Shulou(Shulou.com)06/03 Report--

Firewalld Firewall-there is no cheater for mother and baby in Mengbei Tree, IP address camouflage:

1. Through address camouflage, the NAT device forwards the packet passing through the device to the designated receiver, and changes the passed packet 2 and source address to its own interface address of the NAT device. When the returned packet arrives, the destination address is modified to the address of the original host and routed. Address camouflage can realize that multiple addresses in the local area network share a single public network address to access the Internet.

4. Similar to Port Multiplexing (PAT) in NAT technology. IP address masquerading only supports ipv4, not ipv6.

Port forwarding:

It can also be called destination address translation or port mapping. Through port forwarding, traffic from specified IP addresses and ports is forwarded to different ports on the same computer, or to ports on different computers. In general, the servers in the company's intranet use private network addresses, and then publish the servers using private network addresses to the public network through port forwarding.

In firewalld, there is a concept of rich language. Firewalld's rich language provides a mechanism for configuring complex firewall rules through a high-level language that does not need to understand iptables syntax. Through this language, custom firewall rules that cannot be implemented in the basic syntax of firewalld can be expressed.

Rich rules can be used to express basic allow / deny rules, as well as to configure records (for syslog and auditd), as well as port forwarding, masquerading, and rate limiting.

There is a timeout tool in the firewalld firewall configuration, and when a rule containing a timeout is added to the firewall, the timer begins the countdown to that rule, and once the countdown reaches 0 seconds, the rule is removed from the runtime configuration.

When testing a more complex rule set, if the rule is valid, then we can add the rule again, if the rule does not achieve the desired effect, and may even lock our administrator so that it cannot enter the system, then the rule will be automatically deleted so that our operators can continue to test.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.