据完整性和网络可靠性的角色,通过2倍MSL时间的等待机制,防止ACK丢失以及旧报文干扰新连接。
ICT网络赛道安全考点知识总结4
最新发布
m0_72765822的博客
11-04 499
RADIUS和HWTACACS协议通常都使用共享密钥对传输的用户信息进行加密,以确保安全传输。 用来封装EAP报文的RADIUS属性通常是"EAP-Message",它用于传输EAP认证过程中的消息。 LDAP的域名属性通常是"DC"(Domain Component),用于表示域名的组成部分。 BFD(Bidirectional Forwarding Detection)可以用于检测网络设备之间直连物理链路的双向转发路径的故障,但也可以用于检测其他类型的链路故障。 管理员为虚拟系统手工分配资源时,
嵌入式通信协议:MODBUS简明学习笔记
weixin_73867577的博客
11-02 299
学习Modbus的简明学习笔记
集线器是共享带宽的,交换机独享带宽。怎么讲?
zxf347085420的博客
10-31 350
交换机的所有的端口都挂接在这条背部总线上,控制电路收到数据包以后,处理端口会查找内存中的地址对照表以确定目的MAC(网卡的硬件地址)的NIC(网卡)挂接在哪个端口上,通过内部交换矩阵迅速将数据包传送到目的端口,目的MAC若不存在,广播到所有的端口,接收端口回应后交换机会“学习”新的MAC地址,并把它添加入内部MAC地址表中。交换机都支持全双工。上网出口才一条,这是大家共亨的,而交换机的带宽现在一般的是100M,是独亨的,指的是你内部与其他电脑通讯使用的带宽。是独亨的,指的是你内部与其他电脑通讯使用的带宽。
tcp shutdown, fin_wait1, fin_wait2, close_wait, last_ack, 谢特!
Netfilter
10-31 1983
状态很奇怪,人们很难接受一个连接在非 ESTABLISHED 状态下正常传输数据,这会引来一堆咨询,但根据 TCP 状态机,这又是合理的,client 单向关闭了发送,FIN 就过去了,server 回复了 FIN,进入 CLOSE_WAIT,client 收到回复进入 FIN_WAIT_2,而 server 在 CLOSE_WAIT 下发数据,client 在 FIN_WAIT_2 下是完全合理的。但如果应用程序希望如此呢?TCP 的 RFC793 并未规定状态超时时间,为完整闭环这是合理的。
速盾:sdk盾有什么用?
zhuguowang01的博客
11-02 224
SDK盾能够对SDK进行加密保护,使其在传输和使用过程中难以被窃取,从而有效保护开发者的知识产权和商业利益。然而,由于SDK的泄露或被盗取,开发者可能会面临知识产权纠纷、追责等问题,进而影响软件的开发进度和效率。通过使用SDK盾可以有效避免这些问题的发生,保护开发者的合法权益,提高软件的开发效率。SDK盾可以对SDK进行防篡改和防病毒的检测,确保SDK的完整性和安全性,有效减少软件遭受恶意攻击的风险。而使用SDK盾可以保证SDK的完整性和可靠性,确保软件正常运行和稳定性,提升用户的使用体验。
McAfee Firewall 8.0.0 for Linux: 新增功能与安装指南
MCAFEE Firewall for Linux 8.0.0 是一款强大的防火墙解决方案,专为Linux环境设计,旨在提供高效、统一管理和高级安全功能。本手册详述了该版本的重要更新和特性,以及安装、已知问题和产品文档的相关信息。 **...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

yunlin2000

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值