网络技术是从1990年代中期发展起来的新技术,它把互联网上分散的资源融为有机整体,实现资源的全面共享和有机协作,使人们能够透明地使用资源的整体能力并按需获取信息。资源包括高性能计算机、存储资源、数据资源、信息资源、知识资源、专家资源、大型数据库、网络、传感器等。 当前的互联网只限于信息共享,网络则被认为是互联网发展的第三阶段。 什么才是软路由防火墙呢?如何进行软路由防火墙的配置呢?也许很多人还不是特别的了解,其实软路由防火墙的主要作用就是保证我们的网络安全,阻止黑客、病毒以及其他潜在的网络危害,下面我们就介绍一下软路由防火墙策略的配置语句。
- add chain=input connection-state=established action=accept \
- comment="Established connections" disabled=no
- add chain=input connection-state=related action=accept comment="Related \
- connections" disabled=no
- add chain=input connection-state=invalid action=drop comment="Drop invalid \
- connections" disabled=no
- add chain=input action=jump jump-target=viruses comment="!!!Viruse \
- detection!!!" disabled=no
- add chain=input protocol=udp action=accept comment="UDP protocol" disabled=no
- add chain=input protocol=icmp action=accept comment="ICMP protocol" \
- disabled=no
- add chain=input src-address=192.168.1.0/24 action=accept comment="From local \
- netword 192.168.1.0/24" disabled=no
- add chain=input protocol=tcp dst-port=1723 action=accept comment="Allow PPTP" \
- disabled=no
- add chain=input protocol=gre action=accept comment="" disabled=no
- add chain=input protocol=tcp dst-port=21 action=accept comment="Allow \
- FTP,SSH,TELNET,WEB,WINBOX to router" disabled=no
- add chain=input protocol=tcp dst-port=22 action=accept comment="" disabled=no
- add chain=input protocol=tcp dst-port=23 action=accept comment="" disabled=no
- add chain=input protocol=tcp dst-port=80 action=accept comment="" disabled=no
- add chain=input protocol=tcp dst-port=8291 action=accept comment="" \
- disabled=no
- add chain=input protocol=tcp dst-port=9998 action=accept comment="Allow \
- digital video recorder TCP:9998 UDP:9998" disabled=no
- add chain=input protocol=udp dst-port=9998 action=accept comment="" \
- disabled=no
- add chain=input action=drop comment="Drop everything else" disabled=no
- add chain=forward connection-state=established action=accept \
- comment="Established connections" disabled=no
- add chain=forward connection-state=related action=accept comment="Related \
- connections" disabled=no
- add chain=forward connection-state=invalid action=drop comment="Drop invalid \
- connections" disabled=no
- add chain=forward action=jump jump-target=viruses comment="!!!Viruse \
- detection!!!" disabled=no
- add chain=forward protocol=udp action=accept comment="UDP protocol" \
- disabled=no
- add chain=forward protocol=icmp action=accept comment="ICMP protocol" \
- disabled=no
- add chain=forward src-address=192.168.1.0/24 action=accept comment="From local \
- netword 192.168.1.0/24" disabled=no
- add chain=forward action=drop comment="Drop everything else" disabled=no
- add chain=output connection-state=established action=accept \
- comment="Established connections" disabled=no
- add chain=output connection-state=related action=accept comment="Related \
- connections" disabled=no
- add chain=output connection-state=invalid action=drop comment="Drop invalid \
- connections" disabled=no
- add chain=viruses protocol=tcp dst-port=135-139 action=drop comment="Drop port \
- TCP/UDP 135-139" disabled=no
- add chain=viruses protocol=udp dst-port=135-139 action=drop comment="" \
- disabled=no
-
网络的神奇作用吸引着越来越多的用户加入其中,正因如此,网络的承受能力也面临着越来越严峻的考验―从硬件上、软件上、所用标准上......,各项技术都需要适时应势,对应发展,这正是网络迅速走向进步的催化剂。
|