{"id":3642,"date":"2013-05-25T15:07:11","date_gmt":"2013-05-25T12:07:11","guid":{"rendered":"http:\/\/www.koraykey.com\/?p=3642"},"modified":"2013-06-24T16:10:39","modified_gmt":"2013-06-24T13:10:39","slug":"linux-isletim-sistemlerinde-firewall-yapilandirmasi","status":"publish","type":"post","link":"https:\/\/www.koraykey.com\/?p=3642","title":{"rendered":"Linux \u0130\u015fletim Sistemlerinde Firewall Yap\u0131land\u0131rmas\u0131 (Iptables)"},"content":{"rendered":"

\"LinuxFirewall\"<\/a>Bu makalemizde Linux i\u015fletim sistemleri ile entegre gelen iki g\u00fcvenlik eklentisi olan “Linux Firewall (Iptables)” yaz\u0131l\u0131m\u0131n\u0131 inceleyece\u011fiz.<\/span><\/p>\n

Linux Firewall (Iptables) Nedir ?<\/span><\/strong><\/p>\n

Iptables netfilter tak\u0131m\u0131 ve bir\u00e7ok destekleyici taraf\u0131ndan geli\u015ftirilen g\u00fcvelik duvar\u0131 yaz\u0131l\u0131m\u0131d\u0131r. Linux \u00e7ekirde\u011fiyle konu\u015farak paket s\u00fczme kurallar\u0131n\u0131 belirler. Iptables, Linux i\u015fletim sisteminin varsay\u0131lan g\u00fcvenlik duvar\u0131d\u0131r. Bu g\u00fcvenlik duvar\u0131 servislerin \u00e7al\u0131\u015ft\u0131\u011f\u0131 portlardan ge\u00e7en trafi\u011fi engelleyebilir, ba\u015fka bir porta y\u00f6nlendirme yapabilir.<\/span><\/p>\n

1. Sunucumuzda kurulu de\u011filse Firewall (iptables) yaz\u0131l\u0131m\u0131n\u0131 kuruyoruz. Red Hat ve t\u00fcrevi i\u015fletim sistemlerinde “iptables” varsay\u0131lan olarak kurulu halde geliyor.<\/span><\/p>\n

-- IPv4 i\u00e7in iptables kurulumu a\u015fa\u011f\u0131daki gibi yap\u0131labilir.<\/span>\r\n\r\n# yum install iptables<\/span>\r\n\r\n-- IPv6 i\u00e7in iptables kurulumu a\u015fa\u011f\u0131daki gibi yap\u0131labilir.<\/span>\r\n\r\n# yum install iptables-ipv6<\/span><\/pre>\n
2. Sunucumuzda firewall servisimizi kapal\u0131ysa ba\u015flat\u0131yoruz ve sunucumuz a\u00e7\u0131ld\u0131\u011f\u0131nda otomatik ba\u015flamas\u0131 i\u00e7in gerekli ayarlar\u0131 yap\u0131yoruz.<\/span><\/p>\n
-- Firewall servisimizi ba\u015flatmak i\u00e7in<\/span>\r\n\r\n# service iptables start<\/span>\r\n\r\n-- Firewall servisimizin sunucumuz a\u00e7\u0131ld\u0131\u011f\u0131nda otomatik ba\u015flamas\u0131 i\u00e7in<\/span>\r\n\r\n# chkconfig --level 345 iptables on\r\n\r\n-- Firewall servisimizi durdurmak i\u00e7in\r\n\r\n# service iptables stop\r\n\r\n-- Firewall servisimizi sunucumuz a\u00e7\u0131ld\u0131\u011f\u0131nda ba\u015flamamas\u0131 i\u00e7in\r\n\r\n# chkconfig iptables off<\/span><\/pre>\n
3. Sunucumuzda firewall servisinin mevcut durumunu sorgulamak i\u00e7in a\u015fa\u011f\u0131daki komutu kullanabiliriz.<\/span><\/p>\n
# service iptables status<\/span>\r\n\r\nTable: filter\r\nChain INPUT (policy ACCEPT)\r\nnum\u00a0 target\u00a0\u00a0\u00a0\u00a0 prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\r\n1\u00a0\u00a0\u00a0 ACCEPT\u00a0\u00a0\u00a0\u00a0 all\u00a0 --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0 state RELATED,ESTABLISHED \r\n2\u00a0\u00a0\u00a0 ACCEPT\u00a0\u00a0\u00a0\u00a0 icmp --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\r\n3\u00a0\u00a0\u00a0 ACCEPT\u00a0\u00a0\u00a0\u00a0 all\u00a0 --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\r\n4\u00a0\u00a0\u00a0 ACCEPT\u00a0\u00a0\u00a0\u00a0 tcp\u00a0 --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0 state NEW tcp dpt:22 \r\n5\u00a0\u00a0\u00a0 REJECT\u00a0\u00a0\u00a0\u00a0 all\u00a0 --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0 reject-with icmp-host\r\n\r\nChain FORWARD (policy ACCEPT)\r\nnum\u00a0 target\u00a0\u00a0\u00a0\u00a0 prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\r\n1\u00a0\u00a0\u00a0 REJECT\u00a0\u00a0\u00a0\u00a0 all\u00a0 --\u00a0 0.0.0.0\/0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.0.0.0\/0\u00a0\u00a0 reject-with icmp-host\r\n\r\nChain OUTPUT (policy ACCEPT)\r\nnum\u00a0 target\u00a0\u00a0\u00a0\u00a0 prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/pre>\n
4. Sunucumuzda grafik aray\u00fczden firewall y\u00f6netim paneline eri\u015fmek i\u00e7in “System Administration>Firewall” yolunu izlemeliyiz.<\/span><\/p>\n
\"LinuxFirewall\"<\/a><\/p>\n
5. Sunucumuzda izinleri verebilmek ve gerekli yap\u0131land\u0131rmam\u0131z\u0131 yapabilmek i\u00e7in “iptables” komutunu kullan\u0131yoruz. Bununla ilgili bilgileri inceleyelim.<\/span><\/p>\n
-- Iptables Hedefleri<\/span>\r\n\r\nACCEPT \tPaketlerin ge\u00e7isine izin verilir.<\/span>\r\nDROP \tPaketlerin ge\u00e7i\u015fine izin verilmez.<\/span>\r\nREJECT \tPaketlerin eri\u015fimi reddedilir ve g\u00f6nderen bilgilendirilir.<\/span>\r\nRETURN \tZincirin sonuna g\u00f6nderilir.<\/span>\r\nQUEUE \tPaketler kullan\u0131c\u0131 alan\u0131na g\u00f6nderilir.<\/span>\r\n\r\n-- Iptables Parametreleri<\/span>\r\n\r\n-A Z\u0130NC\u0130R \tZincire kural ekler.<\/span>\r\n-E Z\u0130NC\u0130R \tZinciri yeniden adland\u0131r\u0131r.<\/span>\r\n-D Z\u0130NC\u0130R \tZincirden bir kural siler.<\/span>\r\n-D Z\u0130NC\u0130R \tZincirden belirtilen numaradaki kurali siler.<\/span>\r\n-L Z\u0130NC\u0130R \tBelirtilen zincirdeki kurallari g\u00f6sterir.<\/span>\r\n-E Z\u0130NC\u0130R \tZinciri yeniden adlandirir.<\/span>\r\n-l Z\u0130NC\u0130R \tZincirde belirtilen numaral\u0131 alana kural\u0131 ekler.<\/span>\r\n-R Z\u0130NC\u0130R \tZincirde kural\u0131n yerine ba\u015fkas\u0131n\u0131 koyar.<\/span>\r\n-R Z\u0130NC\u0130R \tZincirde belirtilen numaral\u0131 alana bir ba\u015fkas\u0131n\u0131 koyar.<\/span>\r\n-N Z\u0130NC\u0130R \tYeni bir zincir olu\u015fturur.<\/span>\r\n-X Z\u0130NC\u0130R \tKullan\u0131c\u0131n\u0131n ekledi\u011fi bir zinciri siler.<\/span>\r\n-F Z\u0130NC\u0130R \tZincirdeki kurallar\u0131n t\u00fcm\u00fcn\u00fc siler.<\/span>\r\n-P Z\u0130NC\u0130R \tZincire genel politika ekler.<\/span>\r\n\r\n-- Zincirler ( INPUT,OUTPUT,FORWARD ve POSTROUTING PREROUTING ) b\u00fcy\u00fck harflerle\r\nyaz\u0131l\u0131r.<\/span><\/pre>\n
6. Yukar\u0131daki “iptables” komut ve parametrelerini \u00f6rneklerle a\u00e7\u0131klayal\u0131m.<\/span><\/p>\n
-A \u2013append : Belirli bir zincirin sonuna bir kural eklemek i\u00e7in;<\/span>\r\n\r\n# iptables -A INPUT CHAIN_NAME<\/span>\r\n# iptables -A OUTPUT CHAIN_NAME<\/span>\r\n\r\n-D \u2013delete : Zinciri silmek i\u00e7in kullan\u0131lan komut; Silme i\u015flemi i\u00e7in ya zincir\r\nnumaras\u0131 belirtilir ya da kural\u0131n kendisi.<\/span>\r\n\r\n# iptables -D INPUT 1<\/span>\r\n# iptables -D INPUT --dport 80 -j DROP<\/span>\r\n\r\n-R \u2013replace : Mevcut zinciri de\u011fi\u015ftirmek i\u00e7in;<\/span>\r\n\r\n# iptables -R INPUT 1 -s 192.168.0.1 -j DROP<\/span>\r\n\r\n-I \u2014 insert : Genel zincir i\u00e7inde belirlenmi\u015f bir alana bir zincir daha eklemek\r\ni\u00e7in;<\/span>\r\n\r\n# iptables -I INPUT 1 --dport 80 -j ACCEPT<\/span>\r\n\r\n-L \u2013list : Kurallar\u0131 listeler;<\/span>\r\n\r\n-- Zincirdeki t\u00fcm kurallar\u0131 listelemek i\u00e7in<\/span>\r\n\r\n# iptables -L<\/span>\r\n\r\n-- Sadece INPUT kurallar\u0131n\u0131 listelemek i\u00e7in<\/span>\r\n\r\n# iptables -L INPUT<\/span>\r\n\r\n-F \u2013flush : Zincirdeki t\u00fcm kurallar\u0131 siler;<\/span>\r\n\r\n-- INPUT zincirindeki t\u00fcm kurallar\u0131 silmek i\u00e7in<\/span>\r\n\r\n# iptables -F INPUT<\/span>\r\n\r\n-- T\u00fcm kurallar\u0131 silmek i\u00e7in<\/span>\r\n\r\n# iptables -F<\/span>\r\n\r\n-N \u2013new-chain : Yeni bir zincir olu\u015fturur<\/span>\r\n\r\n# iptables -N CHAIN_NAME<\/span>\r\n\r\n-X \u2013delete-chain : Bir zinciri siler.<\/span>\r\n\r\n-- Belli bir zinciri silmek i\u00e7in<\/span>\r\n\r\n# iptables -X CHAIN_NAME<\/span>\r\n\r\n-- T\u00fcm zincirleri silmek i\u00e7in<\/span>\r\n\r\n# iptables -X<\/span>\r\n\r\n-P \u2013policy : Kernelin bir zincirdeki kurala kar\u015f\u0131l\u0131k hangi hareket tarz\u0131n\u0131\r\ng\u00f6stermesi gerekti\u011fini s\u00f6yler ACCEPT, REJECT, DROP ...<\/span>\r\n\r\n# iptables -P INPUT DROP<\/span>\r\n\r\n-- ! karakteri ile belirli bir kural i\u00e7erinde ayr\u0131cal\u0131k olu\u015fturabilir;\r\n\u00d6rne\u011fin t\u00fcm gelen tcp ba\u011flant\u0131lar\u0131n\u0131 engellemek ama 192.168.2.130 numaral\u0131\r\nIP\u2019ye ayr\u0131cal\u0131k tan\u0131mak istiyoruz<\/span>\r\n\r\n# iptables -A INPUT -p tcp --source ! 192.168.2.130 -j DROP<\/span>\r\n\r\n-p \u2013protocol : Kuralda kullan\u0131lacak protokol tipini belirtir: tcp, udp, icmp, all\r\n\u00d6rne\u011fin t\u00fcm icmp trafi\u011fini engellemek i\u00e7in.<\/span>\r\n\r\n# iptables -A INPUT -p icmp -j DROP<\/span>\r\n\r\n-s \u2013source : Kaynak adresini belirtmek i\u00e7in kullan\u0131l\u0131r.\r\n\u00d6rne\u011fin 192.168.2.130 numaral\u0131 ipden gelen t\u00fcm tcp trafi\u011fini kabul etmek i\u00e7in.<\/span>\r\n\r\niptables -A INPUT -p tcp -s 192.168.2.130 -j ACCEPT<\/span>\r\n\r\n-d \u2013destination : Var\u0131\u015f adresini belirler.\r\n\u00d6rne\u011fin 192.168.2.130 numaral\u0131 ipye tcp trafi\u011fi i\u00e7in port y\u00f6nlendirmesi yap\u0131lacaksa<\/span>\r\n\r\n# iptables -A FORWARD -p tcp -d 192.168.2.130 -j ACCEPT<\/span>\r\n\r\n-i \u2013in-interface : Belirli bir a\u011f aray\u00fcz\u00fcn\u00fcn gelen ba\u011flant\u0131lar\u0131 i\u00e7in belirli bir\r\nkural\u0131 uygulama (Sadece INPUT, FORWARD ve PREROUTING). \u00d6rne\u011fin eth0 ayg\u0131t\u0131nda t\u00fcm\r\ngelen icmp trafi\u011fini engellemek i\u00e7in<\/span>\r\n\r\n# iptables -A INPUT -p icmp -i eth0 -j DROP<\/span>\r\n\r\n-o \u2013out-interface : Belirli bir a\u011f aray\u00fcz\u00fcn\u00fcn giden ba\u011flant\u0131lar\u0131 i\u00e7in belirli\r\nbir kural\u0131 uygulama (Sadece OUTPUT, FORWARD ve PREROUTING). \u00d6rne\u011fin eth0 ayg\u0131t\u0131nda\r\nt\u00fcm giden icmp trafi\u011fini engellemek i\u00e7in<\/span>\r\n\r\n# iptables -A OUTPUT -p icmp -o eth0 -j DROP<\/span>\r\n\r\n\u2013sport \u2013source-port : Kaynak portu ya da s\u0131ra halindeki portlar\u0131 [1024:2042]\r\nbelirlemek i\u00e7in kullan\u0131l\u0131r. Birden fazla port belirtilcekse -m multiport parametresi\r\nkullan\u0131l\u0131r.<\/span>\r\n\r\n# iptables -A INPUT -p tcp --sport 80 -j ACCEPT<\/span>\r\n# iptables -A INPUT -p udp --sport 80 -j DROP<\/span>\r\n# iptables -A INPUT -p tcp -m multiport --sport 3128,21,1000 -j DROP<\/span>\r\n# iptables -A INPUT -p tcp --sport 1024:2042 -j ACCEPT<\/span>\r\n\r\n\u2013dport \u2013destination-port : S\u0131ra halindeki var\u0131\u015f portlar\u0131n\u0131 belirtmek i\u00e7in kullan\u0131l\u0131r.\r\nBirden fazla port belirtilcekse -m multiport parametresi kullan\u0131l\u0131r.<\/span>\r\n\r\n# iptables -A OUPUT -p tcp --dport 110 -j DROP<\/span>\r\n# iptables -A OUPUT -p udp --dport 110 -j DROP<\/span>\r\n# iptables -A OUPUT -p tcp -m multiport --dport 110,4242,119 -j DROP<\/span>\r\n# iptables -A OUPUT -p tcp --dport 4925:4633 -j ACCEPT<\/span>\r\n\r\n\u2013mac-source : MAC adresini belirtmek i\u00e7in kullan\u0131l\u0131r.\r\n\u00d6rne\u011fin 35:26:AA:35:26:AA MACadresinden gelen t\u00fcm trafi\u011fi engellemek i\u00e7in<\/span>\r\n\r\n# iptables -A INPUT --mac-source 35:26:AA:35:26:AA -j DROP<\/span>\r\n\r\n\u2013state : Belirli bir paket durumunun kar\u015f\u0131la\u015ft\u0131rmas\u0131 i\u00e7in kullan\u0131l\u0131r.\r\n(ESTABLISHED, NEW, INVALID, RELATED)<\/span>\r\n\r\n# iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT<\/span><\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT<\/span><\/span><\/pre>\n
7. Sunucumuzda a\u00e7\u0131klad\u0131\u011f\u0131m\u0131z firewall ayaralar\u0131 ile ilgili \u00f6rnek yap\u0131land\u0131rmalar yapal\u0131m.<\/span><\/p>\n
-- \u00d6n ayarl\u0131 kurallar\u0131n y\u00fcklenmesi (T\u00fcm a\u011f trafi\u011fini engeller)<\/span>\r\n\r\n# iptables -P INPUT DROP<\/span>\r\n# iptables -P OUTPUT DROP<\/span>\r\n# iptables -P FORWARD DROP<\/span>\r\n\r\n-- Loopback Adapter i\u00e7in izin ver<\/span>\r\n\r\n# iptables -A INPUT -i lo -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o lo -j ACCEPT<\/span>\r\n\r\n-- Web trafi\u011fine izin ver<\/span>\r\n\r\n# iptables -A INPUT -i eth0 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT<\/span>\r\n\r\n-- DNS sunucu hizmetine izin ver:<\/span>\r\n\r\n# iptables -A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT<\/span>\r\n# iptables -A INPUT -i eth0 -p tcp -m tcp --sport 53 -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT<\/span>\r\n\r\n-- FTP sunucu hizmetine izin ver<\/span>\r\n\r\n# iptables -A INPUT -i eth0 -p tcp -m tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT<\/span>\r\n# iptables -A INPUT -i eth0 -p tcp -m tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT<\/span>\r\n# iptables -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT<\/span>\r\n# iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT<\/span>\r\n\r\n-- Belirli bir ip i\u00e7in izin ver veya engelle:<\/span>\r\n\r\n-- \u0130zin vermek i\u00e7in<\/span>\r\n\r\n# iptables -A INPUT -s 192.168.2.130 -j ACCEPT<\/span>\r\n\r\n-- Engellemek i\u00e7in<\/span>\r\n\r\n# iptables -A INPUT -s 10.123.452.36 -j DROP\r\n\r\n-- \u00d6zetle TCP Portu a\u00e7mak i\u00e7in\r\n\r\n# iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport port_numaras\u0131 -j ACCEPT\r\n\r\n-- \u00d6zetle UDP Portu a\u00e7mak i\u00e7in\r\n\r\n# iptables -A TRUSTED -i eth0 -p udp -m udp --dport port_numaras\u0131 -j ACCEPT<\/span><\/pre>\n
8. Sunucular\u0131m\u0131z i\u00e7in bir firewall standart\u0131 olu\u015fturmak istiyorsak bunu bir script haline getirebilir ve sunucular\u0131m\u0131zda \u00e7al\u0131\u015ft\u0131rabiliriz. Olu\u015fturaca\u011f\u0131m\u0131z script ile firewall ayarlar\u0131m\u0131z\u0131 d\u00fczenleyebiliriz.<\/span><\/p>\n
-- Firewall scriptimizi olu\u015fturuyoruz ve a\u015fa\u011f\u0131daki i\u00e7eri\u011fi yaz\u0131yoruz.<\/span>\r\n\r\n# vim \/tmp\/firewall_config.sh<\/span>\r\n\r\n-- Script \u0130\u00e7eri\u011fimiz<\/span>\r\n\r\n#!\/bin\/bash<\/span>\r\n\r\n# A\u011f Segmentimiz<\/span>\r\nLAN=192.168.2.1\/24<\/span>\r\n\r\n# IP Adresimiz<\/span>\r\nOWNIP=192.168.1.2<\/span>\r\n\r\n# T\u00fcm firewall ayarlar\u0131n\u0131 sil<\/span>\r\niptables -F<\/span>\r\niptables -X<\/span>\r\n\r\n# \u00d6n tan\u0131ml\u0131 ayarlar\u0131 geri y\u00fckle. T\u00fcm ba\u011flant\u0131lar\u0131 kabul et<\/span>\r\niptables -P INPUT ACCEPT<\/span>\r\niptables -P OUTPUT ACCEPT<\/span>\r\niptables -P FORWARD ACCEPT<\/span>\r\n\r\n# Yeni iki zincir olu\u015ftur<\/span>\r\niptables -N FIREWALL<\/span>\r\niptables -N TRUSTED<\/span>\r\n\r\n# ESTABLISHED ve RELATED gelen ba\u011flant\u0131lara izin ver<\/span>\r\niptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<\/span>\r\n\r\n# Loopback trafi\u011fine izin ver<\/span>\r\niptables -A FIREWALL -i lo -j ACCEPT<\/span>\r\n\r\n# G\u00f6nderilen t\u00fcm paketleri TRUSTED zincirine yolla<\/span>\r\niptables -A FIREWALL -j TRUSTED<\/span>\r\n\r\n# Di\u011fer t\u00fcm paketleri engelle<\/span>\r\niptables -A FIREWALL -j DROP<\/span>\r\n\r\n# T\u00fcm gelen INPUT paketleri FIREWALL zincirine yolla<\/span>\r\niptables -A INPUT -j FIREWALL<\/span>\r\n\r\n# T\u00fcm forward edilmi\u015f paketleri engelle<\/span>\r\niptables -A FORWARD -j DROP<\/span>\r\n\r\n# samba (Netbios'suz)<\/span>\r\niptables -A TRUSTED -i eth1 -p tcp -m tcp -s $LAN --dport 445 -j ACCEPT<\/span>\r\n\r\n# Samba (Netbios)<\/span>\r\niptables -A TRUSTED -i eth1 -p udp -m udp -s $LAN --dport 137:139 -j ACCEPT<\/span>\r\niptables -A TRUSTED -i eth1 -p udp -m udp --sport 137:138 -j ACCEPT<\/span>\r\n\r\n# Sonu\u00e7 mesaj\u0131<\/span>\r\necho \" [Iptables kurallar\u0131 uyguland\u0131] \"<\/span>\r\n\r\n-- Script dosyam\u0131z\u0131n \u00e7al\u0131\u015fma izinlerini d\u00fczenliyoruz.<\/span>\r\n\r\n# chmod u+x \/tmp\/firewall_config.sh<\/span>\r\n\r\n-- Scriptimizi \u00e7al\u0131\u015ft\u0131rmak i\u00e7in<\/span>\r\n\r\n# \/tmp\/firewall_config.sh<\/span><\/pre>\n
Linux Firewall (iptables) ile ilgili inceleyceklerimiz bu kadar genelde s\u0131k kullan\u0131lan yap\u0131land\u0131rmalar\u0131 inceledik. Yukar\u0131daki \u00f6rneklerle kendi sunucu ve a\u011f yap\u0131m\u0131za g\u00f6re firewall yap\u0131land\u0131rmam\u0131z\u0131 yapabiliriz. Sunucular\u0131m\u0131zda Oracle Veritaban\u0131 Y\u00f6netim Sistemi kullanacaksak Oracle varsay\u0131lan olarak firewall servisinin sorun \u00e7\u0131kmamas\u0131 a\u00e7\u0131s\u0131ndan “disabled” durumda olmas\u0131n\u0131 \u00f6nermektedir. Yukar\u0131daki i\u015flemler “Red Hat Enterprise Linux 6.x” i\u015fletim sisteminde test edilmi\u015ftir. Oracle Enterprise Linux 6.x ve CentOS 6.x gibi Red Hat t\u00fcrevi i\u015fletim sistemlerinde yap\u0131land\u0131rmalar\u0131m\u0131z benzerdir.<\/span><\/p>\n
Ba\u015fka bir makalede g\u00f6r\u00fc\u015fmek \u00fczere\u2026<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
Bu makalemizde Linux i\u015fletim sistemleri ile entegre gelen iki g\u00fcvenlik eklentisi olan “Linux Firewall (Iptables)” yaz\u0131l\u0131m\u0131n\u0131 inceleyece\u011fiz. Linux Firewall (Iptables) Nedir ? Iptables netfilter tak\u0131m\u0131 ve bir\u00e7ok destekleyici taraf\u0131ndan geli\u015ftirilen g\u00fcvelik duvar\u0131 yaz\u0131l\u0131m\u0131d\u0131r. Linux \u00e7ekirde\u011fiyle konu\u015farak paket s\u00fczme kurallar\u0131n\u0131 belirler. … Okumaya devam et →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[21,290,20,19,409,410,400,398,411,412,519],"class_list":["post-3642","post","type-post","status-publish","format-standard","hentry","category-unix-linux","tag-h-koray-gunduz","tag-halil-koray-gunduz","tag-koray-gunduz","tag-koraykey","tag-linux-firewall-ayarlari","tag-linux-firewall-kullanimi","tag-linux-firewall-kurulumu","tag-linux-iptables","tag-linux-iptables-ayarlari","tag-linux-iptables-kullanimi","tag-linux-iptables-kurulumu"],"_links":{"self":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/3642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3642"}],"version-history":[{"count":0,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=\/wp\/v2\/posts\/3642\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.koraykey.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}