Cishe bonke abasebenzisi bokusatshalaliswa kwe-Centros 7 bangafakwa ohlelweni, ngokusebenza okulungile ofuna ukuvula amachweba ezinombolo ezithile. Lokhu kuyadingeka ukuqinisekisa ukuxhumana okujwayelekile nama-node kanye nokushintshana kolwazi okuphephile. Umsebenzi wenziwa ngokushintsha imithetho ye-firewall. Vele, umsebenzisi ngamunye angasebenzisa izinhlobo eziningi zomlilo, kepha indinganiso izikhalazo. Kusesimweni sakhe sokuthi sinikele ngamachweba avulekile, kulandela imiyalo elandelayo.
Amachweba avulekile e-CentOS 7
Amachweba okuvula - Umsebenzi ulula, ngoba kulokhu kufanele ufake kuphela imiyalo embalwa ku-console. Kodwa-ke, uma ekuqaleni ungenzi ezinye izilungiselelo nge-firewall noma usebenzise ithuluzi leqembu lesithathu, kuzofanela ukwengeza amapharamitha abalulekile. Ngakho-ke, sahlukanisa i-athikili yethu ezigabeni ukuze abasebenzisi be-novice kwaba lula ukubhekana nesinyathelo ngasinye, futhi manje ake siqale ngokufakwa kwama-IPTAbles kuma-CentOS 7.Isinyathelo 1: Ukufakwa kwesibuyekezo
Njengoba kushiwo ngenhla, ama-Eptables e-CentOS 7 asebenza njenge-firewall ezenzakalelayo. Uma ngesandla azikho izinguquko ezenziwe, ungakwazi ukweqa le nto ngokugcina esiteji sokugcina ngokufakwa kwe-Firewall Utility. Uma udinga ukuqinisekisa izibuyekezo noma ukufaka kabusha leli thuluzi, sikucebisa ukuthi usebenzise le ncwadi elandelayo.
- Zonke izenzo ezichazwe namuhla zizokwenziwa ku- "terminal", ngakho-ke yonke into iqala ngokwethulwa kwayo. Sebenzisa ukhiye oshisayo we-CTRL + ALT + T noma isithonjana esingezwe esigabeni se- "Favorites" kumenyu yohlelo lokusebenza.
- Lapha faka i-sudo yum Faka i-Command EpTables, bese uqhafaza ukhiye we-ENTER.
- Ukuqinisekisa lo myalo, uzodinga ukucacisa iphasiwedi ye-superuser. Cabanga ngokuthi ngalolu hlobo lokubhala, izinhlamvu ezifakiwe aziboniswanga.
- Uzokwaziswa ukuthi ukufakwa noma ukuvuselelwa kwenziwa ngempumelelo. Uma inguqulo yakamuva ye iptables yengezwe ohlelweni lokusebenza, inguqulo lokugcina IPTABLES sengezwe, string "enze lutho" kuvela esibukweni.
- Qedela lesi sinyathelo nge-Sudo YUM -Y Faka umyalo we-IpTable-Services. Lokhu kuzokwethula ukufakwa kwezinsizakalo ezidingekayo.
- Ungaya isinyathelo esilandelayo uma umlayezo luvele esibukweni phezu kwalokho ngempumelelo izingxenye.
Isinyathelo 2: Setha kabusha imithetho ejwayelekile ye-firewall
Uma ama-Iptable noma umsebenzisi engalungiswa ngaphambi komphathi wohlelo noma umsebenzisi, izilungiselelo ezijwayelekile kufanele zilahlwe ukuthi esikhathini esizayo kwakungekho zinkinga ngokuhambisana kwemithetho. Ngokwengeziwe, kuzodingeka ukuthi kucaciswe imithetho ejwayelekile, kuqinisekiswe ukunemba kokuqaliswa kwamakhompiyutha angenayo naphumayo. Konke lokhu kwenzeka kanjena:
- Faka i-IPTAbles -L -L -V -V-AM-Command ku-Console ukubuka uhlu lwamapharamitha wamanje.
- Uma zingafani, kuzofanele usetha kabusha futhi uhlele ngesandla.
- Ukususa imithetho ekhona kwenziwa kusetshenziswa umugqa owodwa we-sudo eptables -f.
- Okulandelayo, vumela yonke idatha yeseva efakiwe, ukufaka i-Sudo Iptables -Ukufaka -I-KO -J kwamukela.
- Ngokuxhumeka okuphumayo, cishe umyalo ofanayo uyasebenza: sudo iptables - okuphumayo -u lo-j wamukela.
- Kunconywa ukukhawulela ukuxhumeka okusha futhi kuvume okukhona ukuqinisekisa ukuphepha nokusungula umsebenzi wemithetho ebekiwe ngaphambili. Kwenzeka ngokusebenzisa i-sudo iptables -Ukufaka -M -M Isimo - esisunguliwe, esihlobene - nokwamukela.
Zonke ezinye izilungiselelo zesisetshenziswa esithathwayo zenziwa ngesandla, kufaka phakathi amachweba okuqala. Sizokhuluma ngesihloko sokugcina kulezi zinyathelo ezilandelayo, futhi ukucushwa okunwetshiwe akufakiwe kuhlaka lwezinto zanamuhla. Esikhundleni salokho, sincoma ukuthi uzijwayeze ngezinto zokuqeqesha ezikhethekile ngalesi sihloko, usebenzisa isixhumanisi esingezansi.
Funda kabanzi: Ukubeka ama-Iptables kuma-CentOS 7
Isinyathelo 3: Khubaza i-firewalld
Kulesi sinyathelo, kufanele ubheke abasebenzisi abafake ama-firewalld ngaphambilini noma bengezwe ngokuzenzakalelayo. Lapho usetha amachweba nge-iPPTAbles, leli thuluzi lingaphazamisa ukwenziwa okulungile kwemithetho, ngakho-ke kuzodingeka ukuthi kube yinto yeacisha.
- Okokuqala, yeka insizakalo nge-Sudo Systemctl Stop Firewalld.
- Okulandelayo, yenza ukuvalwa okuphelele ngokusebenzisa i-Sudo Systemctl khubaza umyalo we-firewalld.
- Uzothola imininingwane yokuthi izixhumanisi ezingokomfanekiso zisusiwe, ngakho-ke, i-firewalld ibingakaze ivele kuleli phuzu.
Uma ufuna ukususa ngesandla amafolda agcina izilungiselelo ze-FireWalkd ngokweqa imiyalo engenhla, faka imigqa engezansi ku-terminal in tespusteres bese uyisebenzisa.
rm '/etc/systemd/system/dbus-org.fedoraproject.firewalld1.service'
rm '/etc/systemd/system/basic.target.Bants/Firewalld.service'
Esikhathini esizayo, noma yimuphi umsebenzisi angadinga ukwenza kusebenze futhi ahlelwe okwengeziwe kwe-firewalld, ikakhulukazi lapho kufanele usebenze namaseva ahlukahlukene we-web kanye nezinsizakalo. Siphakamisa ukwenza lokhu kusetshenziswa le ncwadi elandelayo.
Funda kabanzi: Lungiselela i-Firewall e-CentOS 7
Isinyathelo 4: Ukuvula amachweba nge-IPTAbles
Isikhathi sokwenza isenzo esiyisisekelo, esinikelwe esihlokweni sanamuhla. Ngenhla, senze ngokuphelele wonke umsebenzi wokulungiselela amachweba avulekile manje ama-centros 7. Manje akumele kube nezinkinga ngalokhu, ukuze ukwazi ukufaka imiyalo elandelayo.
- Empeleni, engeza i-firewall ku-autoload, ukuze ungayisebenzi njalo ngesandla. Lokhu kuzosiza i-Sudo Systemct inika amandla umyalo we-Ipctable.
- Uzokwaziswa ngokwakha isixhumanisi esingokomfanekiso.
- Yenza kusebenze amalungelo aqhubekayo we-superuser ngokufaka i-su ukuze ku-command ngayinye yalesi sikhathi sesikhathi esibulalayo akudingekile ukuthi athi sudo.
- Qinisekisa lesi senzo ngokubhala iphasiwedi yakho.
- Vula imbobo ngaphezulu kwe-IPTTS -I -I -Ifashini -P TCP --dPort 22 -M Isimo --SState New -J ukwamukela inani elidingekayo.
- Ungavula itheku elilandelayo ngokushesha, ngokwesibonelo, ngenombolo 25 (iseva ye-SMTP). Ukuze wenze lokhu, faka i-IPTGS -I -I -Ifashini -P TCP --dPort 25 -M Isifundazwe - I-New -J yamukela.
- Gcina zonke izinguquko ngokufaka i-Service Iptable Gcina intambo.
- Uzokwaziswa ukuthi ukucushwa kusetshenziswe ngempumelelo.
- Qala kabusha i-firewall ukuze zonke izinguquko zingenele amandla. Lokhu kwenziwa ngohlelo lwe-Systemctl restables
- Ekugcineni, siyanikela ukusebenzisa i-sudo ipt -nvl ukuhlola wonke amachweba avulekile.
Kulesi sihloko, ufunde konke mayelana nokuvula amachweba e-CentOS 7. Njengoba ubona, ngeke kuthathe isikhathi esiningi, futhi zonke izinguquko zizosetshenziswa ngokushesha ngemuva kokuqalisa kabusha izinsizakalo. Sebenzisa imiyalo okuxoxwe ngayo ngenhla ngokushintsha izinombolo zamachweba kuphela ukuze konke kube ngempumelelo.