Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung |
tachtler:centos_8_-_iptables [2019/12/28 07:50] – [Installation: iptables] klaus | tachtler:centos_8_-_iptables [2020/04/25 10:24] (aktuell) – [iptables] klaus |
---|
===== Installation: iptables ===== | ===== Installation: iptables ===== |
| |
Mit nachfolgendem Befehl, kann nun die Installation des ''rpm''-Pakets für das **__externe Repository__** von [[http://repo.mailserver.guru/|http://repo.mailserver.guru]] durchgeführt werden: | Zur Installation von ''iptables'' wird nachfolgendes Paket benötigt: |
| * **''iptables''** - Eigentliches Paket |
| **__Optional__**, kann noch nachfolgendes Paket ebenfalls installiert werden: |
| * **''iptables-services''** - Minimalregelsatz an **''iptables''**-Regeln |
| |
| Mit nachfolgendem Befehl, wird das ''rpm''-Paket - ''iptables'' installiert: |
<code> | <code> |
# dnf install iptables | # dnf install iptables |
| Last metadata expiration check: 0:35:29 ago on Sat Dec 28 07:20:38 2019. |
| Package iptables-1.8.2-9.el8.x86_64 is already installed. |
| Dependencies resolved. |
| ================================================================================ |
| Package Arch Version Repository Size |
| ================================================================================ |
| Upgrading: |
| iptables x86_64 1.8.2-9.el8_0.1 BaseOS 582 k |
| iptables-ebtables x86_64 1.8.2-9.el8_0.1 BaseOS 67 k |
| iptables-libs x86_64 1.8.2-9.el8_0.1 BaseOS 97 k |
| |
| Transaction Summary |
| ================================================================================ |
| Upgrade 3 Packages |
| |
| Total download size: 747 k |
| Is this ok [y/N]: y |
| Downloading Packages: |
| (1/3): iptables-ebtables-1.8.2-9.el8_0.1.x86_64 52 kB/s | 67 kB 00:01 |
| (2/3): iptables-libs-1.8.2-9.el8_0.1.x86_64.rpm 75 kB/s | 97 kB 00:01 |
| (3/3): iptables-1.8.2-9.el8_0.1.x86_64.rpm 349 kB/s | 582 kB 00:01 |
| -------------------------------------------------------------------------------- |
| Total 274 kB/s | 747 kB 00:02 |
| warning: /var/cache/dnf/BaseOS-929b586ef1f72f69/packages/iptables-1.8.2-9.el8_0.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY |
| CentOS-8 - Base 1.6 MB/s | 1.6 kB 00:00 |
| Importing GPG key 0x8483C65D: |
| Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>" |
| Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D |
| From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
| Is this ok [y/N]: y |
| Key imported successfully |
| Running transaction check |
| Transaction check succeeded. |
| Running transaction test |
| Transaction test succeeded. |
| Running transaction |
| Preparing : 1/1 |
| Running scriptlet: iptables-libs-1.8.2-9.el8_0.1.x86_64 1/1 |
| Upgrading : iptables-libs-1.8.2-9.el8_0.1.x86_64 1/6 |
| Running scriptlet: iptables-1.8.2-9.el8_0.1.x86_64 2/6 |
| Upgrading : iptables-1.8.2-9.el8_0.1.x86_64 2/6 |
| Running scriptlet: iptables-1.8.2-9.el8_0.1.x86_64 2/6 |
| Upgrading : iptables-ebtables-1.8.2-9.el8_0.1.x86_64 3/6 |
| Running scriptlet: iptables-ebtables-1.8.2-9.el8_0.1.x86_64 3/6 |
| Running scriptlet: iptables-ebtables-1.8.2-9.el8.x86_64 4/6 |
| Cleanup : iptables-ebtables-1.8.2-9.el8.x86_64 4/6 |
| Running scriptlet: iptables-ebtables-1.8.2-9.el8.x86_64 4/6 |
| Cleanup : iptables-1.8.2-9.el8.x86_64 5/6 |
| Running scriptlet: iptables-1.8.2-9.el8.x86_64 5/6 |
| Cleanup : iptables-libs-1.8.2-9.el8.x86_64 6/6 |
| Running scriptlet: iptables-libs-1.8.2-9.el8.x86_64 6/6 |
| Verifying : iptables-1.8.2-9.el8_0.1.x86_64 1/6 |
| Verifying : iptables-1.8.2-9.el8.x86_64 2/6 |
| Verifying : iptables-ebtables-1.8.2-9.el8_0.1.x86_64 3/6 |
| Verifying : iptables-ebtables-1.8.2-9.el8.x86_64 4/6 |
| Verifying : iptables-libs-1.8.2-9.el8_0.1.x86_64 5/6 |
| Verifying : iptables-libs-1.8.2-9.el8.x86_64 6/6 |
| |
| Upgraded: |
| iptables-1.8.2-9.el8_0.1.x86_64 iptables-ebtables-1.8.2-9.el8_0.1.x86_64 |
| iptables-libs-1.8.2-9.el8_0.1.x86_64 |
| |
| Complete! |
</code> | </code> |
| |
Mit nachfolgendem Befehl kann überprüft werden, welcher Inhalt mit dem Paket installiert wurde. | Mit nachfolgendem Befehl, wird das ''rpm''-Paket - ''iptables-services'' installiert: |
<code> | <code> |
# rpm -qil | # dnf install iptables-services |
| Last metadata expiration check: 0:37:26 ago on Sat Dec 28 07:20:38 2019. |
| Dependencies resolved. |
| ================================================================================ |
| Package Arch Version Repository Size |
| ================================================================================ |
| Installing: |
| iptables-services x86_64 1.8.2-9.el8_0.1 BaseOS 58 k |
| |
| Transaction Summary |
| ================================================================================ |
| Install 1 Package |
| |
| Total download size: 58 k |
| Installed size: 20 k |
| Is this ok [y/N]: y |
| Downloading Packages: |
| iptables-services-1.8.2-9.el8_0.1.x86_64.rpm 51 kB/s | 58 kB 00:01 |
| -------------------------------------------------------------------------------- |
| Total 26 kB/s | 58 kB 00:02 |
| Running transaction check |
| Transaction check succeeded. |
| Running transaction test |
| Transaction test succeeded. |
| Running transaction |
| Preparing : 1/1 |
| Installing : iptables-services-1.8.2-9.el8_0.1.x86_64 1/1 |
| Running scriptlet: iptables-services-1.8.2-9.el8_0.1.x86_64 1/1 |
| Verifying : iptables-services-1.8.2-9.el8_0.1.x86_64 1/1 |
| |
| Installed: |
| iptables-services-1.8.2-9.el8_0.1.x86_64 |
| |
| Complete! |
</code> | </code> |
| |
| Mit nachfolgenden Befehlen kann überprüft werden, welche Inhalte mit den Paketen installiert wurden. |
| |
| Paket **iptables**: |
| <code> |
| # rpm -qil iptables |
| Name : iptables |
| Version : 1.8.2 |
| Release : 9.el8_0.1 |
| Architecture: x86_64 |
| Install Date: Sat Dec 28 07:56:19 2019 |
| Group : Unspecified |
| Size : 2050606 |
| License : GPLv2 and Artistic 2.0 and ISC |
| Signature : RSA/SHA256, Sat Aug 3 20:59:25 2019, Key ID 05b555b38483c65d |
| Source RPM : iptables-1.8.2-9.el8_0.1.src.rpm |
| Build Date : Mon Jul 1 17:42:13 2019 |
| Build Host : x86-02.mbox.centos.org |
| Relocations : (not relocatable) |
| Packager : CentOS Buildsys <bugs@centos.org> |
| Vendor : CentOS |
| URL : http://www.netfilter.org/ |
| Summary : Tools for managing Linux kernel packet filtering capabilities |
| Description : |
| The iptables utility controls the network packet filtering code in the |
| Linux kernel. If you need to set up firewalls and/or IP masquerading, |
| you should either install nftables or this package. |
| |
| Note: This package contains the nftables-based variants of iptables and |
| ip6tables, which are drop-in replacements of the legacy tools. |
| /etc/ethertypes |
| /etc/sysconfig/ip6tables-config |
| /etc/sysconfig/iptables-config |
| /usr/lib/.build-id |
| /usr/lib/.build-id/00 |
| /usr/lib/.build-id/00/af1c0049bac09aade1858197681a2296678c59 |
| /usr/lib/.build-id/01 |
| /usr/lib/.build-id/01/2b908f4df2eeed27aa14c7014f4dfa0e71d936 |
| /usr/lib/.build-id/02 |
| /usr/lib/.build-id/02/def005f3898311755cfda14a446465cc842b9c |
| /usr/lib/.build-id/03 |
| /usr/lib/.build-id/03/78cf3373f34033d043c08e4d1082aa931c4111 |
| /usr/lib/.build-id/03/99260f75120f759c8fcabce43779424c4bcdf3 |
| /usr/lib/.build-id/07 |
| /usr/lib/.build-id/07/05e806eec60a161bd054c4c6188e5c902fae58 |
| /usr/lib/.build-id/13 |
| /usr/lib/.build-id/13/b3fb9501849388d276d943cf0ce208c1014cc9 |
| /usr/lib/.build-id/14 |
| /usr/lib/.build-id/14/58a8cb9b17f29c463a9d91974f53e8eb912522 |
| /usr/lib/.build-id/15 |
| /usr/lib/.build-id/15/58ff18e6bbb40c87acb6f8cfb37b33a8bed781 |
| /usr/lib/.build-id/15/8acc84f283be0180433f0a526bf616fb7243f6 |
| /usr/lib/.build-id/16 |
| /usr/lib/.build-id/16/aef2faaecf629d77412bff1adeecf3ae741759 |
| /usr/lib/.build-id/18 |
| /usr/lib/.build-id/18/605760c0e73e2b0336933f689c0ab037b1f454 |
| /usr/lib/.build-id/1c |
| /usr/lib/.build-id/1c/b17bbd07d9fe39df45ee2fb1b6db46b955f0d3 |
| /usr/lib/.build-id/20 |
| /usr/lib/.build-id/20/ce55118a471be106c2da615f5208563d1eca6b |
| /usr/lib/.build-id/23 |
| /usr/lib/.build-id/23/b3ecb1feca7af3160f50aad8453a94121cc5e4 |
| /usr/lib/.build-id/24 |
| /usr/lib/.build-id/24/3dbce5592be8b2f9d25e85bd7c9fe8af2885a4 |
| /usr/lib/.build-id/26 |
| /usr/lib/.build-id/26/c6e513a6b876995a112f73d119bd7a4173845e |
| /usr/lib/.build-id/2d |
| /usr/lib/.build-id/2d/64899e25fab5d1f7bde96354505c23987a4ff2 |
| /usr/lib/.build-id/2f |
| /usr/lib/.build-id/2f/000730cff1233b13f1b504c437ef29992e3062 |
| /usr/lib/.build-id/30 |
| /usr/lib/.build-id/30/f992bfb201a909acb54182b154b08f5247fdd3 |
| /usr/lib/.build-id/31 |
| /usr/lib/.build-id/31/2e1c5e3c61f8dbd00f313e409bf4bedeaa9219 |
| /usr/lib/.build-id/34 |
| /usr/lib/.build-id/34/57a9bc4fe42cb15e242c032c089717191762d1 |
| /usr/lib/.build-id/35 |
| /usr/lib/.build-id/35/94a7288a4d712991abf9098bb61e0b497a1e90 |
| /usr/lib/.build-id/37 |
| /usr/lib/.build-id/37/1183ec123a23d7e938a35eb65387e296db441d |
| /usr/lib/.build-id/38 |
| /usr/lib/.build-id/38/1c1347d6888c9867ea4b9563e1bbb95f4215d8 |
| /usr/lib/.build-id/38/e3ea88d93dbb5f43786f0cdb0ee3aa5f2e1ab3 |
| /usr/lib/.build-id/3a |
| /usr/lib/.build-id/3a/daf68ca5ab0b130bad5e382cb70752e55bc7c8 |
| /usr/lib/.build-id/3e |
| /usr/lib/.build-id/3e/e33f0045e22f0f24762f837cda64e648ee3311 |
| /usr/lib/.build-id/3f |
| /usr/lib/.build-id/3f/cf9740e5164f237779005fe5c8f338cdd53459 |
| /usr/lib/.build-id/40 |
| /usr/lib/.build-id/40/13a21e88725cb913ea82fc47b40248907e6344 |
| /usr/lib/.build-id/40/3104689e6cd7ae594493a33b6f461c5fd5be9b |
| /usr/lib/.build-id/42 |
| /usr/lib/.build-id/42/148a337404dcd7b8f0b7b815e374f2ebd42eac |
| /usr/lib/.build-id/45 |
| /usr/lib/.build-id/45/5e6c02349672c47f11d15e33045e635a0bfd9f |
| /usr/lib/.build-id/48 |
| /usr/lib/.build-id/48/24e2ca1acda601644be34a8a543da29ede40a9 |
| /usr/lib/.build-id/4c |
| /usr/lib/.build-id/4c/3b5209d86fb7b5063775eef20a0a99274169bd |
| /usr/lib/.build-id/4d |
| /usr/lib/.build-id/4d/7e85aa937e28ef905011e3201cfcf613e51a6f |
| /usr/lib/.build-id/4d/bd2312da7ded34c8231998eddc62d17e7c761e |
| /usr/lib/.build-id/4f |
| /usr/lib/.build-id/4f/202c966ff120248e02597c4785be8e5e0e1766 |
| /usr/lib/.build-id/52 |
| /usr/lib/.build-id/52/3afd6cf2757df7ef1d0e30311837345b433c5f |
| /usr/lib/.build-id/54 |
| /usr/lib/.build-id/54/263be5bb11eef0b94596e2de822b73b9f662e6 |
| /usr/lib/.build-id/56 |
| /usr/lib/.build-id/56/53dade70551e986e356bffcee2def214fdb33a |
| /usr/lib/.build-id/57 |
| /usr/lib/.build-id/57/217ce3b4e143464160b0cde995f5a7f634a39f |
| /usr/lib/.build-id/5d |
| /usr/lib/.build-id/5d/d6b381b61005e289b6552dd930c745228866f5 |
| /usr/lib/.build-id/63 |
| /usr/lib/.build-id/63/0676bbe027ccef1ef7be12a15cd10615ca0918 |
| /usr/lib/.build-id/64 |
| /usr/lib/.build-id/64/413c4782063f449bf15abfd2399e67bb1521d7 |
| /usr/lib/.build-id/64/e2fcc77f87c84a9089e06b10947b79d12f3a84 |
| /usr/lib/.build-id/6a |
| /usr/lib/.build-id/6a/285e6733f948aeab74d246ced751a0199ee8ad |
| /usr/lib/.build-id/6b |
| /usr/lib/.build-id/6b/c8f29990003224ea51fe4f53ecb2e490df507e |
| /usr/lib/.build-id/6c |
| /usr/lib/.build-id/6c/a8341b3bd40ab758963f223df9636cc41f82ff |
| /usr/lib/.build-id/6f |
| /usr/lib/.build-id/6f/f987bf4b4c9d5021597e6078e232900d55ca6f |
| /usr/lib/.build-id/71 |
| /usr/lib/.build-id/71/5d0320a53479d1164cead0912c66da3b7ba363 |
| /usr/lib/.build-id/73 |
| /usr/lib/.build-id/73/9624e965faba662fc8dcfdabe31b8cbb4cea59 |
| /usr/lib/.build-id/76 |
| /usr/lib/.build-id/76/95d37db908a94b877f599c3e197fdf6c79dfbb |
| /usr/lib/.build-id/79 |
| /usr/lib/.build-id/79/fae68a9c1f296425163a452605b65ace9e8db5 |
| /usr/lib/.build-id/7b |
| /usr/lib/.build-id/7b/0114fed8b9372b94f328bbc53cfaf87f1bb97b |
| /usr/lib/.build-id/7e |
| /usr/lib/.build-id/7e/7e3199f20e8e1c9d3666b603fbc825b1922d06 |
| /usr/lib/.build-id/7f |
| /usr/lib/.build-id/7f/7a3de11dbc5ff61a667ac036d5196a7cd6294a |
| /usr/lib/.build-id/81 |
| /usr/lib/.build-id/81/ce8402f179a5ae105ce2520bb76523d5a76ca6 |
| /usr/lib/.build-id/82 |
| /usr/lib/.build-id/82/6fbb6f3d19d7e4ee6b64d34b0f4196fa1c6003 |
| /usr/lib/.build-id/82/7b1685a08100cc544e10f2adf8d95e2aad0c0e |
| /usr/lib/.build-id/82/84728101648eb317d12f93be80aae8b503ba7f |
| /usr/lib/.build-id/82/e23157c94f486eaf8699d7d239e4db06786d8a |
| /usr/lib/.build-id/83 |
| /usr/lib/.build-id/83/1785bcf0d3f19e81ff8cf846620331f351d50c |
| /usr/lib/.build-id/84 |
| /usr/lib/.build-id/84/d7e7d074cea2acbd947b9d89c1618f1b3c482d |
| /usr/lib/.build-id/87 |
| /usr/lib/.build-id/87/6c5430c0722e4ae2417e695643dff6603d5b9c |
| /usr/lib/.build-id/87/6c5430c0722e4ae2417e695643dff6603d5b9c.1 |
| /usr/lib/.build-id/89 |
| /usr/lib/.build-id/89/7d107124b8289734fb2c84532f855207b6f650 |
| /usr/lib/.build-id/8e |
| /usr/lib/.build-id/8e/5618272e7f3c0a2743071a919be371ffcdcf05 |
| /usr/lib/.build-id/8e/a6000e98a0815c651f4495481b37cc732efdbf |
| /usr/lib/.build-id/8f |
| /usr/lib/.build-id/8f/0c093ccc575aea81c5ade8a45eafd27a84cb25 |
| /usr/lib/.build-id/90 |
| /usr/lib/.build-id/90/79affc8b938972eb78bf140108ed1920475ae4 |
| /usr/lib/.build-id/90/88317df7eaddce9a55a21e2bbcc9c7c81ff032 |
| /usr/lib/.build-id/92 |
| /usr/lib/.build-id/92/cd0d7ac8d44bff71d5b556beb98440d9fae827 |
| /usr/lib/.build-id/95 |
| /usr/lib/.build-id/95/400c869aabf49d757d2fcd9b371acad73b5fc1 |
| /usr/lib/.build-id/99 |
| /usr/lib/.build-id/99/cfade847beb1cfdf98efc40359d51ca24c4626 |
| /usr/lib/.build-id/9c |
| /usr/lib/.build-id/9c/7574a172cac092a7508c422703a4820f1e24f9 |
| /usr/lib/.build-id/9c/eef5a0171ea162fd2585ad2850b0b5d55c1cc3 |
| /usr/lib/.build-id/9c/f9182c7e3fb023af6ebcd90fee1837f0c2d105 |
| /usr/lib/.build-id/9f |
| /usr/lib/.build-id/9f/7689c479b571b530085f220d797e82e6ce5212 |
| /usr/lib/.build-id/a1 |
| /usr/lib/.build-id/a1/7ee45e147c5019983d727a27ce574639c3ffc5 |
| /usr/lib/.build-id/a2 |
| /usr/lib/.build-id/a2/c8e08ec594ceece961bf21f087f7556d32b696 |
| /usr/lib/.build-id/a5 |
| /usr/lib/.build-id/a5/f8333d190301cf464ee2dc3a97f5265020f769 |
| /usr/lib/.build-id/a6 |
| /usr/lib/.build-id/a6/8a1fb1796e32873012f7e644c1dca23a4b91f8 |
| /usr/lib/.build-id/ab |
| /usr/lib/.build-id/ab/95150888236d39114c176dc2f50529f78e7a2e |
| /usr/lib/.build-id/ad |
| /usr/lib/.build-id/ad/bfeb27e603202adab8611aa2b257fab76bca7e |
| /usr/lib/.build-id/ae |
| /usr/lib/.build-id/ae/77eef0c339980f3a944a25cc86b0adbb7e2248 |
| /usr/lib/.build-id/b7 |
| /usr/lib/.build-id/b7/0fda1c8972e5910c56d7edef3756c97f573cde |
| /usr/lib/.build-id/b7/62dddc3b7e887432413266695bbfafe3dfc274 |
| /usr/lib/.build-id/b9 |
| /usr/lib/.build-id/b9/0049f173a7069974fb00440a2483c45c1e41ea |
| /usr/lib/.build-id/bf |
| /usr/lib/.build-id/bf/aecb6c98cc9725e2fef4fa22d58d5f84530a21 |
| /usr/lib/.build-id/c2 |
| /usr/lib/.build-id/c2/8dbbeb69967ee6a260feddb7370e0d42366407 |
| /usr/lib/.build-id/c4 |
| /usr/lib/.build-id/c4/af1ee310e63cf49f002e01b7face64a605eb8a |
| /usr/lib/.build-id/c7 |
| /usr/lib/.build-id/c7/c115eed909b1893c7ba6646360409d046f112f |
| /usr/lib/.build-id/c8 |
| /usr/lib/.build-id/c8/37a7163fa13c007b4492a74ce95747a0965424 |
| /usr/lib/.build-id/c8/9c9fefc5ae1227facceb3a86a4e6b07e0108cc |
| /usr/lib/.build-id/d6 |
| /usr/lib/.build-id/d6/27b175f4761b4172469a0c43e224d767b6c092 |
| /usr/lib/.build-id/d8 |
| /usr/lib/.build-id/d8/b075e104011215695391ba0e247002edd76d7e |
| /usr/lib/.build-id/d8/ea8569e570348ac6ef57f95cd6cb11450b6f23 |
| /usr/lib/.build-id/dc |
| /usr/lib/.build-id/dc/afdea46fea8fd118991592660cb9aa50069d20 |
| /usr/lib/.build-id/de |
| /usr/lib/.build-id/de/bf967fa59200ae0953a9f35a3cee31b853c06b |
| /usr/lib/.build-id/df |
| /usr/lib/.build-id/df/7f241b36383d952f6dab5c80557cc017d0f5dd |
| /usr/lib/.build-id/e1 |
| /usr/lib/.build-id/e1/71d20bd9d9b2353f9652673967e2370e6aa786 |
| /usr/lib/.build-id/e2 |
| /usr/lib/.build-id/e2/23a7dc2320d5a38bd4393af6849521578661b6 |
| /usr/lib/.build-id/e2/c489b0fe44d514919b372a65667a6f2dd94661 |
| /usr/lib/.build-id/e5 |
| /usr/lib/.build-id/e5/3d646bfc2850453acc2fe39a97e9da6b3266ef |
| /usr/lib/.build-id/e6 |
| /usr/lib/.build-id/e6/69f4e3cb068824c627f808c61602a652f3d166 |
| /usr/lib/.build-id/e6/dbdd6da138610335148ee3f3dca3f0b5ba67a0 |
| /usr/lib/.build-id/e7 |
| /usr/lib/.build-id/e7/eb338686a0a59bcd28acfdbc0db53efd500d98 |
| /usr/lib/.build-id/e9 |
| /usr/lib/.build-id/e9/49ad30e314d8f396bae5997ec30c133df7407b |
| /usr/lib/.build-id/e9/aac04c32de0417137f0d8719aba0fccff961af |
| /usr/lib/.build-id/e9/b20021911f9b24d8cd0093c9590ba0af562354 |
| /usr/lib/.build-id/eb |
| /usr/lib/.build-id/eb/f4e47386d414c804df53390ed7199449e6ac3d |
| /usr/lib/.build-id/ee |
| /usr/lib/.build-id/ee/2aeb765673ff822ee12a647c2e70d79599ceb4 |
| /usr/lib/.build-id/f0 |
| /usr/lib/.build-id/f0/a94dea84193814c86138c5feba17336acd07fd |
| /usr/lib/.build-id/f0/cb357f507c4e970ed73abbaffa270db2a5eb11 |
| /usr/lib/.build-id/f2 |
| /usr/lib/.build-id/f2/8efe790a401da02b23edd3fa02ce4b21c02a6c |
| /usr/lib/.build-id/f3 |
| /usr/lib/.build-id/f3/5f382af3e09a6dc8520986b5db3fd0a49058fa |
| /usr/lib/.build-id/f3/aa76517c9f2b39dbbedba0098188689479acd0 |
| /usr/lib/.build-id/f5 |
| /usr/lib/.build-id/f5/4ce85413e45caeb00d38e5a9897b2f119e834b |
| /usr/lib/.build-id/f5/529fd6ef77a0b37f3c21472e63c1206790bb5e |
| /usr/lib/.build-id/f6 |
| /usr/lib/.build-id/f6/e3a9713af5b3337e7f7e8125813eada0b4c800 |
| /usr/lib/.build-id/fa |
| /usr/lib/.build-id/fa/08cc8193c49bfe88b1d169a88e2e3af1b52ce6 |
| /usr/lib/.build-id/fa/08cc8193c49bfe88b1d169a88e2e3af1b52ce6.1 |
| /usr/lib/.build-id/fd |
| /usr/lib/.build-id/fd/8de8acac65c859584082b85e64d625ca5a4532 |
| /usr/lib/.build-id/fd/cb7e91dabc5734737fa201cb8bd4e04babfb32 |
| /usr/lib/.build-id/ff |
| /usr/lib/.build-id/ff/2855cf6daabe81aa0e82f9d30648265da2528b |
| /usr/lib64/xtables |
| /usr/lib64/xtables/libarpt_mangle.so |
| /usr/lib64/xtables/libebt_802_3.so |
| /usr/lib64/xtables/libebt_arp.so |
| /usr/lib64/xtables/libebt_arpreply.so |
| /usr/lib64/xtables/libebt_dnat.so |
| /usr/lib64/xtables/libebt_ip.so |
| /usr/lib64/xtables/libebt_ip6.so |
| /usr/lib64/xtables/libebt_log.so |
| /usr/lib64/xtables/libebt_mark.so |
| /usr/lib64/xtables/libebt_mark_m.so |
| /usr/lib64/xtables/libebt_nflog.so |
| /usr/lib64/xtables/libebt_pkttype.so |
| /usr/lib64/xtables/libebt_redirect.so |
| /usr/lib64/xtables/libebt_snat.so |
| /usr/lib64/xtables/libebt_stp.so |
| /usr/lib64/xtables/libebt_vlan.so |
| /usr/lib64/xtables/libip6t_DNAT.so |
| /usr/lib64/xtables/libip6t_DNPT.so |
| /usr/lib64/xtables/libip6t_HL.so |
| /usr/lib64/xtables/libip6t_LOG.so |
| /usr/lib64/xtables/libip6t_MASQUERADE.so |
| /usr/lib64/xtables/libip6t_NETMAP.so |
| /usr/lib64/xtables/libip6t_REDIRECT.so |
| /usr/lib64/xtables/libip6t_REJECT.so |
| /usr/lib64/xtables/libip6t_SNAT.so |
| /usr/lib64/xtables/libip6t_SNPT.so |
| /usr/lib64/xtables/libip6t_ah.so |
| /usr/lib64/xtables/libip6t_dst.so |
| /usr/lib64/xtables/libip6t_eui64.so |
| /usr/lib64/xtables/libip6t_frag.so |
| /usr/lib64/xtables/libip6t_hbh.so |
| /usr/lib64/xtables/libip6t_hl.so |
| /usr/lib64/xtables/libip6t_icmp6.so |
| /usr/lib64/xtables/libip6t_ipv6header.so |
| /usr/lib64/xtables/libip6t_mh.so |
| /usr/lib64/xtables/libip6t_rt.so |
| /usr/lib64/xtables/libip6t_srh.so |
| /usr/lib64/xtables/libipt_CLUSTERIP.so |
| /usr/lib64/xtables/libipt_DNAT.so |
| /usr/lib64/xtables/libipt_ECN.so |
| /usr/lib64/xtables/libipt_LOG.so |
| /usr/lib64/xtables/libipt_MASQUERADE.so |
| /usr/lib64/xtables/libipt_NETMAP.so |
| /usr/lib64/xtables/libipt_REDIRECT.so |
| /usr/lib64/xtables/libipt_REJECT.so |
| /usr/lib64/xtables/libipt_SNAT.so |
| /usr/lib64/xtables/libipt_TTL.so |
| /usr/lib64/xtables/libipt_ULOG.so |
| /usr/lib64/xtables/libipt_ah.so |
| /usr/lib64/xtables/libipt_icmp.so |
| /usr/lib64/xtables/libipt_realm.so |
| /usr/lib64/xtables/libipt_ttl.so |
| /usr/lib64/xtables/libxt_AUDIT.so |
| /usr/lib64/xtables/libxt_CHECKSUM.so |
| /usr/lib64/xtables/libxt_CLASSIFY.so |
| /usr/lib64/xtables/libxt_CONNMARK.so |
| /usr/lib64/xtables/libxt_CONNSECMARK.so |
| /usr/lib64/xtables/libxt_CT.so |
| /usr/lib64/xtables/libxt_DSCP.so |
| /usr/lib64/xtables/libxt_HMARK.so |
| /usr/lib64/xtables/libxt_IDLETIMER.so |
| /usr/lib64/xtables/libxt_LED.so |
| /usr/lib64/xtables/libxt_MARK.so |
| /usr/lib64/xtables/libxt_NFLOG.so |
| /usr/lib64/xtables/libxt_NFQUEUE.so |
| /usr/lib64/xtables/libxt_NOTRACK.so |
| /usr/lib64/xtables/libxt_RATEEST.so |
| /usr/lib64/xtables/libxt_SECMARK.so |
| /usr/lib64/xtables/libxt_SET.so |
| /usr/lib64/xtables/libxt_SYNPROXY.so |
| /usr/lib64/xtables/libxt_TCPMSS.so |
| /usr/lib64/xtables/libxt_TCPOPTSTRIP.so |
| /usr/lib64/xtables/libxt_TEE.so |
| /usr/lib64/xtables/libxt_TOS.so |
| /usr/lib64/xtables/libxt_TPROXY.so |
| /usr/lib64/xtables/libxt_TRACE.so |
| /usr/lib64/xtables/libxt_addrtype.so |
| /usr/lib64/xtables/libxt_bpf.so |
| /usr/lib64/xtables/libxt_cgroup.so |
| /usr/lib64/xtables/libxt_cluster.so |
| /usr/lib64/xtables/libxt_comment.so |
| /usr/lib64/xtables/libxt_connbytes.so |
| /usr/lib64/xtables/libxt_connlabel.so |
| /usr/lib64/xtables/libxt_connlimit.so |
| /usr/lib64/xtables/libxt_connmark.so |
| /usr/lib64/xtables/libxt_conntrack.so |
| /usr/lib64/xtables/libxt_cpu.so |
| /usr/lib64/xtables/libxt_dccp.so |
| /usr/lib64/xtables/libxt_devgroup.so |
| /usr/lib64/xtables/libxt_dscp.so |
| /usr/lib64/xtables/libxt_ecn.so |
| /usr/lib64/xtables/libxt_esp.so |
| /usr/lib64/xtables/libxt_hashlimit.so |
| /usr/lib64/xtables/libxt_helper.so |
| /usr/lib64/xtables/libxt_ipcomp.so |
| /usr/lib64/xtables/libxt_iprange.so |
| /usr/lib64/xtables/libxt_ipvs.so |
| /usr/lib64/xtables/libxt_length.so |
| /usr/lib64/xtables/libxt_limit.so |
| /usr/lib64/xtables/libxt_mac.so |
| /usr/lib64/xtables/libxt_mark.so |
| /usr/lib64/xtables/libxt_multiport.so |
| /usr/lib64/xtables/libxt_nfacct.so |
| /usr/lib64/xtables/libxt_osf.so |
| /usr/lib64/xtables/libxt_owner.so |
| /usr/lib64/xtables/libxt_physdev.so |
| /usr/lib64/xtables/libxt_pkttype.so |
| /usr/lib64/xtables/libxt_policy.so |
| /usr/lib64/xtables/libxt_quota.so |
| /usr/lib64/xtables/libxt_rateest.so |
| /usr/lib64/xtables/libxt_recent.so |
| /usr/lib64/xtables/libxt_rpfilter.so |
| /usr/lib64/xtables/libxt_sctp.so |
| /usr/lib64/xtables/libxt_set.so |
| /usr/lib64/xtables/libxt_socket.so |
| /usr/lib64/xtables/libxt_standard.so |
| /usr/lib64/xtables/libxt_state.so |
| /usr/lib64/xtables/libxt_statistic.so |
| /usr/lib64/xtables/libxt_string.so |
| /usr/lib64/xtables/libxt_tcp.so |
| /usr/lib64/xtables/libxt_tcpmss.so |
| /usr/lib64/xtables/libxt_time.so |
| /usr/lib64/xtables/libxt_tos.so |
| /usr/lib64/xtables/libxt_u32.so |
| /usr/lib64/xtables/libxt_udp.so |
| /usr/sbin/ip6tables |
| /usr/sbin/ip6tables-restore |
| /usr/sbin/ip6tables-restore-translate |
| /usr/sbin/ip6tables-save |
| /usr/sbin/ip6tables-translate |
| /usr/sbin/iptables |
| /usr/sbin/iptables-apply |
| /usr/sbin/iptables-restore |
| /usr/sbin/iptables-restore-translate |
| /usr/sbin/iptables-save |
| /usr/sbin/iptables-translate |
| /usr/sbin/xtables-monitor |
| /usr/sbin/xtables-nft-multi |
| /usr/share/doc/iptables |
| /usr/share/doc/iptables/INCOMPATIBILITIES |
| /usr/share/licenses/iptables |
| /usr/share/licenses/iptables/COPYING |
| /usr/share/man/man8/ip6tables-restore.8.gz |
| /usr/share/man/man8/ip6tables-save.8.gz |
| /usr/share/man/man8/ip6tables.8.gz |
| /usr/share/man/man8/iptables-apply.8.gz |
| /usr/share/man/man8/iptables-extensions.8.gz |
| /usr/share/man/man8/iptables-restore.8.gz |
| /usr/share/man/man8/iptables-save.8.gz |
| /usr/share/man/man8/iptables.8.gz |
| /usr/share/man/man8/nfnl_osf.8.gz |
| /usr/share/man/man8/xtables-monitor.8.gz |
| /usr/share/man/man8/xtables-nft.8.gz |
| /usr/share/man/man8/xtables-translate.8.gz |
| </code> |
| |
| Paket **iptables-services**: |
| <code> |
| # rpm -qil iptables-services |
| Name : iptables-services |
| Version : 1.8.2 |
| Release : 9.el8_0.1 |
| Architecture: x86_64 |
| Install Date: Sat Dec 28 07:58:08 2019 |
| Group : System Environment/Base |
| Size : 20132 |
| License : GPLv2 and Artistic 2.0 and ISC |
| Signature : RSA/SHA256, Sat Aug 3 20:59:56 2019, Key ID 05b555b38483c65d |
| Source RPM : iptables-1.8.2-9.el8_0.1.src.rpm |
| Build Date : Mon Jul 1 17:42:13 2019 |
| Build Host : x86-02.mbox.centos.org |
| Relocations : (not relocatable) |
| Packager : CentOS Buildsys <bugs@centos.org> |
| Vendor : CentOS |
| URL : http://www.netfilter.org/ |
| Summary : iptables and ip6tables services for iptables |
| Description : |
| iptables services for IPv4 and IPv6 |
| |
| This package provides the services iptables and ip6tables that have been split |
| out of the base package since they are not active by default anymore. |
| /etc/sysconfig/ip6tables |
| /etc/sysconfig/iptables |
| /usr/lib/systemd/system/ip6tables.service |
| /usr/lib/systemd/system/iptables.service |
| /usr/libexec/initscripts/legacy-actions/ip6tables |
| /usr/libexec/initscripts/legacy-actions/ip6tables/panic |
| /usr/libexec/initscripts/legacy-actions/ip6tables/save |
| /usr/libexec/initscripts/legacy-actions/iptables |
| /usr/libexec/initscripts/legacy-actions/iptables/panic |
| /usr/libexec/initscripts/legacy-actions/iptables/save |
| /usr/libexec/iptables |
| /usr/libexec/iptables/ip6tables.init |
| /usr/libexec/iptables/iptables.init |
| </code> |
| |
| ===== Dienst/Deamon-Start einrichten ===== |
| |
| Um ''iptables'' und ''ip6tables'', welche als Dienste/Deamons als Hintergrundprozesse laufen, auch nach einem Neustart des Servers zur Verfügung zu haben, sollen die Dienste/Daemons mit dem Server mit gestartet werden, was mit nachfolgenden Befehlen realisiert werden kann: |
| <code> |
| # systemctl enable iptables.service |
| Created symlink /etc/systemd/system/basic.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service. |
| </code> |
| und |
| <code> |
| # systemctl enable ip6tables.service |
| Created symlink /etc/systemd/system/basic.target.wants/ip6tables.service → /usr/lib/systemd/system/ip6tables.service. |
| </code> |
| |
| Eine Überprüfung, ob beim Neustart des Server der ''iptables''-Dienst/Deamon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben: |
| <code> |
| # systemctl list-unit-files --type=service | grep -E ^ip't|6' |
| ip6tables.service enabled |
| iptables.service enabled |
| </code> |
| bzw. |
| <code> |
| # systemctl is-enabled iptables.service |
| enabled |
| </code> |
| und |
| <code> |
| # systemctl is-enabled ip6tables.service |
| enabled |
| </code> |
| |
| ===== Erster Start ===== |
| |
| ==== iptables ==== |
| |
| Nachfolgender Befehl führt den ersten Start des Dienstes/Daemons ''iptables'' aus: |
| <code> |
| # systemctl start iptables.service |
| </code> |
| |
| Mit nachfolgendem Befehl kann ünberprüft werden, ob der Dienst/Daemon ordnungsgemäß gestartet wurde und läuft: |
| <code> |
| # systemctl status iptables.service |
| ● iptables.service - IPv4 firewall with iptables |
| Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor pr> |
| Active: active (exited) since Sat 2019-12-28 08:06:00 CET; 8s ago |
| Process: 9573 ExecStart=/usr/libexec/iptables/iptables.init start (code=exite> |
| Main PID: 9573 (code=exited, status=0/SUCCESS) |
| |
| Dec 28 08:06:00 localhost.localdomain systemd[1]: Starting IPv4 firewall with i> |
| Dec 28 08:06:00 localhost.localdomain iptables.init[9573]: iptables: Applying f> |
| Dec 28 08:06:00 localhost.localdomain systemd[1]: Started IPv4 firewall with ip> |
| </code> |
| |
| Nachfolgender Befehl überprüft, ob eine Regelsatz aktiv ist: |
| <code> |
| # iptables -nvL |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) |
| pkts bytes target prot opt in out source destination |
| 148 10796 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED |
| 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 |
| 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 |
| 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 |
| 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited |
| |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) |
| pkts bytes target prot opt in out source destination |
| 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited |
| |
| Chain OUTPUT (policy ACCEPT 84 packets, 10872 bytes) |
| pkts bytes target prot opt in out source destination |
| </code> |
| |
| ==== ip6tables ==== |
| |
| Nachfolgender Befehl fürt den ersten Start des Dienstes/Daemons ''ip6tables'' aus: |
| <code> |
| # systemctl start ip6tables.service |
| </code> |
| |
| Mit nachfolgendem Befehl kann ünberprüft werden, ob der Dienst/Daemon ordnungsgemäß gestartet wurde und läuft: |
| <code> |
| # systemctl status ip6tables.service |
| ● ip6tables.service - IPv6 firewall with ip6tables |
| Loaded: loaded (/usr/lib/systemd/system/ip6tables.service; enabled; vendor p> |
| Active: active (exited) since Sat 2019-12-28 08:37:13 CET; 44s ago |
| Process: 15116 ExecStart=/usr/libexec/iptables/ip6tables.init start (code=exi> |
| Main PID: 15116 (code=exited, status=0/SUCCESS) |
| |
| Dec 28 08:37:13 localhost.localdomain systemd[1]: Starting IPv6 firewall with i> |
| Dec 28 08:37:13 localhost.localdomain ip6tables.init[15116]: ip6tables: Applyin> |
| Dec 28 08:37:13 localhost.localdomain systemd[1]: Started IPv6 firewall with ip> |
| </code> |
| |
| Nachfolgender Befehl überprüft, ob eine Regelsatz aktiv ist: |
| <code> |
| # ip6tables -nvL |
| Chain INPUT (policy ACCEPT 0 packets, 0 bytes) |
| pkts bytes target prot opt in out source destination |
| 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED |
| 0 0 ACCEPT icmpv6 * * ::/0 ::/0 |
| 0 0 ACCEPT all lo * ::/0 ::/0 |
| 0 0 ACCEPT tcp * * ::/0 ::/0 state NEW tcp dpt:22 |
| 0 0 ACCEPT udp * * ::/0 fe80::/64 udp dpt:546 state NEW |
| 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited |
| |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) |
| pkts bytes target prot opt in out source destination |
| 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited |
| |
| Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) |
| pkts bytes target prot opt in out source destination |
| </code> |
| |
| ===== Weitere Informationen ===== |
| |
| Weiterführende Informationen zu ''iptables'' innerhlab dieses DokuWikis können unter nachfolgendm internen Link abgerufen werden: |
| * [[tachtler:iptables|iptables]] |
| |