Shafin shafi / Labarai /

Tabbatar da Firewall a cikin Pentos 7

Anonim

Tabbatar da Firewall a cikin Pentos 7

Ana amfani da Firewall a cikin aikin aiki don hana zirga-zirga marasa izini tsakanin cibiyoyin sadarwar kwamfuta. Jagora ko ta atomatik yana haifar da ka'idodi na musamman don wutar muryar, waɗanda ke da alhakin samun damar sarrafawa. A cikin OS, ci gaba a kan Linux kwernel, Centos 7 akwai wani ginanniyar wuta, kuma wutar wuta tana sarrafawa. Tsohuwar gidan wasan kwaikwayo tana da hannu, kuma muna son yin magana game da shi yau.

Tsara wuta a cikin Pentos 7

Kamar yadda aka ambata a sama, an sanya takamaiman Strean Firewall a cikin PentOS 7 an sanya amfani da amfani da wuta. Abin da ya sa za'a duba saitin wuta akan misalin wannan kayan aikin. Kuna iya saita ƙa'idojin tace tare da wannan ipables iri ɗaya, amma ana yin shi dan dan daban. Muna ba da shawarar sanin kanku tare da tsarin da aka ambata na amfani ta danna maɓallin da ke zuwa, kuma zamu fara rakodin wasan wuta.

Idan kun kasance na ɗan lokaci ko na dindindin, muna ba ku shawara ku yi amfani da umarnin da aka gabatar a cikin wannan labarin.

Kara karantawa: Kashe Firewall a cikin Pentos 7

Duba tsoffin dokoki da bangarorin masu araha

Har ma yau da kullun wuta yana da ƙa'idodin ƙa'idodi da wuraren amfani da su. Kafin fara gyaran siyasa, muna ba ku shawara don sanin kanku tare da tsarin yanzu. Ana yin wannan ta amfani da umarni mai sauƙi:

  1. Tsohon yankin zai tantance ikon kashe wutar lantarki - tsegumi-yankin-Zone-.

    2. Dubawa yankin tsoho yankin yankin a cikin Pentos 7

  2. Bayan kunnawa, za ku ga sabon igiyar ciki inda za'a nuna sigogi da ake so. Misali, an dauki yankin "Jama'a" a cikin hotunan allo da ke ƙasa.

    3. Nuna tsoho yankin yankin a cikin Pentos 7

  3. Koyaya, bangarorin da yawa na iya zama aiki nan da nan, banda, ana ɗaure su da keɓaɓɓiyar dubawa. Gano wannan bayanin ta hanyar Firewall-CMD - wuraren aiki.

    4. Duba duk bangarorin pharryvol mai aiki a cikin 100

  4. Firewall-cmd --list-duk umurnin zai nuna dokokin da aka saita don yankin tsoho. Kula da hotunan allo da ke ƙasa. Kun ga cewa an sanya yankin mai aiki "jama'a" "a matsayin sarautar" Tsohuwar "- Tsohuwar aikin, enp0s3 ke dubawa da ayyuka biyu da aka kara.

    5. Duba ka'idojin pharyvol bangarorin biyu ta hanyar tashar jiragen ruwa a cikin Pentro 7

  5. Idan kana da bukatar koyon duk wuraren da kake samonan wasan wuta, shigar da wutar lantarki-cmd --etgetget.

    6. Samun jerin duk wuraren da ke da wuraren wuta ta hanyar tashar jiragen ruwa a cikin Pentro 7

  6. An ba da sigogi na takamaiman yankin ta hanyar Firewall-cmd --zonzonzonzone = sunan - wannan sunan ne na yankin.

    7. Nuna dokokin da aka ƙayyade yankin da aka ƙayyade ta hanyar tashar jiragen ruwa a cikin Centro 7

Bayan tantance sigogi da ake buƙata, zaku iya motsawa zuwa canjin su kuma Bugu da kari. Bari muyi nazari game da yawancin sanannun saiti dalla-dalla.

Kafa yankuna na dubawa

Kamar yadda kuka sani daga bayanan da ke sama, an ayyana yankinku na ainihi ga kowane ke dubawa. Zai kasance a ciki har sai saitunan canza mai amfani ko kuma shirye-shirye. Yana yiwuwa a canza wurin dubawa zuwa yankin a kowane zaman, kuma ana aiwatar da ta ta hanyar kunna sudo wuta-cmd --zonsud = Cibiyar Gida - Fuskar gida = Ethy. Sakamakon "Nasara" ya nuna cewa canja wurin ya yi nasara. Ka tuna cewa ana sake saita saitunan nan da nan bayan sake kunna wuta.

Sanya takamaiman dubawa don yankin Firewall a cikin Pentos 7

Tare da irin wannan canjin a cikin sigogi, ya kamata a ɗauka a tuna cewa aikin za a iya sake saiti. Wasu daga cikinsu ba sa tallafawa aiki a wasu bangon, bari mu ce, "Ko da yake SSH ko da yake amfani da" gida ", amma a cikin mai amfani ko sabis na musamman za su yi aiki. Tabbatar cewa masaniyar da aka samu nasarar ɗaure shi ga sabon reshe, ta hanyar shigar da wuta-cmd - pmd-mai aiki.

Duba yankin Phervala da ke dubawa a cikin Pentos 7

Idan kana son sake saita saitunan da aka yi a baya, kawai gudanar da sake fara kunna wutar: Supemt Sett Sikakken Fireldald.service.

Sake kunna wuta bayan yin canje-canje ga Centos 7

Wani lokaci ba koyaushe ba ne ya dace da canza yankin dubawa a cikin zaman ɗaya kawai. A wannan yanayin, zaku buƙaci shirya fayil ɗin sanyi don an sanya duk saitunan akan dindindin. Don yin wannan, muna ba ku shawara ku yi amfani da editan rubutun Nano, wanda aka sanya daga aikin ajiyar Supon Sum Shigar Nano. Na gaba ya kasance irin waɗannan ayyukan:

  1. Bude fayil ɗin sanyi ta hanyar edita ta hanyar shigar da sudo Nano / etc / sysconfig / rubutun-etcfg-eth0, inda etcfg-eth0, inda Eth0 shine sunan mai da ake buƙata.

    2. Bude Firevol Interface Kanfigareshan fayil a CentOS 7

  2. Tabbatar da amincin asusunku don yin ƙarin ayyuka.

    3. Shigar da kalmar wucewa don buɗe fayil ɗin sanyi na dubawa a cikin Pentos 7

  3. Layout da "yankin" sigogi da canza darajar ta ga abin da ake so, alal misali, jama'a ko gida.

    4. Canza Zunsar ta hanyar fayil ɗin sanyi a cikin Pentos 7

  4. Riƙe mabuɗin Ctrl + O don adana canje-canje.

    5. Rikodin canje-canje a cikin Editan rubutu na rubutu 7

  5. Karka canza sunan fayil ɗin, amma kawai danna Shigar.

    6. Sanya fayil don yin rikodin canje-canje a cikin Edita 7 Rubutun

  6. Fita da Editan rubutun ta hanyar Ctrl + X.

    7. Fita da Editan rubutu bayan canje-canje 7

Yanzu yanki na dubawa zai zama wanda kuka ayyana shi, har sai Emeing na gaba na fayil ɗin sanyi. Don sigogi da aka sabunta, gudu sudo tsarin sake kunna cibiyar sadarwar.service da Supercclle Syime Streetwalld.service.

Saita yankin tsoho

Sama, mun riga ya nuna wata tawagar cewa ba ka damar koyi da default zone. Yana kuma iya a canza ta kafa da siga to your zabi. Don yin wannan, a cikin na'ura wasan bidiyo, shi ne isa yin rajistar sudo Firewall-cmd --set-default-zone = sunan, inda Name ne sunan da ake bukata zone.

Dalilin da default Firewall zone a CentOS 7

Nasarar da umurnin za a evidenced da rubutu "nasara" a raba line. Bayan haka, duk halin yanzu musaya za a haife ga ajali zone, idan wasu ne ba a kayyade ba a cikin sanyi fayiloli.

Nasara manufa ta tsohuwa zone a CentOS 7

Samar da dokoki domin shirye-shirye da kuma utilities

A farkon sosai na labarin, za mu yi magana game da mataki na kowane sashi. Ma'ana sabis, utilities da kuma shirye-shirye a wannan rassan zai ba da damar a yi amfani mutum sigogi ga kowane daga cikinsu domin kowane mai amfani buƙatun. Don fara da, mu shawara da ka familiarize kanka tare da cikakken jerin ayyuka samuwa a wannan lokacin: Firewall-cmd --GET-Services.

Al'amarin domin fitowa samuwa a cikin CentOS 7 sabis tsarin

A sakamakon za a nuna kai tsaye a cikin na'ura wasan bidiyo. Kowane uwar garke da aka raba ta a sarari, da kuma zaka iya samun kayan aiki da kake sha'awar. Idan bukata sabis da ya bace, ya kamata a bugu da žari shigar. A shigarwa dokoki, karanta a cikin aikin hukuma software takardun.

List of samuwa ayyuka a CentOS 7

A bisa umurnin nuna kawai sunayen da sabis. Cikakken bayani ga kowane daga cikinsu da aka samu ta hanyar da mutum fayil a kan hanya / usr / lib / FireWalld / Services. Irin takardun da wani XML format, da hanya, misali, zuwa SSH kama da wannan: /usr/lib/firewalld/services/ssh.xml, da kuma daftarin aiki yana da wadannan abubuwan:

SSH.

Kafaffen SHELL (SSH) NE A layinhantsaki DON shiga cikin AND aiwatar da umarni ON m inji. Yana bayar da Secure rufaffen Communications. Idan ka shirya kan Samun dama ga Machine Remotenet Via SSH Over A Firewalled Interface, Enable Wannan Option. Kana bukatar OpenSSh-Server Kunshin Installed for Wannan Option zuwa zama da amfani.

Service goyon bayan da aka kunna a cikin wani takamaiman zone da hannu. A cikin Terminal, ya kamata ka saita Sudo Firewall-cmd --Zone = Jama'a --DD-sabis = HTTP umurninSa, inda --Zone = Jama'a ne kunnawa zone, kuma --DD-sabis = HTTP - Sunan sabis. Note cewa irin wannan canji zai yi aiki a cikin daya zaman.

Ƙara wani sabis don wani takamaiman Steavol Zone CentOS 7

Dindindin Bugu da kari yana da za'ayi via sudo Firewall-cmd --Zone = Jama'a --permanent --DD-sabis = HTTP, da kuma sakamakon "Success" na nuna nasara kammala aiki.

Dindindin Ƙara mai Service ga Firevola CENTOS 7

Za ka iya duba da cikakken jerin m sharudda takamaiman zone da nuna wani jerin a raba line na bidiyo: Sudo Firewall-cmd --Zone = Jama'a --permanent --List-Services.

View jerin m Firewall sabis CentOS 7

Yanke shawara matsala da rashin samun damar zuwa sabis

Standard Firewall Dokokin aka nuna ta fi rare da kafaffen sabis kamar yadda halatta, amma wasu misali, ko ɓangare-na uku shi tubalan. A wannan yanayin, da mai amfani da hannu yana bukatar canja saituna don magance matsalar da damar. Za ka iya yin wannan a biyu daban-daban hanyoyin.

Portes tashar jiragen ruwa

Kamar yadda ka sani, duk sabis na cibiyar sadarwa amfani da wani takamaiman tashar jiragen ruwa. Ana iya gano ta a Firewall, kuma tubalan za a iya yi. Don kauce wa irin wannan ayyuka daga Firewall, kana bukatar ka bude so tashar jiragen ruwa na Sudo Firewall-cmd --Zone = Jama'a - PORTD-tashar jiragen ruwa = 0000 / TCP, inda --Zone = Jama'a ne a tashar jiragen ruwa yanki, --DD- tashar jiragen ruwa = 0000 / TCP - tashar jiragen ruwa lambar da yarjejeniya. A Firewall-cmd --List-Mashigai zaɓi za su nuna wani jerin bude tashoshin jiragen ruwa.

Bude da tashar jiragen ruwa a wasu Firewall zone CentOS 7

Idan kana bukatar ka bude tashoshin jiragen ruwa a hada a cikin kewayon, amfani da Sudo Firewall-cmd kirtani --zone = Jama'a --DD-tashar jiragen ruwa = 0000-9999 / UDP, inda --add-tashar jiragen ruwa = 0000-9999 / UDP - tashar jiragen ruwa da kewayon kuma su yarjejeniya.

Bude tashar jiragen ruwa iyaka a wani takamaiman Firevola Zone CentOS 7

A bisa dokokin kawai ba ka damar gwada yin amfani da irin wannan sigogi. Idan ya wuce nasarar, ya kamata ka ƙara guda tashoshin jiragen ruwa zuwa m saituna, kuma wannan ne yake aikata ta shigar sudo Firewall-cmd --Zone = Jama'a --permanent --ADD-tashar jiragen ruwa = 0000 / TCP ko Sudo Firewall-cmd - Zone = Jama'a --permanent --Add-tashar jiragen ruwa = 0000-9999 / UDP. Jerin bude m tashoshin jiragen ruwa da aka kyan gani kamar haka: sudo Firewall-cmd --Zone = Jama'a --permanent --List-mashigai.

Definition na sabis

Kamar yadda ka gani, ƙara da tashoshin jiragen ruwa ba ya haifar da wani matsaloli, amma hanya da wahala a lokacin da aikace-aikace da amfani da manyan adadin. Don waƙa da duk used tashoshin jiragen ruwa ya zama da wahala, a cikin ra'ayi na wanda sabis kafiya zai zama mafi daidai wani zaɓi:

  1. Kwafi da sanyi fayil da rubutu sudo Cp /usr/lib/firewalld/services/service.xml /etc/firewalld/services/example.xml, inda service.xml ne sunan da sabis fayil, da kuma example.xml ne sunan ta kofe.

    2. Kwafi fayil fayil Service fayil A Centos 7

  2. Bude wani kwafin zuwa canji via wani rubutu edita, misali, sudo nano /etc/firewalld/services/example.xml.

    3. An fara wani kofe CENTOS 7 sabis fayil

  3. Alal misali, mun halitta kwafin da HTTP sabis. A cikin daftarin aiki, ku m gani daban-daban metadata, misali, a takaice sunan da description. Ana rinjayar da uwar garke zuwa aiki kawai da canji na tashar jiragen ruwa lambar da yarjejeniya. Sama da kirtani "" Ya kamata a kara bude tashar jiragen ruwa. TCP - Used layinhantsaki, A 0000 - tashar jiragen ruwa lambar.

    4. Gyara da sabis fayil zuwa bude tashoshin jiragen ruwa a CentOS 7

  4. Ajiye duk canje-canje (Ctrl + O), kusa da fayil (Ctrl + x), sa'an nan zata sake farawa da Firewall su yi amfani da sigogi ta cikin sudo Firewall-cmd --reload. Bayan haka, sabis zai bayyana a lissafin samammun, wanda za a iya kyan gani, via Firewall-cmd --GET-Services.

    5. Sake farawa, a Firevol Service a Centos 7

Ku ne kawai da za a zabi mafi dace bayani da sabis matsala da damar yin amfani da sabis da kuma aiwatar da umarnin bayar. Kamar yadda ka gani, duk ayyuka ake yi quite sauƙi, kuma a can ya zama babu matsaloli.

Samar da al'ada zones

Za ka riga san cewa a farko wani babban yawan bambancin bangarori da tsare dokoki da aka halitta a Firewalld. Duk da haka, yanayi faru a lokacin da tsarin gudanarwa bukatun don ƙirƙirar wani mai amfani zone, kamar "PublicWeb" domin shigar da sabar yanar gizo ko "PrivatedNS" - domin DNS uwar garke. A wadannan misalai biyu, za mu bincika da Bugu da kari daga cikin rassan:

  1. Ƙirƙiri biyu sabon m zones ta hanyar Sudo Firewall-cmd --permanent --New-Zone = PublicWeb da Sudo Firewall-cmd --Permanent --New-Zone = PrivatedNS.

    2. Ƙara sabon mai amfani zonevola zones CentOS 7

  2. Za su zama samuwa bayan rebooting da Sudo Firewall-cmd --reLoad kayan aiki. Don nuna m zones, shigar da Sudo Firewall-cmd --permanent --get-Zones.

    3. Duba araha Firewall a CentOS 7

  3. Sanya musu da zama dole ayyuka, kamar "SSH", "HTTP" da "HTTPS". Wadannan ana yi da Sudo Firewall-cmd --Zone = PublicWeb --ADD-Service = SSH, sudo Firewall-cmd --zone = PublicWeb --Do-Service = PublicWeb --Do Firewall-cmd - PublicWeb - PublicWeb - Add- Service = HTTPS, inda --Zone = PublicWeb ne sunan zone don ƙara. Za ka iya duba aiki na ayyuka ta a lokacin Firewall-cmd --Zone = PublicWeb --List-duka.

    4. Ƙara sabis don CENTOS 7 amfani zone

Daga wannan labarin, za ka koyi yadda za su haifar da al'ada zones da kuma ƙara da sabis don su. Mun riga ya gaya musu azaman tsoho da assigning musaya sama, za ka iya kawai saka da daidai sunayen. Kada ka manta su zata sake farawa da Firewall bayan yin wani m canji.

Kamar yadda ka gani, FireWalld Firewall ne fairly volumetric kayan aiki da ba ka damar sa mafi m sanyi na Tacewar zaɓi. Ya zauna kawai don tabbatar da cewa mai amfani gabatar da tare da tsarin da kuma kayyade dokokin nan da nan za a fara aikinsu. Make shi tare da Sudo SystemCTL Enable Firewalld umurninSa.

Kara karantawa

Yadda ake ƙirƙirar Taɗi a cikin abokan aji
Duk sadarwa tsakanin masu amfani a cikin abokan karatun suna faruwa ne a cikin dakuna taɗi. Idan kuna da sha'awar fara sabon tattaunawa tare da abokai...
Shin SSD yana buƙatar wasanni
SSD ta kasance akwai, da yawa masu amfani zasu iya samun waɗannan nau'ikan rura tare da ƙarfin ƙwaƙwalwar ajiya daga 220 gb da ƙari. Na dogon lokaci...
Yadda ake samun lambobi daga Sberbank Vkontakte
Manyan kamfanoni, waɗanda suka haɗa da Sibabk, sau da yawa suna cin gaba na musamman da gasa a cikin VKONKEKE, lambobi masu kyauta da sauran kyaututtuka....
Yadda za a raba sauti a kan kwamfuta da TV
Kungiyar nishaɗi ta amfani da komputa na amfani da kwamfuta musamman shine kallon fina-finai da serials, sauraron kiɗa da wasanni. PC ɗin yana da ƙarfi...
Yadda ake kashe katin da aka gina a cikin Bios
Duk wani motherboard na zamani yana sanye da katin sauti mai haɗi. Ingancin rikodi da sauti sauti tare da wannan na'urar ba ta da cikakke. Saboda haka,...
Yadda za a samu stimple icons
Inteni icons iya zama ban sha'awa da dama lokuta. Kana iya tattara wadannan badges da kuma alfahari da su zuwa abokai. Har ila yau, gumaka ba ka damar...
Cuku na burgers, menene mafi kyau
Biranen tumaki: mafi kyawun sunaye da halayensu, mafi girma iri
Nau'in masana'anta - menene yadudduka, rarrabuwar kawunansu, suna, abun da ke ciki
Dozzying hotunan da ba za ku manta ba
10 Matsalar Sabon Renaulling, wanda masu sayayya ba su zato ba
E420 sorbitol, sorbitone syrup - mataki a kan kiwon lafiya, amfanarwa da cutarwa, description
Kabarra: Mala'ika wari, aljani
Bayani mai ban sha'awa game da jima'in ilimin Tantric, dokokinsa
Za'a iya ƙaddara Cocaine lamba ta yatsa
All game Dühs - Cherry da Cherry hybrids
Ƙafar baya ta kare tana ba da hanya kuma tana warwatse: abin da za a yi | dalili, dalili
Dalilai 23 Don Kula Game da Ranar Haihuwar Jennifer Lawrence
Mafi kyawun Salon Titin Yayi Kama Daga Kwanaki 5 da 6 na Makon Kaya na Paris
Hotunan Jennifer Aniston | salon Jennifer Aniston | Hotunan Jennifer Aniston
Yarjejeniyar Verdun
Yankakken naman alade-Salon Vietnamese tare da Salatin Ganye sabo
Lobby Hobby Yana Hannu Sama da Kayan Kaya 5,500 da Aka shigo da su Ba bisa ka'ida ba
Menene Tashar USB akan Nest Hello Amfani dashi?
Dankali da kyafaffen cuku mai hankali girke-girke | Kayan abinci kaɗan don babban gefen tasa
Mafi kyawun Kamfanonin Hayar Kayan Kayan Aiki na 2022
Menene blue hour?
Kim Kardashian ta taba jin tsoro cewa ba za ta sake yin jima'i ba.
Soho Loft Tare da Hasken Sama na zuma-Comb A ƙarshe Ana Siyar da Dala Miliyan 2.15 Bayan Watanni 6 akan Kasuwa
Dan sama jannati NASA yayi Magana Kan Komawa Gida Daga Rayuwa A Sararin Samaniya
Yadda za a dafa shinkafa mai dadi da dadi / A cikin wani saucepan, jinkirin mai dafa abinci, microwave - labarin daga sashin "Yadda ake dafa" akan shafin
Rigakafi Yana Bada Babban Labari Mai Tsoro Akan Ta'addancin Uwa Mai Zuwa
Yadda za a fentin kusoshi a cikin hunturu: launuka da fasaha don nunawa
Yadda Neurocomic ke shiga cikin Kan ku
Shahararrun Mata Da ADHD Waɗanda Suka Koyi Haska
Samuel L. Jackson ya kare amfani da Quentin Tarantino na 'N-word'
Masu amfani da Firefox su yi hattara: CCleaner yana goge saitunan tsawo na Firefox ta tsohuwa
Rihanna Aika Saƙo Game da Kyau Tare da Hotunan Yanar Gizon Yana Nuna Tabon Model
Bayan Beatles: Haɗin da ba a tsammani na George Harrison zuwa SFF
7 Fasalolin Motar Wutar Lantarki na Ford F-150
Kasance cikin Tuntuɓar Wayar Hannu Tare da WhatsApp - Aika Kuma Karɓan Saƙonni Kyauta
'Mu'ujiza': Yadda Sarauniya Ta Haɗa Tare Don ƙirƙirar Classic

© 2024 Gyara kwamfuta
Kwamfutoci da wayoyin komai - Yadda ake aiki da gyara, shawarwari masu amfani

nl en af am ar az be bg bn bs ca ceb cs cy da de el eo es et eu fa fi fr fy ga gl gu ha he hi hmn hr ht hu hy id ig is it ja jv ka kk km kn ko ku ky lb lo lt lv mg mk ml mn mr ms mt my ne no ny or pa pl ps pt ro rw sd si sk sl sm sn so sq sr st su sv sw ta te tg th tk tl tr tt ug uk ur uz vi xh yi yo zh-CN zh-TW zu