[B! iptables] KGAã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

KGA id:KGA

iptablesã«é–¢ã™ã‚‹KGAã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (6)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

JavaScript is not available.
Some privacy related extensions may cause issues on x.com. Please disable them and try again.
KGA 2010/12/21
centos

linux

iptables
ãƒªãƒ³ã‚¯
[twitter] ä»Šå¹´ã®ä¸€æ–‡å—, [redis][iptables] redis ã¨ iptables ã§ã¯ã¾ã£ãŸã¨ã„ã†è©± - HsbtDiary(2010-11-06)
â– [twitter] ä»Šå¹´ã®ä¸€æ–‡å— ä»Šå¹´ä¸€ç•ªã¤ã¶ã‚„ã„ãŸã®ã¯å¦»ã ã£ãŸã€‚æ¯Žæ—¥å¼å½“ã‚¿ã‚¤ãƒ ã¨ãã®ä»–ã§ã¤ã¶ã‚„ã„ã¦ã„ã‚‹ã‹ã‚‰ãã‚Šã‚ƒãã†ã ã‚ˆãªãƒ¼ã¨ã„ã†çµæžœã€‚ä»–ã«ã¯ç€å¸ã¨ã‹ä¼šç¤¾ã¨ã‹ã€‚ â– [redis][iptables] redis ã¨ iptables ã§ã¯ã¾ã£ãŸã¨ã„ã†è©± redis ã®ç’°å¢ƒã‚’æ§‹ç¯‰ã—ã¦ã„ã¦ã€ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã¯ç„¡äº‹çµ‚ã‚ã£ãŸã‚‚ã®ã® resque ã® worker ãŒ timeout ã—ã¦æ»ã‚“ã§ã—ã¾ã£ãŸã‚Šã€redis-cli ã‚’å©ã„ã¦ã‚‚ãªã«ã‚‚èµ·ããªã„ç¾è±¡ãŒç™ºç”Ÿã—ã¦ã„ã¦æ•°æ™‚é–“ã¯ã¾ã£ã¦ã„ãŸã‚“ã ã‘ã©ã€iptables ã§ TCP port 6379 ã‚’é–‹ã‘ã¦ã„ãªã„ã®ãŒåŽŸå› ã ã£ãŸã€‚ã¨ã»ã»ã€‚ çµå±€ã€ä¸‹ã®ã‚ˆã†ã« 6379 ãƒãƒ¼ãƒˆã‚’é–‹ã‘ã‚‹ã“ã¨ã§ã ã„ãŸã„å…¨éƒ¨ãŒå‹•ãã‚ˆã†ã«ãªã£ãŸã€‚ iptables -A INPUT -p tcp --dport 6379 -j ACCEPT æ™®æ®µã“ã®è¾ºã¯æ„è˜ã—ãªã„ã‹ã‚‰é›£ã—ã„ã‚‚ã‚“ã
KGA 2010/11/07
iptables
ãƒªãƒ³ã‚¯
é€£è¼‰è¨˜äº‹ ã€Œç¿’ã†ã‚ˆã‚Šæ…£ã‚Œã‚ï¼ iptablesãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆé›†ã€
ã‚¹ãƒ†ãƒ¼ãƒˆãƒ•ãƒ«ãƒ‘ã‚±ãƒƒãƒˆãƒ•ã‚£ãƒ«ã‚¿ã‚’ä½¿ã£ãŸã‚µãƒ¼ãƒ“ã‚¹ã®å…¬é–‹ é€£è¼‰ï¼šç¿’ã†ã‚ˆã‚Šæ…£ã‚Œã‚ï¼ iptablesãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆé›†ï¼ˆ1ï¼‰ã€€åˆå¿ƒè€…ã«ã¨ã£ã¦ã€iptablesã¯é›£ã—ã„ã€‚ãã“ã§ã€å¦ç¿’ã®ç¬¬1æ©ã¨ã—ã¦ãƒ†ãƒ³ãƒ—ãƒ¬ãƒ¼ãƒˆã‚’è‡ªåˆ†ã®ç’°å¢ƒã«é©å¿œã•ã›ã‚‹ã“ã¨ã‹ã‚‰å§‹ã‚ã‚ˆã†
KGA 2010/10/28
iptables
ãƒªãƒ³ã‚¯
(ã²)ãƒ¡ãƒ¢ - ipt_recent
è£œè¶³ï¼šã„ã¾ãªã‚‰recentã˜ã‚ƒãªãã¦hashlimitã‚’ä½¿ã£ãŸæ–¹ãŒã‚ˆã•ã’ã€‚ ä»¥ä¸‹ã®æ–‡ç« ã¯recentã«ã¤ã„ã¦ãªã®ã§ã€hashlimitã«ã¤ã„ã¦è¿½è¨˜ã—ãŸ id:hirose31:20060421 ã‚’è¦‹ã¦ã‚‚ã‚‰ã£ãŸæ–¹ãŒã„ã„ã¨æ€ã†ã™ã€‚ SSHã®brute forceã‚¢ã‚¿ãƒƒã‚¯ãŒã†ã–ã„ã®ã§ã€iptablesã§æ‚ªã„åã¯DROPã™ã‚‹ã‚ˆã†ã«ã™ã‚‹ã€‚ OpenSSHã®ãƒã‚°ã‚’ã¿ã¦ã€ ä¸€å®šæ™‚é–“ã«ä¸€å®šå›žæ•°é€£ç¶šã§ã‚¢ã‚¯ã‚»ã‚¹ã«å¤±æ•—ã—ã¦ã„ã‚‹ã‚„ã¤ã¯DROPã™ã‚‹ã‚ˆã†ã«ã—ã¦ã€ atã§ç„¶ã‚‹ã¹ãæ™‚é–“ãŒçµŒã£ãŸã‚‰è§£é™¤ã™ã‚‹ã‚ˆã†ã« ã—ã‚ˆã†ã‹ãªãã¨æ€ã£ãŸã‚‰ã€iptablesã«ã¯ipt_recentãªã‚“ã¦ä¾¿åˆ©ãŒã‚‚ã®ãŒã‚ã‚‹ã®ãŒã‚ã‹ã£ãŸã€‚ Debian GNU/Linux 3.1(sarge)é‹ç”¨ãƒŽãƒ¼ãƒˆ SuSE Security mailinglist: Re: [suse-security] SSH attacks. iptables(8) â†‘ã‚’
KGA 2008/10/06
iptables
ãƒªãƒ³ã‚¯
ã¯ã¦ãªãƒ–ãƒã‚° | ç„¡æ–™ãƒ–ãƒã‚°ã‚’ä½œæˆã—ã‚ˆã†
2025å¹´å¤ãƒ»æ—…è¡Œã«ç€ã¦è¡Œã£ãŸã‚‚ã®æŒã£ã¦è¡Œã£ãŸã‚‚ã®ï¼ˆåå¤å±‹ã€œä¼Šå‹¢ä¸€æ³ŠäºŒæ—¥ï¼‰ æ¯Žå¹´ã€æ—…è¡Œã«ä½•ã‚’æŒã£ã¦è¡Œã£ãŸã®ã‹å¿˜ã‚Œã¦ã—ã¾ã†ã€‚æ—…è¡Œã®ãƒ‘ãƒƒã‚ãƒ³ã‚°ã¯è‹¦æ‰‹ã ã—ã€ãã‚‚ãã‚‚ä½•ã‚’ç€ã¦è¡Œã£ãŸã‚‰è‡ªåˆ†ãŒå¿«é©ã§æ¥½ã—ã„ã®ã‹ï¼Ÿã‚‚ã‚ã‹ã‚‰ãªã„ã€‚ã—ã‹ã‚‚ãã‚ŒãŒå¤ã®æ—…è¡Œãªã‚‰å°šæ›´ã ã€‚æ±—ã¨æš‘ã•ã§ã©ã†ã«ã‹ãªã‚Šãã†ã«ãªã‚‹ã€‚ãªã®ã§ã€ä¸€å¿œæ›¸ã„ã¦ãŠãã“ã¨ã«ã—ãŸã€‚æ¥å¹´ç§ãŒæ—…è¡Œâ€¦
KGA 2008/10/06
iptables
ãƒªãƒ³ã‚¯
ã¯ã¦ãªãƒ–ãƒã‚° | ç„¡æ–™ãƒ–ãƒã‚°ã‚’ä½œæˆã—ã‚ˆã†
ï¼ˆå¨˜ï¼•æ³ï¼˜ãƒ¶æœˆï¼‰å¨˜ã®å¥½ç‰©ã¨å¹´é•·ã•ã‚“ï¼‘å¦æœŸã®ãŠå¼å½“è¨˜éŒ² å¨˜ã‚’ãŸã å¾®ç¬‘ã¾ã—ãè¦‹ã¤ã‚ã¦ã„ãŸã ã‘ãªã®ã«â€¦â€¦ï¼ˆå¤«ï¼‰ ã“ã£ã“ã®æœ€è¿‘ã®å¥½ç‰©ã¯ã€Œã«ã‚“ã˜ã‚“ã—ã‚Šã—ã‚Šã€ã¨ç´è±†ã‚’æ··ãœã¦é£Ÿã¹ã‚‹ã“ã¨ã€‚ æˆ‘ãŒå®¶ã®ã—ã‚Šã—ã‚Šï¼†ç´è±†å¥½ãã¨ã„ãˆã°ã¾ãšå¤«ã§ã™ãŒã€å¤«ã¯åµå…¥ã‚Šã®ã—ã‚Šã—ã‚ŠãŒå¥½ãã§ã€ã“ã£ã“ã¯ã«ã‚“ã˜ã‚“ã¨ãƒ„ãƒŠã®ã—ã‚Šã—ã‚ŠãŒå¥½ãã€‚ã‚ãŸã—ã¯ã©ã£ã¡â€¦
KGA 2008/10/06
iptables
ãƒªãƒ³ã‚¯
1