{"id":723,"date":"2009-09-04T15:39:40","date_gmt":"2009-09-04T15:39:40","guid":{"rendered":"http:\/\/pchero21.com\/?p=723"},"modified":"2009-09-04T15:39:40","modified_gmt":"2009-09-04T15:39:40","slug":"iptables-%ec%bb%a4%eb%84%90-2-4%eb%8c%80%ec%9d%98-%eb%b0%a9%ed%99%94%eb%b2%bd-%ea%b4%80%eb%a6%ac%eb%8f%84%ea%b5%ac","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=723","title":{"rendered":"iptables (\ucee4\ub110 2.4\ub300\uc758 \ubc29\ud654\ubcbd \uad00\ub9ac\ub3c4\uad6c)"},"content":{"rendered":"

 \ucee4\ub110 2.4\ub300\uc5d0\uc11c \ubc29\ud654\ubcbd, \uaddc\uce59 \uc124\uc815, IP \ub9e4\uc2a4\ucee4\ub808\uc774\ub529\uc744 \uc870\uc815\ud558\ub294 \ucee4\ub110 \ub3c4\uad6c<\/p>\n

 iptables -[ADC] chain \uc0c1\uc138\ub8f0 [\uc635\uc158]
 iptables -[RI] chain \ub8f0\ubc88\ud638 \uc0c1\uc138\ub8f0 [\uc635\uc158]
 iptables -D chain \ub8f0\ubc88\ud638 [\uc635\uc158]
 iptables -[LFZ] [chain] [\uc635\uc158]
 iptables -[NX] chain
 iptables -E \uc774\ubc88\uccb4\uc778\uc774\ub984 \uc0c8\ub85c\uc6b4\uccb4\uc778\uc774\ub984
 iptables -P chain target [\uc635\uc158]
 iptables -h<\/p>\n

 -A chain, –append chain : chain\uc744 \ucd94\uac00\ud55c\ub2e4.
 -D chain, –delete chain : chain\uc5d0\uc11c \ub8f0\uc744 \uc0ad\uc81c\ud55c\ub2e4.
 -D chain \ub8f0\ub118\ubc84, –delete chain \ub8f0\ub118\ubc84 : chain \uc815\ucc45 \uc911 \uc9c0\uc815\ud55c \ub8f0\ub118\ubc84\ub97c \uc0ad\uc81c\ud55c\ub2e4. \ub9cc\uc77c \ub8f0\ub118\ubc84\uac00 1\uc774\ub77c\uba74 chain \uaddc\uce59\uc758 \uccab \ubc88\uc9f8 \ub8f0\uc744 \uc0ad\uc81c\ud55c\ub2e4.
 -I chain [\ub8f0\ub118\ubc84], –insert chain [\ub8f0\ub118\ubc84] : chain \uc815\ucc45\uc5d0 \uc9c0\uc815\ud55c \uc22b\uc790\ubc88\uc9f8\uc5d0 \uc0bd\uc785\ud558\uac70\ub098, \ub9c8\uc9c0\ub9c9\uc5d0 \ub8f0\uc744 \uc0bd\uc785\ud55c\ub2e4.
 -R chain \ub8f0\ub118\ubc84, –relace : chain \uc815\ucc45 \uc911 \uc9c0\uc815\ud55c \uc22b\uc790\ubc88\uc9f8\uc758 \ub8f0\uc744 \uad50\uccb4\ud55c\ub2e4.
 -L [chain], –list [chain] \ubaa8\ub4e0 chain \uc815\ucc45\uc744 \ubcf4\uac70\ub098, \uc9c0\uc815\ud55c chain \uc815\ucc45\uc744 \ubcf8\ub2e4.
 -F [chain], –flush : \ubaa8\ub4e0 chain \uc815\ucc45\uc744 \uc0ad\uc81c\ud558\uac70\ub098, \uc9c0\uc815\ud55c chain \uc815\ucc45\uc744 \uc0ad\uc81c\ud55c\ub2e4.
 -Z [chain], –zero : \ubaa8\ub4e0 chain \uc815\ucc45\uc744 \uc81c\ub85c\ub85c \ub9cc\ub4e4\uac70\ub098, \uc9c0\uc815\ud55c chain \uc815\ucc45\uc744 \uc81c\ub85c\ub85c \ub9cc\ub4e0\ub2e4.
 -C chain, –check chain : \uc124\uc815\ud55c chain \uc815\ucc45\uc744 \ud14c\uc2a4\ud2b8\ud55c\ub2e4.
 -N chain, –new-chain : \uc0c8\ub85c\uc6b4 \uc815\ucc45\uc744 \ub9cc\ub4e0\ub2e4.
 -X [chain], –delete-chain : \uc0ac\uc6a9\uc790\uac00 \ub9cc\ub4e0 chain\uc774\ub098 \ubaa8\ub4e0 chain\uc744 \uc0ad\uc81c\ud55c\ub2e4.
 -P chain target, –policy chain target : chain \uc815\ucc45\uc744 \uc9c0\uc815\ud55c chain \uc815\ucc45\uc73c\ub85c \ubc14\uafbc\ub2e4.
 -E old-chain new-chain, –rename-chain old-chain new-chain : chain\uba85\uc744 \ubc14\uafbc\ub2e4.
 -p, –protocol [!] proto : \ud504\ub85c\ud1a0\ucf5c\uc744 \uc9c0\uc815\ud55c\ub2e4. !\uc740 \uc81c\uc678\uc758 \uc758\ubbf8\uc774\ub2e4.
 -s, –source [!] address[\/mask] : \ucd9c\ubc1c\uc9c0 \uc8fc\uc18c\ub97c \uc9c0\uc815\ud55c\ub2e4. mask\ub294 C\ud074\ub798\uc2a4\uba74 255.255.255.0\uc774\ub098 24\ube44\ud2b8\ub85c \ud45c\ud604\ub41c\ub2e4.
 -d, –destination [!] address[\/mask] : \ubaa9\uc801\uc9c0 \uc8fc\uc18c\ub97c \uc9c0\uc815\ud55c\ub2e4.
 -i, –in-interface [!] input name[+] \uc218\uc2e0\ud558\ub294 \ub124\ud2b8\uc6cc\ud06c \uc778\ud130\ud398\uc774\uc2a4 \uc774\ub984\uc744 \uc9c0\uc815\ud55c\ub2e4. name+\uc740 name\uc73c\ub85c \uc2dc\uc791\ud558\ub294 \ubaa8\ub4e0 \uc778\ud130\ud398\uc774\uc2a4 \uc774\ub984\uc774\ub2e4.
 -j –jump target : \uc9c0\uc815\ud558\ub294 target\uc73c\ub85c \ub9ac\ub2e4\uc774\ub809\ud2b8 \uc2dc\ud0a8\ub2e4.
 -m : \uc9c0\uc815\ud55c match\ub85c \ud655\uc7a5\uc774 \uac00\ub2a5\ud558\ub2e4.
 -n : IP\uc8fc\uc18c\uc640 \ud3ec\ud2b8\ubc88\ud638\ub97c \uc22b\uc790 \uadf8\ub300\ub85c \ubcf4\uc5ec\uc900\ub2e4.
 -o, –out-interface [!] output name[+] : \ubc1c\uc2e0\ud558\ub294 \ub124\ud2b8\uc6cc\ud06c \uc778\ud130\ud398\uc774\uc2a4 \uc774\ub984\uc744 \uc9c0\uc815\ud55c\ub2e4.
 -v, –verbose : \uc0c1\uc138\ud55c \uc815\ubcf4\ub97c \ubcf4\uc5ec\uc900\ub2e4.
 –line-numbers : \ub8f0\uc815\ucc45\uc744 \ubcf4\uc5ec\uc904 \ub54c \uc904\ubc88\ud638\ub3c4 \ub098\ud0c0\ub0b8\ub2e4.
 -x, –exact : \uc815\ud655\ud55c \uac12\uc73c\ub85c \ub098\ud0c0\ub0b8\ub2e4.
 -V, –version : \ubc84\uc804 \uc815\ubcf4\ub97c \ubcf4\uc5ec\uc900\ub2e4.<\/p>\n

 iptables\ub294 netfilter \ud544\ud130\ub9c1 \ub8f0\uc5d0 \uc0ac\uc6a9\ud55c\ub2e4. \ub300\ubd80\ubd84 ipchains\uc640 \uc0ac\uc6a9\ubc95\uc774 \uac70\uc758 \uac19\uc73c\ub098, \uac00\uc7a5 \ud070 \ucc28\uc774\uc810\uc740 \ud655\uc7a5\uc131\uc5d0 \uc788\ub2e4. \uc815\uc0c1\uc801\uc73c\ub85c \ucee4\ub110 \ud655\uc7a5\uc740 \ucee4\ub110 \ubaa8\ub4c8 \ud558\ubd80 \ub514\ub809\ud1a0\ub9ac(\/lib\/modules\/\ucee4\ub110\ubc84\uc804\/kernel\/net)\uc5d0 \uc874\uc7ac\ud558\ub294\ub370, iptables\ub294 \uc694\uad6c\uc5d0 \uc758\ud558\uc5ec \uc801\uc7ac\ub41c\ub2e4. \uadf8\ub798\uc11c, \uc544\ub4e4 \ubaa8\ub4c8\uc744 \uc9c1\uc811 \uc801\uc7ac\ud560 \ud544\uc694\ub294 \uc5c6\ub2e4. iptables\uc758 \ud655\uc7a5\ub4e4\uc740 \uacf5\uc720 \ub77c\uc774\ube0c\ub7ec\ub9ac \ud615\ud0dc\ub85c \ubcf4\ud1b5 \/usr\/local\/lib\/iptables \uc5d0 \uc704\uce58\ud55c\ub2e4. \ubc30\ud3ec\ud310\uc740 \uc774\uac83\uc744 \/lib\/tables\ub098 \/usr\/lib\/tables \uc5d0 \ub123\uc73c\ub824 \ud560 \uac83\uc774\ub2e4.<\/p>\n

\"User \uc6b0\ubd84\ud22c 8.10-Desktop \uc758 \uacbd\uc6b0 \/lib\/iptables \ubc11\uc5d0 \uc874\uc7ac\ud55c\ub2e4.<\/p>\n

 ipchain\uc774 iptables\uc5d0\uc11c \ubcc0\uacbd\ub41c \uc0ac\ud56d\ub4e4\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n

 * \ubbf8\ub9ac \ub9cc\ub4e4\uc5b4\uc9c4 \uccb4\uc778 \uc774\ub984 (input, output, forward)\uac00 \uc18c\ubb38\uc790\uc5d0\uc11c \ub300\ubb38\uc790\ub85c \ubc14\ub00c\uc5c8\ub2e4.<\/p>\n

 * -i \uc9c0\uc2dc\uc790\ub294 \ub4e4\uc5b4\uc624\ub294 \uc778\ud130\ud398\uc774\uc2a4\ub9cc \uc758\ubbf8\ud558\uace0 INPUT\uacfc FORWARD chain\uc5d0\uc11c\ub9cc \uc791\ub3d9\ud55c\ub2e4. FORWARD\ub098 OUTPUT chain\uc740 -o \ub85c \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n

 * TCP\uc640 UDP \ud3ec\ud2b8\ub294 –source-port, –sport (–destination-port, –dport)\uacfc \uc0ac\uc6a9\ud558\uac8c \ub41c\ub2e4. -p tcp \ub610\ub294 -p udp \uc635\uc158\uacfc \ud568\uaed8 \uc0ac\uc6a9\ub418\uc5b4\uc838\uc57c \ud55c\ub2e4.<\/p>\n

 * TCP -y \uc9c0\uc2dc\uc790\ub294 –syn \uc73c\ub85c \ubc14\ub00c\uc5c8\uace0 -p tcp \ub2e4\uc74c\uc5d0 \uc640\uc57c\ud55c\ub2e4.<\/p>\n

 * DENY target \ub294 DROP\uc73c\ub85c \ubc14\ub00c\uc5c8\ub2e4.<\/p>\n

 * iptables \ub97c \uc774\uc6a9\ud558\uc5ec \uc815\ucc45\ub4e4\uc744 \uc785\ub825\ud558\uc600\ub2e4\uba74, \uc774\ub294 \uba54\ubaa8\ub9ac\uc5d0 \uc801\uc7ac\ub420 \ubfd0\uc774\ubbc0\ub85c \uc2dc\uc2a4\ud15c\uc744 \ub2e4\uc2dc \uc2dc\uc791\ud55c \ud6c4\uc5d0\ub294 \ubaa8\ub450 \uc0ac\ub77c\uc9c8 \uac83\uc774\ub2e4. \uc774\ub97c iptables-save \uba85\ub839\uc73c\ub85c \uc800\uc7a5\uc774 \uac00\ub2a5\ud558\ub2e4.<\/p>\n

 # iptables-save > iptables_test<\/span><\/p>\n

 \uc544\ub798\uc640 \uac19\uc774 iptables-restore \uba85\ub839\uc73c\ub85c \uc800\uc7a5\ud55c \uc815\ucc45 \ud30c\uc77c\uc744 \ubd88\ub7ec\uc62c \uc218\ub3c4 \uc788\ub2e4.

 # iptables-restore < iptables_test<\/span><\/p>\n

 * \ub9e4\uc2a4\ucee4\ub808\uc774\ub529(iptables)
 ipchain \uba85\ub839\uacfc \ub9c8\ucc2c\uac00\uc9c0\ub85c \ub0b4\ubd80 \uc778\ud130\ub137 \uc5f0\uacb0 \uacf5\uc720\ub97c \ud560 \uc218 \uc788\ub2e4. masquerading \uae30\ubc95\uc73c\ub85c \ud55c \ucef4\ud4e8\ud130\uc5d0 \ub450 \uac1c\uc758 \ub124\ud2b8\uc6cc\ud06c \uc778\ud130\ud398\uc774\uc2a4\ub97c \uc124\uc815\ud55c \ub2e4\uc74c, \ud558\ub098\ub294 \uc678\ubd80\uc758 \uc778\ud130\ub137\uacfc \uc5f0\uacb0\ub418\uc5b4 \uc788\uace0, \ub2e4\ub978 \ud558\ub098\ub294 \ub0b4\ubd80 \uac8c\uc774\ud2b8\uc6e8\uc774(192.168.0.1 \uc774\ub77c\uace0 \uac00\uc815)\uc758 \uc5ed\ud560\uc744 \ud558\ub3c4\ub85d \uc124\uc815\ud55c\ub2e4. \ub0b4\ubd80 \uac8c\uc774\ud2b8\uc6e8\uc774 \uc5ed\ud560\uc744 \ud558\ub294 \uc778\ud130\ud398\uc774\uc2a4\uc640 \uc5f0\uacb0\ub41c \ud5c8\ube0c\ub97c \ud1b5\ud574 \uac19\uc740 192.168.0.0\/24 \ub300\uc5ed\uc758 \uc544\uc774\ud53c\ub97c \uc124\uc815\ud558\uc5ec, \ub0b4\ubd80\uc5d0\uc11c\ub3c4 \uc778\ud130\ub137\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub3c4\ub85d \ud560 \uc218 \uc788\ub2e4. \uc544\ub798\uc758 \uc2a4\ud06c\ub9bd\ud2b8\ub294 \ucd5c\uc18c\uc758 masquerading \uae30\ubc95\uc744 \uc704\ud55c \uc785\ub825\uc73c\ub85c \uc190\uc27d\uac8c \ub0b4\ubd80\uc5d0 \uc778\ud130\ub137\uc744 \uacf5\uc720\ud560 \uc218 \uc788\ub2e4.

 # \/sbin\/iptables -F<\/span>
 # echo “1” > \/proc\/sys\/net\/ipv4\/ip_forward<\/span>
 # iptables -t nat -A POSTROUTING -s 192.168.1.2\/24 -j MASQUERADE<\/span><\/p>\n

 * \uc194\ub77c\ub9ac\uc2a4(Solaris)
 \uc194\ub77c\ub9ac\uc2a4\ub294 BSD \uacc4\uc5f4\uc758 SunOS\ub97c \ubc14\ud0d5\uc73c\ub85c \ud558\uc5ec, System V \uacc4\uc5f4\uc758 \uc601\ud5a5\uc744 \ubc1b\uc740 SunOS 5 \ubc84\uc804\ubd80\ud130\ub294 Solaris 2.x \ub77c\ub294 \uc774\ub984\ub3c4 \ud568\uaed8 \uc0ac\uc6a9\ud574 \uc654\ub2e4. \uc774\ud6c4 Solaris 2.7 \ubd80\ud130\ub294 \ub2e4\uc2dc Solaris 7\uc774\ub77c\ub294 \uc774\ub984\uc73c\ub85c\ub3c4 \ud1b5\uc6a9\ub418\uace0 \uc788\ub2e4. Sun \uc0ac\uc5d0\uc11c\ub294 \uc774 OS\ub97c \uc790\uc0ac\uc5d0\uc11c \uc0dd\uc0b0\ud558\ub294 \uc2a4\ud30d \ud50c\ub7ab\ud3fc \uc6a9\uc73c\ub85c\ub9cc \uac1c\ubc1c\ud558\uc600\uc73c\ub098 \uc778\ud154 \ud50c\ub7ab\ud3fc\uc744 \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0\uac00 \ub298\uc5b4\ub098\uba70 \uc778\ud154\uc6a9 \ubc84\uc804\ub3c4 \ud568\uaed8 \uac1c\ubc1c\ud558\uc600\ub2e4. \uadf8\ub7ec\ub098 \ubcf8\uc9c8\uc801\uc73c\ub85c\ub294 \uac70\uc758 \ub3d9\uc77c\ud55c \uc18c\uc2a4\ub97c \uae30\ubc18\uc73c\ub85c \ucef4\ud30c\uc77c\ud55c \uc81c\ud488\uc774\ubbc0\ub85c \uc131\ub2a5 \uba74\uc5d0\uc11c\ub294 \ud070 \ucc28\uc774\uac00 \uc5c6\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"

 \ucee4\ub110 2.4\ub300\uc5d0\uc11c \ubc29\ud654\ubcbd, \uaddc\uce59 \uc124\uc815, IP \ub9e4\uc2a4\ucee4\ub808\uc774\ub529\uc744 \uc870\uc815\ud558\ub294 \ucee4\ub110 \ub3c4\uad6c  iptables -[ADC] chain \uc0c1\uc138\ub8f0 [\uc635\uc158] iptables -[RI] chain \ub8f0\ubc88\ud638 \uc0c1\uc138\ub8f0 [\uc635\uc158] iptables -D chain \ub8f0\ubc88\ud638 [\uc635\uc158] iptables -[LFZ] [chain] [\uc635\uc158] iptables -[NX] chain iptables -E \uc774\ubc88\uccb4\uc778\uc774\ub984 \uc0c8\ub85c\uc6b4\uccb4\uc778\uc774\ub984 iptables -P chain target [\uc635\uc158] iptables -h  -A chain, –append … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[41],"tags":[218,530],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/723"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=723"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/723\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=723"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}