{"id":744,"date":"2009-09-26T05:36:40","date_gmt":"2009-09-26T05:36:40","guid":{"rendered":"http:\/\/pchero21.com\/?p=744"},"modified":"2009-09-26T05:36:40","modified_gmt":"2009-09-26T05:36:40","slug":"1-iptables%ea%b0%80-%ec%a0%9c%ea%b3%b5%ed%95%98%eb%8a%94-%eb%b3%b4%ed%98%b8","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=744","title":{"rendered":"1. iptables\uac00 \uc81c\uacf5\ud558\ub294 \ubcf4\ud638"},"content":{"rendered":"

 *iptables<\/span><\/p>\n

 iptables \ubc29\ud654\ubcbd\uc740 \ub137\ud544\ud130 \ud504\ub85c\uc81d\ud2b8(Netfilter Project, http:\/\/www.netfilter.org)\uc5d0\uc11c \uac1c\ubc1c\ub410\uc73c\uba70, 2001\ub144 1\uc6d4\uc758 \ub9ac\ub205\uc2a4 2.4 \ucee4\ub110 \ubc30\ud3ec \uc2dc\uc810\ubd80\ud130 \ub9ac\ub205\uc2a4\uc758 \uc77c\ubd80\ubd84\uc73c\ub85c \uc81c\uacf5\ub410\ub2e4.<\/p>\n

 iptables\uc640 \ub137\ud544\ud130\ub77c\ub294 \ub2e8\uc5b4 \uac04\uc758 \ucc28\uc774\ub294 \ub9ac\ub205\uc2a4 \ucee4\ubba4\ub2c8\ud2f0\uc5d0\uc11c \ub2e4\uc18c \ud63c\ub780\uc758 \uc6d0\uc778\uc774\uc5c8\ub2e4. \ub9ac\ub205\uc2a4\uac00 \uc81c\uacf5\ud558\ub294 \ubaa8\ub4e0 \uc885\ub958\uc758 \ud328\ud0b7 \ud544\ud130\ub9c1\uacfc \ub9f9\uae00\ub9c1(mangling) \ub3c4\uad6c\uc758 \uacf5\uc2dd\uc801\uc778 \ud504\ub85c\uc81d\ud2b8\uba85\uc774 \ub137\ud544\ud130\ub2e4. \ud558\uc9c0\ub9cc \uc774 \ub2e8\uc5b4\ub294 \ub124\ud2b8\uc6cc\ud0b9 \uc2a4\ud0dd\uc73c\ub85c \ud568\uc218\ub97c \ud6c4\ud0b9(hooking)\ud558\ub294 \ub370 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub294 \ub9ac\ub205\uc2a4 \ucee4\ub110 \ub0b4\ubd80\uc758 \ud504\ub808\uc784\uc6cc\ud06c\ub97c \ub9d0\ud558\uae30\ub3c4 \ud55c\ub2e4. \ud55c\ud3b8 iptables\ub294 \ud328\ud0b7\uc5d0 \ub300\ud55c \uc5f0\uc0b0(\ud544\ud130\ub9c1 \ub4f1)\uc744 \uc218\ud589\ud558\uac8c \uc124\uacc4\ub41c \ud568\uc218\ub97c \ub124\ud2b8\uc6cc\ud0b9 \uc2a4\ud0dd\uc73c\ub85c \ud6c4\ud0b9\ud558\uae30 \uc704\ud574 \ub137\ud544\ud130 \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uc0ac\uc6a9\ud55c\ub2e4. \ub137\ud544\ud130\ub294 iptables\uac00 \ubc29\ud654\ubcbd \uae30\ub2a5\uc744 \uad6c\ud604\ud560 \uc218 \uc788\uac8c \ud504\ub808\uc784\uc6cc\ud06c\ub97c \uc81c\uacf5\ud55c\ub2e4\uace0 \uc0dd\uac01\ud560 \uc218 \uc788\ub2e4.<\/p>\n

 \ub137\ud544\ud130\uac00 \ud2b8\ub798\ud53d \uc790\uccb4\ub97c \ud544\ud130\ub9c1\ud558\uc9c0\ub294 \uc54a\ub294\ub2e4. \ub137\ud544\ud130\ub294 \ucee4\ub110 \ub0b4\ubd80\uc758 \uc801\uc808\ud55c \ubd80\ubd84\uc5d0 \ud6c4\ud0b9\ub418\uac8c \ud2b8\ub798\ud53d\uc744 \ud544\ud130\ub9c1\ud560 \uc218 \uc788\ub294 \uae30\ub2a5\uc744 \uac00\ub2a5\ucf00 \ud574\uc904 \ubfd0\uc774\ub2e4. \ub137\ud544\ud130 \ud504\ub85c\uc81d\ud2b8\ub294 \uc5f0\uacb0 \ucd94\uc801\uc774\ub098 \uae30\ub85d(logging)\uacfc \uac19\uc740 \ucee4\ub110 \uc778\ud504\ub77c\uc2a4\ud2b8\ub7ed\ucc98\uc758 \uc77c\ubd80\ub97c \uc81c\uacf5\ud558\uae30\ub3c4 \ud55c\ub2e4. \ubaa8\ub4e0 iptables \uc815\ucc45\uc740 \ud2b9\ud654\ub41c \ud328\ud0b7 \ucc98\ub9ac\ub97c \uc218\ud589\ud558\uae30 \uc704\ud574 \uc774\ub7f0 \ub137\ud544\ud130\uc758 \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4.<\/p>\n

  * iptables\ub97c \uc774\uc6a9\ud55c \ud328\ud0b7 \ud544\ud130\ub9c1<\/span><\/p>\n

 \uc0ac\uc6a9\uc790\ub294 iptables \ubc29\ud654\ubcbd\uc744 \uc774\uc6a9\ud574\uc11c \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uacfc \uc5f0\ub3d9\ud558\ub294 IP \ud328\ud0b7\uc5d0 \ub300\ud574 \uac15\ub825\ud55c \uc81c\uc5b4 \uae30\ub2a5\uc744 \uac16\ucd9c \uc218 \uc788\ub2e4. \uc774\ub7ec\ud55c \uc81c\uc5b4\ub294 \ub9ac\ub205\uc2a4 \ucee4\ub110 \ub0b4\ubd80\uc5d0 \uad6c\ud604\ub41c\ub2e4.<\/p>\n

 iptables \uc815\ucc45\uc740 \uc815\ub82c\ub41c \uaddc\uce59\uc9d1\ud569\uc73c\ub85c\ubd80\ud130 \uc0dd\uc131\ub41c\ub2e4. \uaddc\uce59\uc740 \ud2b9\uc815 \ubd84\ub958\uc758 \ud328\ud0b7\uc5d0 \ub300\ud574 \ucde8\ud574\uc57c \ud560 \uc870\uce58\ub97c \ucee4\ub110\uc5d0\uac8c \uc54c\ub824\uc900\ub2e4. \ud558\ub098\uc758 iptables \uaddc\uce59\uc740 \ud14c\uc774\ube14 \ub0b4\uc5d0 \uc788\ub294 \ud558\ub098\uc758 \uccb4\uc778\uc5d0 \uc801\uc6a9\ub41c\ub2e4. iptables \uccb4\uc778\uc740 \uc21c\uc11c\ub300\ub85c \uacf5\ud1b5\uc801\uc778 \ud2b9\uc9d5(\uc608\ub97c \ub4e4\uc5b4 \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc73c\ub85c \ub77c\uc6b0\ud305\ub418\uac70\ub098 \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc678\ubd80\ub85c \ub098\uac00\ub294 \uac83)\uc744 \uacf5\uc720\ud558\ub294 \ud328\ud0b7\ub4e4\uacfc \ube44\uad50\ub418\ub294 \uaddc\uce59 \ubaa8\uc74c\uc774\ub2e4.<\/p>\n

 – \ud14c\uc774\ube14
 \ud14c\uc774\ube14(table)\uc740 \ud328\ud0b7 \ud544\ud130\ub9c1\uc774\ub098 \ub124\ud2b8\uc6cc\ud06c \uc8fc\uc18c \ubcc0\ud658(NAT, Network Address Translation)\uacfc \uac19\uc740 \uae30\ub2a5\uc758 \uad11\ubc94\uc704\ud55c \ubc94\uc8fc\ub97c \uae30\uc220\ud558\ub294 iptables \uad6c\uc131\uc18c\ub2e4. filter, nat, magle, raw \uc640 \uac19\uc740 4\uac1c\uc758 \ud14c\uc774\ube14\uc774 \uc788\ub2e4. \ud544\ud130\ub9c1 \uaddc\uce59\uc740 filter \ud14c\uc774\ube14\uc5d0 \uc801\uc6a9\ub41c\ub2e4. NAT \uaddc\uce59\uc740 nat \ud14c\uc774\ube14\uc5d0 \uc801\uc6a9\ub418\uba70, \ud328\ud0b7 \ub370\uc774\ud130\ub97c \ubcc0\uacbd\ud558\ub294 \ud2b9\uc218 \uaddc\uce59\uc740 mangle \ud14c\uc774\ube14\uc5d0 \uc801\uc6a9\ub41c\ub2e4. \ub05d\uc73c\ub85c \ud15f\ud544\ud130\uc758 \uc5f0\uacb0\ucd94\uc801 \ud558\uc704\uc2dc\uc2a4\ud15c\uacfc \ub3c5\ub9bd\uc801\uc73c\ub85c \uae30\ub2a5\ud574\uc57c \ud558\ub294 \uaddc\uce59\uc740 raw \ud14c\uc774\ube14\uc5d0 \uc801\uc6a9\ub41c\ub2e4.<\/p>\n

 – \uccb4\uc778
 \uac01 \ud14c\uc774\ube14\uc740 \uc790\uc2e0\ub9cc\uc758 \uace0\uc720(build-in) \uccb4\uc778(chain) \uc9d1\ud569\uc744 \uac00\uc9c0\uc9c0\ub9cc \uc0ac\uc6a9\uc790\ub294 INPUT_ESTABLISHED \ub098 DMZ_NETWORK \uc640 \uac19\uc740 \uacf5\ud1b5 \ud0dc\uadf8\uc640 \uad00\ub828\ub41c \uaddc\uce59\uc9d1\ud569\uc744 \ub9cc\ub4e4\uae30 \uc704\ud574 \uc0ac\uc6a9\uc790 \uc815\uc758 \uccb4\uc778\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4. \ud328\ud0b7 \ud544\ud130\ub9c1\uc5d0\uc11c \uac00\uc7a5 \uc911\uc694\ud55c \uace0\uc720 \uccb4\uc778\uc740 filter \ud14c\uc774\ube14\uc758 INPUT, OUTPUT, FORWARD \uccb4\uc778\uc774\ub2e4.<\/p>\n

 — INPUT \uccb4\uc778\uc740 \ucee4\ub110 \ub0b4\ubd80\uc5d0\uc11c \ub77c\uc6b0\ud305 \uacc4\uc0b0\uc744 \ub9c8\uce5c \ud6c4 \ub85c\uceec \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc774 \ubaa9\uc801\uc9c0\uc778 \ud328\ud0b7(\uc989, \ub85c\uceec \uc18c\ucf13\uc774 \ubaa9\uc801\uc9c0\uc778 \ud328\ud0b7)\uc5d0 \uc801\uc6a9\ub41c\ub2e4.<\/p>\n

 — OUTPUT \uccb4\uc778\uc740 \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c \uc790\uccb4\uac00 \uc0dd\uc131\ud558\ub294 \ud328\ud0b7\uc744 \uc704\ud574 \uc608\uc57d\ub41c \uac83\uc774\ub2e4.<\/p>\n

 — FORWARD \uccb4\uc778\uc740 \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc744 \ud1b5\uacfc\ud558\ub294 \ud328\ud0b7\uc744 \uad00\ub9ac\ud55c\ub2e4.(\uc989, \ud55c \ub124\ud2b8\uc6cc\ud06c\ub97c \ub2e4\ub978 \ub124\ud2b8\uc6cc\ud06c\uc640 \uc5f0\uacb0\ud558\uae30 \uc704\ud574 iptables \ubc29\ud654\ubcbd\uc744 \uc0ac\uc6a9\ud574\uc11c \ub450 \ub124\ud2b8\uc6cc\ud06c \uac04\uc758 \ud328\ud0b7\uc774 \ubc29\ud654\ubcbd\uc744 \ud1b5\uacfc\ud574\uc57c \ud558\ub294 \uacbd\uc6b0)<\/p>\n

 \uc880 \ub354 \uacac\uace0\ud55c iptables \uc124\uce58\ub97c \uc704\ud574 \ud544\uc694\ud55c \ub450 \uac1c\uc758 \ucd94\uac00 \uccb4\uc778\uc73c\ub85c nat \ud14c\uc774\ube14\uc758 PREROUTING\uacfc POSTROUTING \uccb4\uc778\uc774 \uc788\ub2e4. \uc774 \uccb4\uc778\uc740 \ucee4\ub110 \ub0b4\ubd80\uc5d0\uc11c IP \ub77c\uc6b0\ud305 \uacc4\uc0b0\uc744 \uc218\ud589\ud558\uae30 \uc804\uacfc \ud734\uc5d0 \ud328\ud0b7 \ud5e4\ub354\ub97c \uc218\uc815\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n

\"User

iptables \ud328\ud0b7 \ud750\ub984<\/p><\/div>\n

 – \ub9e4\uce58
 \ubaa8\ub4e0 iptables \uaddc\ud2f1\uc740 \ud0c0\uac9f(target)\uacfc \ud568\uaed8 \uaddc\uce59\uc744 \ub530\ub974\ub294 \ud328\ud0b7\uc744 \uc5b4\ub5bb\uac8c \ucc98\ub9ac\ud560\uc9c0 iptables\uc5d0\uac8c \uc54c\ub824\uc8fc\ub294 \ub9e4\uce58(Match)\ub4e4\uc744 \uac00\uc9c4\ub2e4. iptables \ub9e4\uce58\ub294 iptables\uac00 \uaddc\uce59 \ud0c0\uac9f\uc5d0 \uc758\ud574 \uba85\uc2dc\ub418\ub294 \ub3d9\uc791\uc5d0 \ub530\ub77c \ud328\ud0b7\uc744 \ucc98\ub9ac\ud558\uae30 \uc704\ud574\uc11c \ud328\ud0b7\uc774 \ub9cc\uc871\ud574\uc57c \ud558\ub294 \uc870\uac74\uc774\ub2e4. \uc608\ub97c \ub4e4\uc5b4 \uaddc\uce59\uc744 TCP \ud328\ud0b7\uc5d0\ub9cc \uc801\uc6a9\ud558\uace0\uc790 \ud55c\ub2e4\uba74 –protocol \ub9e4\uce58\ub97c \uc0ac\uc6a9\ud558\uba74 \ub41c\ub2e4.<\/p>\n

 \uac01 \ub9e4\uce58\ub294 iptables \uba85\ub839 \ud589\uc5d0\uc11c \uba85\uc2dc\ub41c\ub2e4.<\/p>\n

 –source (-s) : \ucd9c\ubc1c\uc9c0 IP \uc8fc\uc18c\ub098 \ub124\ud2b8\uc6cc\ud06c\uc640\uc758 \ub9e4\uce6d
 –destination (-d) : \ubaa9\uc801\uc9c0 IP \uc8fc\uc18c\ub098 \ub124\ud2b8\uc6cc\ud06c\uc640\uc758 \ub9e4\uce6d
 –protocol (-p) : \ud2b9\uc815 \ud504\ub85c\ud1a0\ucf5c \uac12\uacfc\uc758 \ub9e4\uce6d
 –in-interface (-i) : \uc785\ub825 \uc778\ud130\ud398\uc774\uc2a4(\uc608\ub97c \ub4e4\uc5b4 eth0)
 –out-interface (-o) : \ucd9c\ub825 \uc778\ud130\ud398\uc774\uc2a4
 –state : \uc5f0\uacbd \uc0b4\ud0dc\uc640\uc758 \ub9e4\uce6d
 –string : \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \ub370\uc774\ud130 \ubc14\uc774\ud2b8 \uc21c\uc11c\uc640\uc758 \ub9e4\uce6d
 –comment : \ucee4\ub110 \uba54\ubaa8\ub9ac \ub0b4\uc758 \uaddc\uce59\uac00 \uc5f0\uacc4\ub418\ub294 \ucd5c\ub300 256 \ubc14\uc774\ud2b8\uc758 \uc8fc\uc11d<\/p>\n

 – \ud0c0\uac9f
 iptables \ub294 \ud328\ud0b7\uc774 \uaddc\uce59\uacfc \uc77c\uce58\ud560 \ub54c \ub3d9\uc791\uc744 \ucde8\ud558\ub294 \ud0c0\uac9f(Target)\uc744 \uc9c0\uc6d0\ud55c\ub2e4.
 ACCEPT : \ud328\ud0b7\uc774 \ubcf8\ub798 \ub77c\uc6b0\ud305\ub300\ub85c \uc9c4\ud589\ub41c\ub2e4.
 DROP : \ud328\ud0b7\uc744 \ubc84\ub9b0\ub2e4. \ub354 \uc774\uc0c1 \uc5b4\ub5a4 \ucc98\ub9ac\ub3c4 \uc218\ud589\ub418\uc9c0 \uc54a\uc73c\uba70 \uc218\uc2e0 \uc2a4\ud0dd\uc774 \uad00\ub828\ub41c \ub370\uc5d0 \ud55c\ud574\uc11c\ub294 \ud328\ud0b7\uc774 \uc804\uc1a1\ub41c \uc801\ub3c4 \uc5c6\ub294 \uac83\uacfc \uac19\ub2e4.
 LOG : \ud328\ud0b7\uc744 syslog\uc5d0 \uae30\ub85d\ud55c\ub2e4.
 REJECT : \ud328\ud0b7\uc744 \ubc84\ub9ac\uace0 \uc774\uc640 \ub3d9\uc2dc\uc5d0 \uc801\uc808\ud55c \uc751\ub2f5 \ud328\ud0b7(\uc608\ub97c \ub4e4\uc5b4 TCP \uc5f0\uacb0\uc758 \uacbd\uc6b0 TCP \uc7ac\uc124\uc815[Reset] \ud328\ud0b7, UDP \ud328\ud0b7\uc758 \uacbd\uc6b0 ICMP \ud3ec\ud2b8 \ub3c4\ub2ec \ubd88\uac00[Port Unreachable] \uba54\uc2dc\uc9c0)\uc744 \uc804\uc1a1\ud55c\ub2e4.
 RETRUN : \ud638\ucd9c \uccb4\uc778 \ub0b4\uc5d0\uc11c \ud328\ud0b7 \ucc98\ub9ac\ub97c \uacc4\uc18d\ud55c\ub2e4.<\/p>\n

 * \uae30\ubcf8 iptables \uc815\ucc45<\/span><\/p>\n

 – \uc815\ucc45 \uc694\uad6c\uc0ac\ud56d
 \uba87 \uac1c\uc758 \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \ub450 \uac1c\uc758 \uc11c\ubc84\ub85c \uad6c\uc131\ub41c \ub124\ud2b8\uc6cc\ud06c\ub97c \uc704\ud55c \ud6a8\uacfc\uc801\uc778 \ubc29\ud654\ubcbd \uc124\uc815\uc5d0 \ud544\uc694\ud55c \uc694\uad6c\uc0ac\ud56d\uc744 \uc815\uc758\ud574\ubcf4\uc790. \uc11c\ubc84(\uc6f9\uc11c\ubc84\uc640 DNS\uc11c\ubc84)\ub294 \uc678\ubd80 \ub124\ud2b8\uc6cc\ud06c\uc5d0\uc11c \uc811\uadfc\ud560 \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4. \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc788\ub294 \uc2dc\uc2a4\ud15c\uc740 \ubc29\ud654\ubcbd\uc744 \ud1b5\ud574 \uc678\ubd80 \uc11c\ubc84\ub85c \ub2e4\uc74c\uacfc \uac19\uc740 \uc720\ud615\uc758 \ud2b8\ub798\ud53d\uc744 \uc2dc\uc791\ud560 \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4.<\/p>\n

 — \ub3c4\uba54\uc778 \ub124\uc784 \uc2dc\uc2a4\ud15c(DNS, Domain Name System) \uc9c8\uc758<\/p>\n

 — \ud30c\uc77c \uc804\uc1a1 \ud504\ub85c\ud1a0\ucf5c(FTP, File Transfer Protocol) \uc804\uc1a1<\/p>\n

 — \ub124\ud2b8\uc6cc\ud06c \uc2dc\uac04 \ud504\ub85c\ud1a0\ucf5c(NTP, Network Time Protocol) \uc9c8\uc758<\/p>\n

 — \uc2dc\ud050\uc5b4 \uc258(SSH, Secure SHell) \uc138\uc158<\/p>\n

 — \ub2e8\uc21c \uba54\uc77c \uc804\uc1a1 \ud504\ub85c\ud1a0\ucf5c(SMTP, Simple Mail Transfer Protocol) \uc138\uc158<\/p>\n

 — whois \uc9c8\uc758<\/p>\n

 \uc704\uc5d0 \ub098\uc5f4\ud55c \uc11c\ube44\uc2a4 \uc678\uc5d0\ub294 \uc5b4\ub5a4 \ud2b8\ub798\ud53d\ub3c4 \ud5c8\uc6a9\ud558\uc9c0 \uc54a\uc544\uc57c \ud55c\ub2e4. \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\ub098 \ubc29\ud654\ubcbd\uc5d0\uc11c \ubc14\ub85c \uc2dc\uc791\ub41c \uc138\uc158\uc740 iptables\uac00 \uc0c1\ud0dc\uc720\uc9c0\ud615\uc73c\ub85c \ucd94\uc801\ud574\uc57c \ud55c\ub2e4(\uc720\ud6a8\ud55c \uc0c1\ud0dc\ub97c \ub530\ub974\uc9c0 \uc54a\ub294 \ud328\ud0b7\uc740 \uae30\ub85d\ud55c \ud6c4 \ucd5c\ub300\ud55c \ube68\ub9ac \ubc84\ub824\uc57c \ud55c\ub2e4). \ub610 NAT \uc11c\ube44\uc2a4\ub3c4 \uc81c\uacf5\ud574\uc57c \ud55c\ub2e4.<\/p>\n

 \uc774\uc640 \ub354\ubd88\uc5b4 \ubc29\ud654\ubcbd\uc740 \uc678\ubd80 IP \uc8fc\uc18c\ub85c \ud3ec\uc6cc\ub529\ub418\ub294 \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\ub85c\ubd80\ud130\uc758 \uc2a4\ud478\ud305\ub41c \ud328\ud0b7\uc5d0 \ub300\ud55c \uc81c\uc5b4\ub97c \uad6c\ud604\ud574\uc57c \ud55c\ub2e4.<\/p>\n

 — \ubc29\ud654\ubcbd \uc790\uccb4\ub294 \ub124\ud2b8\uc6cc\ud06c\ub85c\ubd80\ud130 SSH\ub97c \ud1b5\ud574 \uc811\uc18d\ud560 \uc218 \uc788\uc5b4\uc57c \ud55c\ub2e4. \uadf8\ub7ec\ub098 \uc778\uc99d\uc744 \uc704\ud574 fwknop\ub97c \uc2e4\ud589\ud558\uace0 \uc788\uc9c0 \uc54a\ub294 \ud55c \uadf8 \ubc16\uc5d0 \uc5b4\ub5a4 \uacf3\uc5d0\uc11c\ub3c4 \uc811\uc18d\ud560 \uc218 \uc5c6\uc5b4\uc57c \ud55c\ub2e4.<\/p>\n

 — \ubc29\ud654\ubcbd\uc740 \ub0b4\ubd80\uc640 \uc678\ubd80 \ub124\ud2b8\uc6cc\ud06c \ubaa8\ub450\ub85c\ubd80\ud130 ICMP \uc5d0\ucf54 \uc694\uccad(Echo Request)\uc744 \uc218\uc6a9\ud574\uc57c \ud55c\ub2e4. \uadf8\ub7ec\ub098 \uc5d0\ucf54 \uc694\uccad\uc744 \uc81c\uc678\ud558\uba74 \uc5b4\ub5a4 \ucd9c\ubc1c\uc9c0 IP \uc8fc\uc18c\ub85c\ubd80\ud130\uc758 \uc6d0\ud558\uc9c0 \uc54a\uc740(unsolicited) ICMP \ud328\ud0b7\ub3c4 \ubaa8\ub450 \ubc84\ub824\uc57c \ud55c\ub2e4.<\/p>\n

 — \ub05d\uc73c\ub85c \uc798\ubabb \uc804\ub2ec\ub41c \ud328\ud0b7, \ud3ec\ud2b8 \uc2a4\uce94, \uba85\uc2dc\uc801\uc73c\ub85c \ud600\uc6a9\ub41c \uac83\uc774 \uc544\ub2cc \uae30\ud0c0 \uc5f0\uacb0 \uc2dc\ub3c4\ub97c \ubaa8\ub450 \uae30\ub85d\ud558\uace0 \ubc84\ub9ac\uae30 \uc704\ud574 \ubc29\ud654\ubcbd\uc740 \uae30\ubcfc \uae30\ub85d \ud6c4 \ubc84\ub9ac\uae30 \uc804\ub7b5(log and drop stance)\uc73c\ub85c \uc124\uc815\ud574\uc57c \ud55c\ub2e4.<\/p>\n

 – iptables.sh \uc2a4\ud06c\ub9bd\ud2b8 \ud504\ub9ac\uc570\ube14(Preamble)<\/p>\n

 iptables.sh \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc2dc\uc791\ud558\uae30 \uc704\ud574 IPTABLES\uc640 MODPROBE(iptables \uc640 modprobe \ubc14\uc774\ub108\ub9ac\uc758 \uacbd\ub85c), INT_NET(\ub0b4\ubd80 \uc11c\ube0c\ub137 \uc8fc\uc18c\uc640 \ub9c8\uc2a4\ud06c)\uacfc \uac19\uc774 \uc138 \uac1c\uc758 \ubcc0\uc218\ub97c \uc815\uc758\ud558\uba74 \uc88b\ub2e4. \uc774 \ubcc0\uc218\ub4e4\uc740 \uc2a4\ud06c\ub9bd\ud2b8 \uc804\ubc18\uc5d0 \uac78\uccd0 \uc0ac\uc6a9\ub41c\ub2e4.<\/p>\n

 \uba3c\uc800 \uae30\uc874\uc758 iptables \uaddc\uce59\uc774 \uc2e4\ud589 \uc911\uc778 \ucee4\ub110\uc5d0\uc11c \uc81c\uac70\ub418\uace0 INPUT, OUTPUT, FORWARD \uc5d0 \ub300\ud55c \ud544\ud130\ub9c1 \uc815\ucc45\uc774 DROP \uc73c\ub85c \uc124\uc815\ub41c\ub2e4. \ub610 modprobe \uba85\ub839\uc5b4\ub97c \uc0ac\uc6a9\ud574\uc11c \uc5f0\uacb0\ucd94\uc801 \ubaa8\ub4c8\uc744 \ub85c\ub529\ud55c\ub2e4.<\/p>\n

\"User<\/p>\n

 – ip_conntrack : iptables\uc5d0\uc11c \ud604\uc7ac \ud14c\uc774\ube14\uc5d0 \ub4f1\ub85d\ub41c IP\uc758 \uc5f0\uacb0\uc744 \ucd94\uc801\ud558\uae30 \uc704\ud55c \ubaa8\ub4c8
 – ip_conntrack_ftp, ip_nat_ftp : iptables \uc5d0\uc11c ftp \uc0ac\uc6a9\uc744 \uac00\ub2a5\ud558\uac8c \ud558\ub294 \ubaa8\ub4c8. NAT \uc124\uc815\uc744 \uc0ac\uc6a9\ud558\uc9c0 \uc54a\ub294\ub2e4\uba74 ip_nat_ftp \ubaa8\ub4c8\uc744 \uc801\uc7ac\ud558\uc9c0 \uc54a\uc544\ub3c4 \ub41c\ub2e4.
 -> FTP\uc758 \uacbd\uc6b0 \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \ubaa8\ub450\uac00 \ubc29\ud654\ubcbd \uc548\uc5d0 \uc788\uc73c\uba74 \uc811\uc18d\uc740 \ub418\uc9c0\ub9cc, \ud30c\uc77c \ubaa9\ub85d\uc774\ub098 \ub0b4\uc6a9 \uc804\uc1a1.. \ub4f1\ub4f1\uc774 \uc548\ub418\ub294 \ud604\uc0c1\uc774 \ubc8c\uc5b4\uc9c4\ub2e4. \uc704\uc758 \uc801\uc7ac\ub41c \ubaa8\ub4c8\ub4e4\uc740 \uc774\uac83\uc744 \ud53c\ud558\uae30 \uc704\ud55c \ubaa8\ub4c8\uc774\ub2e4. <\/p><\/blockquote>\n

 – INPUT \uccb4\uc778
 INPUT \uccb4\uc778\uc740 \ub85c\uceec \uc2dc\uc2a4\ud15c\uc744 \ubaa9\uc801\uc73c\ub85c \ud558\ub294 (\uc989, \ucee4\ub110\uc758 \ub77c\uc6b0\ud305 \uacc4\uc0b0 \uacb0\uacfc \ud328\ud0b7\uc774 \ub85c\uceec IP \uc8fc\uc18c\ub97c \ubaa9\uc801\uc9c0\ub85c \ud55c\ub2e4\ub294 \uac83\uc744 \uc548 \ud6c4) \ud328\ud0b7\uc774 \ub85c\uceec \uc18c\ucf13\uacfc \ud1b5\uc2e0\ud560 \uc218 \uc788\ub294\uc9c0 \uc5ec\ubd80\ub97c \uacb0\uc815\ud558\ub294 iptables \uad6c\uc131\uc18c\ub2e4. INPUT \uccb4\uc778\uc758 \uccab \ubc88\uc9f8 \uaddc\uce59\uc774 iptables\ub85c \ud558\uc5ec\uae08 \ubaa8\ub4e0 \ud328\ud0b7\uc744 \ubc84\ub9ac\uac8c \ud558\ub294 \uac83\uc774\ub77c\uba74(\ub610\ub294 INPUT \uccb4\uc778\uc758 \uc815\ucc45 \uc124\uc815\uc774 DROP\uc73c\ub85c \uc124\uc815\ub3fc \uc788\ub2e4\uba74) \uc2dc\uc2a4\ud15c\uacfc IP \ud1b5\uc2e0(TCP, UDP, ICMP \ub4f1)\uc744 \ud1b5\ud574 \uc9c1\uc811 \ud1b5\uc2e0\ud558\ub824\ub294 \ubaa8\ub4e0 \uc2dc\ub3c4\ub294 \uc2e4\ud328\ud558\uac8c \ub41c\ub2e4. \uc8fc\uc18c \uacb0\uc815 \ud504\ub85c\ud1a0\ucf5c(ARP, Address Resolution Protocol) \uc5ed\uc2dc \uc774\ub354\ub137 \ub124\ud2b8\uc6cc\ud06c\uc0c1 \uc5b4\ub514\uc5d0\ub098 \uc874\uc7ac\ud558\ub294 \uc911\uc694\ud55c \ud2b8\ub798\ud53d\uc774\ub2e4. \uadf8\ub7ec\ub098 ARP\ub294 \ub124\ud2b8\uc6cc\ud06c \uacc4\uce35\uc774 \uc544\ub2c8\ub77c \ub370\uc774\ud130 \ub9c1\ud06c \uacc4\uce35\uc5d0\uc11c \ub3d9\uc791\ud558\uba70, iptables\ub294 IP \ud2b8\ub798\ud53d\uacfc \uc0c1\uc704 \ud504\ub85c\ud1a0\ucf5c\ub9cc \ud544\ud130\ub9c1\ud558\uae30 \ub54c\ubb38\uc5d0 ARP \ud2b8\ub798\ud53d\uc740 \ud544\ud130\ub9c1\ud560 \uc218 \uc5c6\ub2e4.<\/p>\n

 \uadf8\ub7ec\ubbc0\ub85c ARP \uc694\uccad\uacfc \uc751\ub2f5\uc740 iptables \uc815\ucc45\uacfc \ubb34\uad00\ud558\uac8c \uc804\uc1a1\ub418\uace0 \uc218\uc2e0\ub41c\ub2e4(arptables\ub97c \uc774\uc6a9\ud574\uc11c ARP \ud2b8\ub798\ud53d\uc744 \ud544\ud130\ub9c1\ud560 \uc218\ub3c4 \uc788\ub2e4).<\/p>\n

 – iptables \ub294 \ucee4\ub110\uc774 MAC \uc8fc\uc18c \ud655\uc7a5\uc744 \ud65c\uc131\ud654\ud55c \uc0c1\ud0dc\ub85c \ucef4\ud30c\uc77c\ub41c \uacbd\uc6b0\uc5d0\ub9cc \ub370\uc774\ud130 \ub9c1\ud06c \uacc4\uce35\uc758 MAC \uc8fc\uc18c\uc5d0 \uae30\ubc18\ud574\uc11c IP \ud328\ud0b7\uc744 \ud544\ud130\ub9c1\ud560 \uc218 \uc788\ub2e4. 2.4 \ucee4\ub110 \uc2dc\ub9ac\uc988\uc5d0\uc11c\ub294 \uc0ac\uc6a9\uc790\uac00 \uc9c1\uc811 MAC \uc8fc\uc18c \ud655\uc7a5\uc744 \ud65c\uc131\ud654\ud574\uc57c \ud558\uc9c0\ub9cc 2.6 \ucee4\ub110 \uc2dc\ub9ac\uc988\uc5d0\uc11c\ub294 \uae30\ubcf8\uc801\uc73c\ub85c \ud65c\uc131\ud654\ub3fc \uc788\ub2e4.<\/p><\/blockquote>\n

 \ud504\ub9ac\uc570\ube14\uc744 \uc644\uc131\ud55c \ud6c4 iptables \uc258 \uc2a4\ud06c\ub9bd\ud2b8 \uac1c\ubc1c\uc744 \uacc4\uc18d\ud558\uae30 \uc704\ud574 \ub2e4\uc74c\uc758 \uba85\ub839\uc5b4\ub97c \uc0ac\uc6a9\ud574 INPUT \uccb4\uc778\uc744 \uc124\uc815\ud55c\ub2e4.<\/p>\n

##### INPUT \uccb4\uc778 #####
echo “[+] Setting up INPUT chain…”<\/p>\n

### \uc0c1\ud0dc \ucd94\uc801 \uaddc\uce59
$IPTABLES -A INPUT -m state –state INVALID -j LOG –log-prefix “DROP INVALID ” –log-ip-options –log-tcp-options
$IPTABLES -A INPUT -m state –state INVALID -j DROP
$IPTABLES -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT<\/p>\n

### \uc548\ud2f0 \uc2a4\ud478\ud551 \uaddc\uce59
$IPTABLES -A INPUT -i eth2 -s ! $INT_NET -j LOG –log-prefix “SPOOFED PKT “
$IPTABLES -A INPUT -i eth2 -s ! $INT_NET -j DROP
### ACCEPT \uaddc\uce59
#ftp
$IPTABLES -A INPUT -p tcp –dport 20 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp –dport 21 –syn -m state –state NEW -j ACCEPT
#ssh
$IPTABLES -A INPUT -p tcp –dport 22 –syn -m state –state NEW -j ACCEPT
#whois
$IPTABLES -A INPUT -p tcp –dport 43 –syn -m state –state NEW -j ACCEPT
#domain
$IPTABLES -A INPUT -p tcp –dport 53 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -p udp –dport 53 -m state –state NEW -j ACCEPT
#http
$IPTABLES -A INPUT -p tcp –dport 80 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -p udp –dport 80 -m state –state NEW -j ACCEPT
#https
$IPTABLES -A INPUT -p tcp –dport 443 –syn -m state –state NEW -j ACCEPT
#rsync
$IPTABLES -A INPUT -p tcp –dport 873 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A INPUT -p udp –dport 873 -m state –state NEW -j ACCEPT
#icmp
$IPTABLES -A INPUT -p icmp –icmp-type echo-request -j ACCEPT<\/p>\n

### \uae30\ubcf8 INPUT LOG \uaddc\uce59
$IPTABLES -A INPUT -i ! lo -j LOG –log-prefix “DROP ” –log-ip-options –log-tcp-options<\/p><\/blockquote>\n

 \uc55e\uc11c \uc815\uc758\ud55c \ubc29\ud654\ubcbd \uc815\ucc45 \uc694\uad6c\uc0ac\ud56d\uc5d0 \ub530\ub974\uba74 iptables \ub294 \uc5f0\uacb0\uc744 \uc0c1\ud0dc\uc720\uc9c0\ud615\uc73c\ub85c \ucd94\uc801\ud574\uc57c \ud55c\ub2e4. \uc989, \uc720\ud6a8\ud55c \uc0c1\ud0dc\uc640 \uc77c\uce58\ud558\uc9c0 \uc54a\ub294 \ud328\ud0b7\uc740 \uc870\uae30\uc5d0 \uae30\ub85d\ud558\uace0 \ubc84\ub824\uc57c \ud55c\ub2e4. \uc774\ub294 “### \uc0c1\ud0dc \ucd94\uc801 \uaddc\uce59 \uc8fc\uc11d” \ubc11\uc758 3\uac1c\uc758 iptables \uba85\ub839\uc5b4\uac00 \uc218\ud589\ud55c\ub2e4. OUTPUT\uacfc FORWARD \uccb4\uc778\uc5d0 \ub300\ud574\uc11c\ub3c4 \uc774\uc640 \uc720\uc0ac\ud55c \uc138 \uac1c\uc758 \uba85\ub839\uc5b4\ub97c \ubcfc \uc218 \uc788\ub2e4. \uc774\ub7f0 \uac01 \uaddc\uce59\uc740 INVALID, ESTABLISHED, RELATED \uae30\uc900\uacfc \ud568\uaed8 \uc0c1\ud0dc \ub9e4\uce6d\uc744 \uc774\uc6a9\ud55c\ub2e4.<\/p>\n

 INVALID \uc0c1\ud0dc\ub294 \ud604\uc874\ud558\ub294 \uc5b4\ub5a4 \uc5f0\uacb0\uc5d0\ub3c4 \uc18d\ud588\ub2e4\uace0 \uc2dd\ubcc4\ud560 \uc218 \uc5c6\ub294 \ud328\ud0b7\uc5d0 \uc801\uc6a9\ub41c\ub2e4. \uc608\ub97c \ub4e4\uc5b4 \ub290\ub2f7\uc5c6\uc774 \ub3c4\ucc29\ud55c TCP FIN \ud328\ud0b7(\uc989, \uc5b4\ub5a4 TCP \uc138\uc158\uc758 \uc77c\ubd80\ub3c4 \uc544\ub2cc TCP FIN  \ud328\ud0b7)\uc740 INVALID \uc0c1\ud0dc\uc640 \uc77c\uce58\ub41c\ub2e4. ESTABLISHED \uc0c1\ud0dc\ub294 \ub137\ud544\ud130 \uc5f0\uacb0 \ucd94\uc801 \ud558\uc704\uc2dc\uc2a4\ud15c\uc774 \uc591\ubc29\ud5a5 \ubaa8\ub450\uc5d0\uc11c \ud328\ud0b7(\uc608\ub97c \ub4e4\uc5b4 \ub370\uc774\ud130\uac00 \uad50\ud658\ub418\ub294 TCP \uc5f0\uacb0\uc758 \uc2b9\uc778[acknowledgement] \ud328\ud0b7)\uc744 \ubcf8 \ud6c4\uc5d0\ub9cc \ud328\ud0b7\uc5d0 \ub300\ud574 \ud65c\uc131\ud654\ub41c\ub2e4. RELATED \uc0c1\ud0dc\ub294 \ub137\ud544\ud130 \uc5f0\uacb0\ucd94\uc801 \ud558\uc704\uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc0c8\ub85c\uc6b4 \uc5f0\uacb0\uc744 \uc2dc\uc791\ud558\uace0 \uc788\ub294(\uadf8\ub7ec\ub098 \uc774 \uc5f0\uacb0\uc774 \uc774\ubbf8 \uc874\uc7ac\ud558\ub294 \uc5f0\uacb0\uacfc \uc5f0\uacb0\ub3fc \uc788\ub294) \ud328\ud0b7(\uc608\ub97c \ub4e4\uc5b4 \uc5b4\ub5a4 \uc11c\ubc84\ub3c4 \ubc14\uc778\ub529\ub418\uc9c0 \uc54a\uc740 UDP \uc18c\ucf13\uc5d0 \ud328\ud0b7\uc774 \uc804\uc18c\uc624\ub518 \ud6c4 \ubc18\ud658\ub41c ICMP \ud3ec\ud2b8 \ub3c4\ub2ec \ubd88\uac00 \uba54\uc2dc\uc9c0)\uc744 \uae30\uc220\ud55c\ub2e4. <\/p>\n

 \ub2e4\uc74c\uc73c\ub85c \uc548\ud2f0\uc2a4\ud478\ud551 \uaddc\uce59\uc744 \ucd94\uac00\ud588\uc73c\ubbc0\ub85c \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\uc5d0\uc11c \uc2dc\uc791\ub41c \ud328\ud0b7\uc740 \ubc18\ub4dc\uc2dc 192.168.1.0\/24 \uc11c\ube0c\ub137\uc5d0 \uc18d\ud558\ub294 \ucd9c\ubc1c\uc9c0 \uc8fc\uc18c\ub97c \uac00\uc9c4\ub2e4.<\/p>\n

 \ub610\ud55c “### ACCEPT \uaddc\uce59” \uc5d0\ub294 \uc11c\ube44\uc2a4\ub97c \uc81c\uacf5 \ud558\ub294 \uc77c\ub828\uc758 \ud3ec\ud2b8\ubc88\ud638\uc758 ACCEPT \uaddc\uce59\uc774 \ub098\uc640 \uc788\ub2e4. SSH \uc5f0\uacb0\uc744 \uc218\uc6a9\ud558\ub294 \uaddc\uce59\uc740 iptables\uc758 –syn \uba85\ub839 \ud589 \uc778\uc790\uc640 \ud568\uaed8 NEW \uc0c1\ud0dc\uac00 \uc77c\uce58\ub420 \ub54c(\uc5f0\uacb0\ucd94\uc801 \ud558\uc704 \uc2dc\uc2a4\ud15c\uc774 \uad00\ub828\ub41c \ub370 \ud55c\ud574\uc11c \ud328\ud0b7\uc774 \uc0c8\ub85c\uc6b4 \uc5f0\uacb0\uc744 \uc2dc\uc791\ud558\uace0 \uc788\uc74c\uc744 \uc758\ubbf8\ud55c\ub2e4)\ub9cc \uc774 \uaddc\uce59\uc774 \uc77c\uce58\ub41c\ub2e4.<\/p>\n

 \ub05d\uc5d0\ub294 \uae30\ubcf8 LOG \uaddc\uce59\uc774 \ub098\uc640 \uc788\ub2e4. \uc2a4\ud06c\ub9bd\ud2b8 \ud504\ub9ac\uc570\ube14\uc5d0\uc11c \ubd24\ub4ef\uc774 INPUT \uccb4\uc778 \ub0b4\uc758 \uaddc\uce59\uc5d0 \uc758\ud574 \ud600\uc6a9\ub418\uc9c0 \uc54a\ub294 \ud328\ud0b7\uc740 \uc774 \uccb4\uc778\uc5d0 \ud560\ub2f9\ub41c DROP \uc815\ucc45\uc5d0 \uc758\ud574 \ubc84\ub824\uc9c4\ub2e4\ub294 \uc0ac\uc2e4\uc744 \uc0c1\uae30\ud558\uc790. \uc774\ub294 OUTPUT \uacfc FORWARD \uccb4\uc778\uc5d0 \ud560\ub2f9\ub41c DROP \uc815\ucc45\uc5d0\ub3c4 \uc801\uc6a9\ub41c\ub2e4. \uc704\uc5d0\uc11c \uc54c \uc218 \uc788\ub4ef\uc774 INPUT \uccb4\uc778\uc758 \uc124\uc815\uc740 \ud2b9\uc815 \ud3ec\ud2b8\ub85c\uc758 \uc811\uc18d\ub9cc \uc218\uc6a9\ud558\uace0 \uc6d0\uce58 \uc54a\ub294 \ud328\ud0b7\uc740 \uae30\ub85d\ud558\uace0 \ubc84\ub9ac\uba74 \ub418\uae30 \ub54c\ubb38\uc5d0 \ub9e4\uc6b0 \uc27d\ub2e4.<\/p>\n

 – iptables.sh \uc2a4\ud06c\ub9bd\ud2b8\uc5d0 \ub300\ud574 \ud55c \uac00\uc9c0 \uc8fc\uc758\ud574\uc57c \ud560 \uac83\uc740 \ubaa8\ub4e0 LOG \uaddc\uce59\uc774 –log-ip-options \uc640 –log-tcp-options \ub97c \uba85\ub839\ud589 \uc778\uc790\ub85c \uc0ac\uc6a9\ud55c\ub2e4\ub294 \uc810\uc774\ub2e4. \uc774 \uc778\uc790\ub97c \ud1b5\ud574 iptables syslog \uba54\uc2dc\uc9c0\ub294 LOG \uaddc\uce59\uacfc \uc77c\uce58\ud558\ub294 \ud328\ud0b7\uc774 IP \uc640 TCP \ud5e4\ub354\uc5d0 IP \uc640 TCP \uc635\uc158\uc744 \ud3ec\ud568\ud558\ub294 \uacbd\uc6b0 \uc774\ub97c \ud3ec\ud568\ud558\uac8c \ub41c\ub2e4. \uc774 \uae30\ub2a5\uc740 psad \uac00 \uc218\ud589\ud558\ub294 \uacf5\uaca9 \ud0d0\uc9c0\uc640 \uc218\ub3d9\uc801 OS \ud551\uac70\ud504\ub9b0\ud305\uc758 \ub3d9\uc791 \ubaa8\ub450\uc5d0 \uc911\uc694\ud558\ub2e4.<\/p><\/blockquote>\n

 – OUTPUT \uccb4\uc778
 OUTPUT \uccb4\uc778\uc740 iptables\uac00 \ub85c\uceec \uc2dc\uc2a4\ud15c\uc5d0 \uc758\ud574 \uc0dd\uc131\ub418 \ub124\ud2b8\uc6cc\ud06c \ud328\ud0b7\uc5d0 \ucee4\ub110 \uc218\uc900\uc758 \uc81c\uc5b4\ub97c \ud560 \uc218 \uc788\uac8c \ud574\uc900\ub2e4. \uc608\ub97c \ub4e4\uc5b4 \ub85c\uceec \uc0ac\uc6a9\uc790\uac00 \uc678\ubd80 \uc2dc\uc2a4\ud15c\uc73c\ub85c SSH \uc138\uc158\uc744 \ucd08\uae30\ud654\ud558\uba74 OUTPUT \uccb4\uc778\uc744 \uc774\uc6a9\ud574\uc11c \uc544\uc6c3 \ubc14\uc6b4\ub4dc SYN \ud328\ud0b7\uc744 \ud5c8\uc6a9\ud558\uac70\ub098 \uac70\ubd80\ud560 \uc218 \uc788\ub2e4.<\/p>\n

 iptables.sh \uc5d0\uc11c OUTPUT \uccb4\uc778 \uaddc\uce59 \uc9d1\ud569\uc744 \uad6c\uc131\ud558\ub294 \uba85\ub839\uc5b4\ub294 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n

###### OUTPUT \uccb4\uc778 ######
echo “[+] Setting up OUTPUT chain…”<\/p>\n

### \uc0c1\ud0dc \ucd94\uc801 \uaddc\uce59
$IPTABLES -A OUTPUT -m state –state INVALID -j LOG –log-prefix “DROP INVALID ” –log-ip-options –log-tcp-options –log-tcp-sequence
$IPTABLES -A OUTPUT -m state –state INVALID -j DROP
$IPTABLES -A OUTPUT -m state –state ESTABLISHED,RELATED -j ACCEPT<\/p>\n

### \uc678\ubd80\ub85c \ub098\uac00\ub294 \uc5f0\uacb0\uc744 \ud5c8\uc6a9\ud558\uae30 \uc704\ud55c ACCEPT \uaddc\uce59
#ftp
$IPTABLES -A OUTPUT -p tcp –dport 20 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp –dport 21 –syn -m state –state NEW -j ACCEPT
#ssh
$IPTABLES -A OUTPUT -p tcp –dport 22 –syn -m state –state NEW -j ACCEPT
#whois
$IPTABLES -A OUTPUT -p tcp –dport 43 –syn -m state –state NEW -j ACCEPT
#domain
$IPTABLES -A OUTPUT -p tcp –dport 53 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 53 -m state –state NEW -j ACCEPT
#http
$IPTABLES -A OUTPUT -p tcp –dport 80 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 80 -m state –state NEW -j ACCEPT
#https
$IPTABLES -A OUTPUT -p tcp –dport 443 –syn -m state –state NEW -j ACCEPT
#rsync
$IPTABLES -A OUTPUT -p tcp –dport 873 –syn -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p udp –dport 873 -m state –state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p icmp –icmp-type echo-request -j ACCEPT<\/p>\n

### \uae30\ubcf8 OUTPUT LOG \uaddc\uce59
$IPTABLES -A OUTPUT -o ! lo -j LOG –log-prefix “DROP ” –log-ip-options –log-tcp-options –log-tcp-sequence<\/p><\/blockquote>\n

 – FORWARD \uccb4\uc778
 FORWARD \uccb4\uc778\uc740 \uc2dc\uc2a4\ud15c\uc744 \ud1b5\ud574 \ub77c\uc6b0\ud305\uc744 \uc2dc\ub3c4\ud558\ub294 \ud328\ud0b7\uacfc \uad00\ub828\ub41c iptables \uaddc\uce59\uc744 \ub2f4\ub2f9\ud55c\ub2e4. filter \ud14c\uc774\ube14\uc758 iptables FORWARD \uccb4\uc778\uc740 \ubc29\ud654\ubcbd \uc778\ud130\ud398\uc774\uc2a4\ub97c \ud1b5\ud574 \ud3ec\uc6cc\ub529\ub418\ub294 \ud328\ud0b7\uc5d0 \ub300\ud55c \uc811\uadfc \uc81c\uc5b4 \uae30\ub2a5\uc744 \uc81c\uacf5\ud55c\ub2e4.<\/p>\n

##### FORWARD \uccb4\uc778 #####
echo “[+] Setting up FORWARD chain…”<\/p>\n

### \uc0c1\ud0dc \ucd94\uc801 \uaddc\uce59
$IPTABLES -A FORWARD -m state –state INVALID -j LOG –log-prefix “DROP IINVALID ” –log-ip-options –log-tcp-options
$IPTABLES -A FORWARD -m state –state INVALID -j DROP
$IPTABLES -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT<\/p>\n

### \uc548\ud2f0 \uc2a4\ud478\ud551 \uaddc\uce59
$IPTABLES -A FORWARD -i eth2 -s ! $INT_NET -j LOG –log-prefix “SPOOFED PKT “
$IPTABLES -A FORWARD -i eth2 -s ! $INT_NET -j DROP<\/p>\n

### ACCEPT \uaddc\uce59
# \uae30\ubcf8\uc801\uc73c\ub85c FORWARD \uc5d0 \ud55c\ud574\uc11c\ub294 \ubaa8\ub4e0 \ud3ec\ud2b8\uc5d0 ACCEPT\ub97c \uc801\uc6a9\ud55c\ub2e4.<\/p>\n

### \uae30\ubcf8 LOG \uaddc\uce59
$IPTABLES -A FORWARD -i ! lo -j LOG –log-prefix “DROP ” –log-ip-options –log-tcp-options<\/p><\/blockquote>\n

 – \ub124\ud2b8\uc6cc\ud06c \uc8fc\uc18c \ubcc0\ud658 (NAT, Network Address Translation)
 iptables \uc815\ucc45\uc744 \uad6c\uc131\ud558\ub294 \ub9c8\uc9c0\ub9c9 \ub2e8\uacc4\ub294 \ub77c\uc6b0\ud305 \ubd88\uac00\ub2a5 \ub0b4\ubd80 \uc8fc\uc18c 192.168.1.0\/24 \ub97c \ub77c\uc6b0\ud305 \uac00\ub2a5\ud55c \uc678\ubd80 210.125.X.X \uc8fc\uc18c\ub85c \ubcc0\ud658\ud560 \uc218 \uc788\uac8c \ud558\ub294 \uac83\uc774\ub2e4. \uc774\ub294 \uc678\ubd80 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uc11c \uc2dc\uc791\ub41c \uc6f9\uc11c\ubc84\ub098 DNS\uc11c\ubc84\ub85c\uc758 \uc778\ubc14\uc6b4\ub4dc \uc5f0\uacb0\uacfc \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\uc758 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc2dc\uc791\ub41c \uc544\uc6c3\ubc14\uc6b4\ub4dc \uc5f0\uacb0 \ubaa8\ub450\uc5d0 \uc801\uc6a9\ub41c\ub2e4. \ub0b4\ubd80 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc2dc\uc791\ud55c \uc5f0\uacb0\uc758 \uacbd\uc6b0\uc5d0\ub294 \ucd9c\ubc1c\uc9c0 NAT(SNAT, Source NAT) \ud0c0\uac9f\uc744 \uc0ac\uc6a9\ud558\uba70 \uc678\ubd80 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc2dc\uc791\ud55c \uc5f0\uacb0\uc758 \uacbd\uc6b0\uc5d0\ub294 \ubaa9\uc801\uc9c0 NAT(DNAT, Destination NAT) \ud0c0\uac9f\uc744 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n

 iptables nat \ud14c\uc774\ube14\uc744 \ubaa8\ub4e0 \uc885\ub958\uc758 NAT \uaddc\uce59\uc744 \uc704\ud55c \uac83\uc73c\ub85c PREROUTING \uacfc POSTROUTING \uc774\ub77c\ub294 \ub450 \uccb4\uc778\uc744 \ud3ec\ud568\ud55c\ub2e4. PREROUTING \uccb4\uc778\uc740 \ud328\ud0b7\uc774 \uc5b4\ub290 \uc778\ud130\ud398\uc774\uc2a4\ub97c \ud1b5\ud574 \uc804\uc1a1\ub420\uc9c0 \uacbd\uc815\ud558\uae30 \uc704\ud574 \uc544\uc9c1 \ucee4\ub110\uc758 \ub77c\uc6b0\ud305 \uc54c\uace0\ub9ac\uc998\uc744 \ud1b5\uacfc\ud558\uc9c0 \uc54a\uc740 \ud328\ud0b7\uc5d0 nat \ud14c\uc774\ube14\uc758 \uaddc\uce59\uc744 \uc801\uc6a9\ud558\ub294 \ub370 \uc0ac\uc6a9\ud55c\ub2e4. \uc774 \uccb4\uc778\uc5d0\uc11c \ucc98\ub9ac\ub418\ub294 \ud328\ud0b7\uc740 \uc544\uc9c1 filter \ud14c\uc774\ube14\uc758 INPUT \uc774\ub098 OUTPUT \uccb4\uc778\uacfc\ub3c4 \ube44\uad50\ub418\uc9c0 \uc54a\uc740 \uac83\uc774\ub2e4.<\/p>\n

 POSTROUTING \uccb4\uc778\uc740 \ud328\ud0b7\uc774 \ucee4\ub110\uc758 \ub77c\uc6b0\ud305 \uc54c\uace0\ub9ac\uc998\uc744 \ud1b5\uacfc\ud55c \ud6c4 \uacc4\uc0b0\ub41c \ubb3c\ub9ac\uc801 \uc778\ud130\ud398\uc774\uc2a4\ub97c \ud1b5\ud574 \uc804\uc1a1\ub418\ub824\ub294 \uc2dc\uc810\uc5d0\uc11c \ud328\ud0b7 \ucc98\ub9ac\ub97c \ub2f4\ub2f9\ud55c\ub2e4. \uc774 \uccb4\uc778\uc774 \ucc98\ub9ac\ud558\ub294 \ud328\ud0b7\uc740 filter \ud14c\uc774\ube14\uc758 OUTPUT \uc774\ub098 FORWARD \uccb4\uc778\uc758 \uc694\uad6c\uc0ac\ud56d(mangle \ud14c\uc774\ube14\uacfc \uac19\uc774 \ub4f1\ub85d\ub410\uc744 \uc218 \uc788\ub294 \ub2e4\ub978 \ud14c\uc774\ube14\uc774 \uac15\uc81c\ud558\ub294 \uc694\uad6c\uc0ac\ud56d\ub3c4 \ud3ec\ud568)\uc744 \ud1b5\uacfc\ud55c \uac83\uc774\ub2e4.<\/p>\n

##### NAT \uaddc\uce59 #####
echo “[+] Setting up NAT rules…”
$IPTABLES -t nat -A POSTROUTING -s $INT_NET -o eth3 -j MASQUERADE<\/p><\/blockquote>\n

 POSTROUTING \uaddc\uce59\uc740 \ub0b4\ubd80\uc758 \ub77c\uc6b0\ud305 \ubd88\uac00\ub2a5 \ub124\ud2b8\uc6cc\ud06c\uc5d0\uc11c \uc2dc\uc791\ub418\uba70, \uc678\ubd80 \uc778\ud130\ub137\uc744 \ubaa9\uc801\uc9c0\ub85c \ud558\ub294 \uc5f0\uacb0\uc774 IP \uc8fc\uc18c 210.125.<\/p>\n

 iptables \uc815\ucc45\uc744 \uc791\uc131\ud558\ub294 \ucd5c\uc885 \ub2e8\uacc4\ub294 \ub9ac\ub205\uc2a4 \ucee4\ub110\uc758 IP \ud3ec\uc6cc\ub529\uc744 \ud65c\uc131\ud654\ud558\ub294 \uac83\uc774\ub2e4.<\/p>\n

##### \ud3ec\uc6cc\ub529 #####
echo “[+] Enabling IP forwarding
echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward<\/p><\/blockquote>\n

 – \uc815\ucc45 \ud65c\uc131\ud654
 iptables\uc758 \ucd5c\uace0 \uc7a5\uc810 \uc911 \ud558\ub098\ub294 iptables \uba85\ub839\uc5b4 \uc2e4\ud589\uc744 \ud1b5\ud574 \ucee4\ub110 \ub0b4\ubd80\uc5d0\uc11c \uc815\ucc45\uc744 \ud65c\uc131\ud654\ud558\uae30\uac00 \ub9e4\uc6b0 \uc27d\ub2e4\ub294 \uac83\uc774\ub2e4. \ubb34\uac70\uc6b4 \uc0ac\uc6a9\uc790 \uc778\ud130\ud398\uc774\uc2a4\ub098 \ubc14\uc774\ub108\ub9ac \ud30c\uc77c \ud615\uc2dd \ub610\ub294 \ube44\ub300\ud55c \uad00\ub9ac \ud504\ub85c\ud1a0\ucf5c\uc740 \uc804\ud600 \uc5c6\ub2e4.<\/p>\n

 – iptables-save \uc640 iptables-restore
 iptables.sh \uc2a4\ud06c\ub9bd\ud2b8\uc758 \ubaa8\ub4e0 iptables \uba85\ub839\uc5b4\ub294 \uc0c8\ub85c\uc6b4 \uaddc\uce59\uc744 \uc2dc\uc791\ud558\uac70\ub098 \uccb4\uc778\uc758 \uae30\ubcf8 \uc815\ucc45\uc744 \uc124\uc815\ud558\uac70\ub098 \uc774\uc804 \uaddc\uce59\uc744 \uc81c\uac70\ud558\uae30 \uc704\ud574 \ud55c \ubc88\uc5d0 \ud558\ub098\uc529 \uc2e4\ud589\ub41c\ub2e4. \uac01 \uba85\ub839\uc5b4\ub294 iptables \uc815\ucc45\uc744 \uc0dd\uc131\ud558\uae30 \uc704\ud574 \ub9e4\ubc88 \ubcc4\ub3c4\uc758 iptables \uc0ac\uc6a9\uc790 \ubc14\uc774\ub108\ub9ac \uc2e4\ud589\uc744 \ud544\uc694\ub85c \ud55c\ub2e4. \uadf8\ub7ec\ubbc0\ub85c \uc774\ub294 \uc2dc\uc2a4\ud15c \ubd80\ud305 \uc2dc\uc5d0 \uc815\ucc45\uc744 \ube60\ub974\uac8c \uc801\uc6a9\ud558\ub294 \ucd5c\uc801\uc758 \ubc29\ubc95\uc740 \uc544\ub2c8\ub2e4. \ud2b9\ud788 iptables \uaddc\uce59\uc758 \uc218\uac00 \uc218\ubc31 \uac1c\uc5d0 \uc774\ub974\uba74 \uc774\ub7f0 \uc2dd\uc73c\ub85c \uc815\ucc45\uc744 \uc801\uc6a9\ud558\ub294 \uac83\uc740 \uc88b\uc9c0 \uc54a\ub2e4. iptables \ud504\ub85c\uadf8\ub7a8\uacfc \ub3d9\uc77c\ud55c \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc124\uce58\ub418\ub294 iptables-save \uc640 iptables-restore \uba85\ub839\uc5b4\uc5d0\uc11c \ud6e8\uc52c \ub354 \ube60\ub978 \ubc29\ubc95\uc744 \uc81c\uacf5\ud55c\ub2e4. iptables-save \uba85\ub839\uc5b4\ub294 \uc2e4\ud589 \uc911\uc778 \uc815\ucc45\uc758 \ubaa8\ub4e0 iptables \uaddc\uce59\uc744 \uc0ac\ub78c\uc774 \uc77d\uc744 \uc218 \uc788\ub294 \ud615\ud0dc\ub85c \uc800\uc7a5\ud558\ub294 \ud30c\uc77c\uc744 \uc0dd\uc131\ud55c\ub2e4. \uc774 \ud615\uc2dd\uc740 iptables-restore \ud504\ub85c\uadf8\ub7a8\uc73c\ub85c \ud574\uc11d(interpret)\ud560 \uc218 \uc788\ub2e4. iptables-restore \ud504\ub85c\uadf8\ub7a8\uc740 ipt.save \ud30c\uc77c\uc5d0 \ub098\uc5f4\ub41c \uaddc\uce59\uc744 \uc2e4\ud589 \uc911\uc778 \ucee4\ub110 \ub0b4\ubd80\uc5d0\uc11c \ud65c\uc131\ud654\ud55c\ub2e4. iptable-restore \ud504\ub85c\uadf8\ub7a8\uc744 \ud55c \ubc88\ub9cc \uc2e4\ud589\ud558\uba74 \uc804\uccb4 iptables \uc815\ucc45\uc744 \ucee4\ub110\uc5d0 \uc7ac\uc0dd\uc131\ud560 \uc218 \uc788\uc73c\uba70, iptables \ud504\ub85c\uadf8\ub7a8\uc744 \uc5ec\ub7ec \ubc88 \uc2e4\ud589\ud558\ub294 \uac83\uc740 \ud544\uc694\uce58 \uc54a\ub2e4. \uadf8\ub7ec\ubbc0\ub85c iptables-save \uc640 iptables-restore \uba85\ub839\uc5b4\ub294 iptables \uaddc\uce59\uc9d1\ud569\uc744 \ube60\ub974\uac8c \uc801\uc6a9\ud558\ub294 \ub370 \uc774\uc0c1\uc801\uc774\uba70, \ub2e4\uc74c\uacfc \uac19\uc740 \ub450 \uba85\ub839\uc5b4\ub85c \ub098\ud0c0\ub0bc \uc218 \uc788\ub2e4.<\/p>\n

root@extreme:~# iptables-save > ipt.save
root@extreme:~# cat ipt.save > iptables-restore<\/p><\/blockquote>\n

 ipt.save \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc740 iptables \ud14c\uc774\ube14\uc5d0 \uc758\ud574 \uad6c\uc131\ub418\uba70, \uac01 \ud14c\uc774\ube14\uc744 \uc704\ud55c \ubd80\ubd84\uc740 \ub2e4\uc2dc iptables \uccb4\uc778\uc5d0 \uc758\ud574 \uad6c\uc131\ub41c\ub2e4. \ubcc4\ud45c(*)\uc640 \ud14c\uc774\ube14\uba85(\uc608\ub97c \ub4e4\uc5b4 filter)\uc73c\ub85c \uc2dc\uc791\ud558\ub294 \ud589\uc740 ipt.save \ud30c\uc77c\uc5d0\uc11c \ud2b9\uc815 \ud14c\uc774\ube14\uc744 \uc704\ud55c \ubd80\ubd84\uc758 \uc2dc\uc791\uc744 \ub098\ud0c0\ub0b8\ub2e4. \uc774\ub7f0 \ud589 \ub2e4\uc74c\uc5d0\ub294 \ud574\ub2f9 \ud14c\uc774\ube14\uc5d0 \uc18d\ud55c \uccb4\uc778\uc744 \uc704\ud55c \ud328\ud0b7\uacfc \ubc14\uc774\ud2b8 \uc218\ub97c \ucd94\uc801\ud558\ub294 \ud589\uc774 \ub098\uc628\ub2e4.<\/p>\n

 ipt.save \ud30c\uc77c\uc758 \ub2e4\uc74c \ubd80\ubd84\uc5d0\ub294 \uccb4\uc778\uc5d0 \uc758\ud574 \uad6c\uc131\ub41c \ubaa8\ub4e0 iptables \uaddc\uce59\uc758 \uc644\uc804\ud55c \uae30\uc220\uc774 \ub098\uc628\ub2e4. iptables-restore \ub294 \uc774 \ubd80\ubd84\uc744 \uc774\uc6a9\ud574\uc11c \uc2e4\uc81c iptables \uaddc\uce59\uc9d1\ud569\uc744 \uc7ac\uc0dd\uc131\ud55c\ub2e4(iptables-save \uc5d0 -c \uc635\uc158\uc744 \uc0ac\uc6a9\ud55c \uacbd\uc6b0 \uaddc\uce59\uc5d0 \ub300\ud55c \ud328\ud0b7\uacfc \ubc14\uc774\ud2b8 \uc218 \uae4c\uc9c0 \ud3ec\ud568\ud574\uc11c \uc7ac\uc0dd\uc131\ud55c\ub2e4).<\/p>\n

 \ub05d\uc73c\ub85c COMMIT\uc744 \uc774\uc6a9\ud574\uc11c ipt.save \ud30c\uc77c\uc758 iptables \ud14c\uc774\ube14 \uae30\uc220 \ubd80\ubd84\uc744 \ub05d\ub0b8\ub2e4. \uc774 \ud589\uc740 \ud574\ub2f9 \ud14c\uc774\ube14\uacfc \uad00\ub828\ub41c \ubaa8\ub4e0 \uc815\ubcf4\uc5d0 \ub300\ud55c \uc885\ub8cc \ud45c\uc2dc\uc790\ub2e4.<\/p>\n

 \ub2e4\uc74c\uc740 ipt.save \ud30c\uc77c\uc758 \uc77c\ubd80\ubd84\uc774\ub2e4.<\/p>\n

# Generated by iptables-save v1.4.1.1 on Sat Sep 26 13:17:35 2009
*filter
:INPUT DROP [226586:80181793]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [9881:717618]
:FWSNORT_FORWARD – [0:0]
:FWSNORT_FORWARD_ESTAB – [0:0]
:FWSNORT_INPUT – [0:0]
:FWSNORT_INPUT_ESTAB – [0:0]
:FWSNORT_OUTPUT – [0:0]
:FWSNORT_OUTPUT_ESTAB – [0:0]
-A INPUT -i ! lo -j FWSNORT_INPUT
-A INPUT -p udp -m udp –dport 80 -m string –string “\/etc\/shadow” –algo bm –to 65535 -j LOG –log-prefix “ETC_SHADOW “
-A INPUT -p tcp -m tcp –dport 80 -m state –state ESTABLISHED -m string –string “\/etc\/shadow” –algo bm –to 65535 -j LOG –log-prefix “ETC_SHADOW “
-A INPUT -m state –state INVALID -j LOG –log-prefix “DROP INVALID ” –log-tcp-options –log-ip-options
-A INPUT -m state –state INVALID -j DROP
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 20 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 21 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 22 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 43 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 53 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p udp -m udp –dport 53 -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 80 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p udp -m udp –dport 80 -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 443 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 873 –tcp-flags FIN,SYN,RST,ACK SYN -m state –state NEW -j ACCEPT
-A INPUT -i eth0 -p udp -m udp –dport 873 -m state –state NEW -j ACCEPT
-A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
-A INPUT -i ! lo -j LOG –log-prefix “DROP ” –log-tcp-options –log-ip-options
-A FORWARD -i ! lo -j FWSNORT_FORWARD<\/p><\/blockquote>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

 *iptables  iptables \ubc29\ud654\ubcbd\uc740 \ub137\ud544\ud130 \ud504\ub85c\uc81d\ud2b8(Netfilter Project, http:\/\/www.netfilter.org)\uc5d0\uc11c \uac1c\ubc1c\ub410\uc73c\uba70, 2001\ub144 1\uc6d4\uc758 \ub9ac\ub205\uc2a4 2.4 \ucee4\ub110 \ubc30\ud3ec \uc2dc\uc810\ubd80\ud130 \ub9ac\ub205\uc2a4\uc758 \uc77c\ubd80\ubd84\uc73c\ub85c \uc81c\uacf5\ub410\ub2e4.  iptables\uc640 \ub137\ud544\ud130\ub77c\ub294 \ub2e8\uc5b4 \uac04\uc758 \ucc28\uc774\ub294 \ub9ac\ub205\uc2a4 \ucee4\ubba4\ub2c8\ud2f0\uc5d0\uc11c \ub2e4\uc18c \ud63c\ub780\uc758 \uc6d0\uc778\uc774\uc5c8\ub2e4. \ub9ac\ub205\uc2a4\uac00 \uc81c\uacf5\ud558\ub294 \ubaa8\ub4e0 \uc885\ub958\uc758 \ud328\ud0b7 \ud544\ud130\ub9c1\uacfc \ub9f9\uae00\ub9c1(mangling) \ub3c4\uad6c\uc758 \uacf5\uc2dd\uc801\uc778 \ud504\ub85c\uc81d\ud2b8\uba85\uc774 \ub137\ud544\ud130\ub2e4. \ud558\uc9c0\ub9cc … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[52],"tags":[218],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/744"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=744"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/744\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=744"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}