Experimental steps:
[Teaching Resource Category]
Serial number |
Category |
Tick√ |
1 |
Learning Resources |
√ |
2 |
Individual soldier mode competition question resources |
|
3 |
Group competition question resources |
[Teaching resource name]
Firewall security configuration – configure security settings iptables firewall policy
[Teaching Resource Classification]
First level category |
Second level categories |
Tick√ |
1.Safety standards |
laws and regulations |
|
Industry Standard |
||
safety consciousness |
||
Emergency Response |
||
assess safety |
||
2. System security |
Windows operating system security configuration |
|
Linux operating system security configuration |
√ |
|
3. Cybersecurity |
Network equipment security |
|
Network protocol analysis |
||
4. Application security |
Web application security |
|
Database security |
||
Middleware application security |
||
Application layer protocol analysis |
||
Mobile application security |
||
VPN application |
||
Malicious code analysis |
||
5. Cryptozoology |
Principles of cryptography |
|
cryptography applications |
||
6. Penetration testing |
Common tool |
|
Scripting |
||
Report writing |
[Difficulty Description]
Serial number |
Difficulty level |
Tick√ |
1 |
Simple |
|
2 |
generally |
√ |
3 |
difficulty |
|
4 |
extremely difficult |
[Background description]
XX Company, in order to strengthen the server construction, built an internal server for the construction of its own website. Xiao Wang is the new server administrator of the company and is responsible for the management of the server.
The enterprise network currently has the following requirements:
Control the configuration of the Linux firewall to allow local addresses to be accessed, allow local access to the external network, allow port 80 to be accessed, and deny access to unauthorized services and addresses.
[Practical training equipment]
Product number |
Product Description |
quantity |
PY-P8 |
Training room safety and application environment training platform |
1 |
【Preliminary knowledge】
A firewall system refers to a combination of a series of components set up between different networks (such as a trusted intranet and an untrusted public network) or network security domains. It can achieve network security protection by monitoring, restricting, and changing the data flow across the firewall, and shielding the information, structure, and operating status of the network from the outside as much as possible. Logically, it is a splitter, a limiter, and an analyzer, effectively monitoring any activities between the intranet and the Internet and ensuring the security of the internal network.
【Experimental steps】
Network topology: centos6.8
centos6.8
User: root
Password: 123456
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Experimental operation
Enter “iptables -L -n -v” in the terminal to view all firewall configurations
iptables -L -n -v
Enter “iptables -F” in the terminal to clear all firewall configurations
iptables -F
Configure firewall policy as follows
Iptables –A INPUT –s 127.0.0.1 –j ACCEPT allows local addresses to be accessed Iptables –A OUTPUT –j ACCEPT allows local access to the external network Iptables –A INPUT –p tcp –dport 80 –j ACCEPT allows port 80 to be accessed Iptables –A INPUT –j REJECT Unauthorized services and addresses are denied access
View configuration completion parameters:
Configure the firewall ban address policy, the configuration is as follows
Iptables –l INPUT –S 192.168.248.1 –j DROP prohibits access to 192.168.248.1 Iptables –l INPUT –S 192.168.1.0/24 –j DROP prohibits access to 192.168.1.0-192.168.1.254
Enter “iptables -D INPUT 4” in the terminal to delete the fourth rule in the firewall policy.
(When I deleted the fourth rule here, I was prompted to save the protection wall configuration and delete the index. So I just deleted the second rule. The principle is the same)
Enter “/etc/re.d/init.d/iptables save” in the terminal to save the protection wall configuration. Enter “service iptables restart” to restart the firewall so that its rules take effect.
/etc/re.d/init.d/iptables save service iptables restart
When the experiment is over, shut down the virtual machine.
The knowledge points of the article match the official knowledge files, and you can further learn related knowledge. Network Skill TreeHomepageOverview 41841 people are learning the system