Kuhlelo lokusebenza lwe-CentOS 7 olusebenzayo, i-firewalld isetshenziswa - ithuluzi lokulawula i-firewall. Isixazululo sisekela amaphrothokholi we-IPv4 ne-IPV6 futhi ikuvumela ukuthi uphathe izingxenye zenethiwekhi ngayinye. Ezinye izinsizakalo nezinhlelo zokusebenza zibhekisele kulokhu kusetshenziswa ukumisa i-firewall, futhi, nakho, kuvumelanisa ngokushesha yonke imithetho. Kunezimo lapho ithuluzi elinjalo kufanele likhutshazwe, ngokwesibonelo, ukulungisa i-Intanethi. Izindlela ezimbili ezihlukile zizosiza, ngamunye wawo ofanele ngendlela yawo.
Cisha i-firewall e-CentOS 7
Namuhla ngeke sicabangele ezinye izindlela ezikhona zomlilo ezifakiwe ohlelweni ngaphezu kwalokho. Ungafunda ngezindlela zokunqamula amathuluzi anjalo kumadokhumenti asemthethweni kubo. Ukuphela kwento - ekugcineni kwe-athikili sizonikeza imiyalo eyinhloko ezosiza kubasebenzisi abasebenzisa ngentshiseko ithuluzi elijwayelekile elibizwa nge-Ippt. Kodwa-ke, manje ake siyeke endaweni yomlilo eshiwo ngenhla.
Ngaphambi kokudlulela emiyalweni, ngithanda ukukhombisa ukuthi isimo samanje se-firewalld sinqunywa kanjani ngomyalo ojwayelekile, ngoba uma kungasebenzi, akudingeki ukuthi kucishwe.
- Vula i-Classic Console, ngokwesibonelo, ngemenyu ethi "Izinhlelo zokusebenza".
- Faka umyalo we-Sudo Firewall-CMD -
- Qinisekisa i-akhawunti ye-superuser ngokufaka iphasiwedi.
- Kuzovela umugqa owodwa kuphela, ozokhombisa isimo se-firewall. Inani elithi "Ukugijima" libonisa ukuthi insiza manje isisebenza.
Sikucebisa ukuthi usebenzise iqembu elithathwa njengelingane njalo lapho udinga ukuthola isimo sokusebenza kwe-firewalld.
Indlela 1: ukunqanyulwa kweseshini yamanje
Ukucishwa kwesikhashana kwe-firewall kuzokuvumela ukuthi ufeze zonke izenzo ezidingekayo ngenethiwekhi eseshini yamanje, nangemva kokuqala kabusha umsebenzi uzobuyela emsebenzini osebenzayo. Misa kwenziwa kusetshenziswa umyalo owodwa oshumekiwe. Gijimani i- "terminal" bese ufaka i-Sudo Systemctl Stop Firewalld, bese uqhafaza ku-ENTER.
Ngeshwa, ngemuva kokusebenzisa umyalo, azikho izaziso ezizokhonjiswa esikrinini, esingaqondakalanga ukuthi inqubo yaphela ngempumelelo. Sincoma ngokuqinile ukubhalisa iSudo Firewall-Cmd - State ukuthola isimo se-firewalld okwamanje. Kufanele ubone umphumela "ungasebenzi".
Vele, i-firewall eguqukayo enjalo yenziwa ngokushesha, kepha, njengoba sekushiwo, isikhathi esisodwa esisebenzayo kuphela. Kodwa-ke, abanye abasebenzisi agculisekile ngale ndlela, ngakho-ke kungcono ukuxhumana nencwajana elandelayo.
Indlela 2: Ukuvalwa okungapheli
Ukucisha i-Firewall ekuqhubekeni okuqhubekayo kwenziwa ngokwenza izinguquko kufayela lokucushwa. Uyedwa akudingeki ufake noma ushintshe noma yini, wonke umsebenzi ukufaka imiyalo eminingi. Ukuqala ukuma nesitobe esivikelekile:
- Faka i-Sudo Systemctl Stop Firewalld kwintambo yokufaka ukumisa i-firewall.
- Thayipha iphasiwedi ukuhlinzeka ngamalungelo amakhulu. Izinhlamvu ezifakwe ngasikhathi sinye ngeke ziboniswe.
- Khubaza insizakalo ebhekele ngokuzenzakalelayo i-firewall lapho uqala uhlelo lokusebenza, echaza uhlelo lwe-sudo lukhubaza i-firewalld.
- Khubaza ezinye izinsizakalo ukuze usebenzise i-Firewalld ngokusebenzisa i-Sudo SystemMask Mask - umyalo we-Nov Firewalld. Ngenxa yalokhu, intambo kufanele ivele nesaziso sokwenza ifayela elisha "lenziwe i-symlink kusuka /etc/systemd/system/firewalld.service to / dev / null", okusho ukuthi ukusebenza kuqediwe ngempumelelo.
Njengoba kuthenjisiwe, engeza imiyalo ukunqamula enye i-firewall edumile ohlelweni lwe-Centsos - izikhalazo. Uma usebenzisa i-IPV4 Protocol kungenzekisela le migqa:
I-Sudo Service Amaft Gcina
I-Sudo Service Iptable Stop
Sudo chkconfig eft off
I-IPv6, okuqukethwe kushintsha kancane ku:
I-Sudo Service IP6Tables Gcina
I-Sudo Service IP6Tables Stop
Sudo chkconfig IP6Tables off
Kwesinye isikhathi kunezimo lapho ngisho nangemva kokuba nqamula i-firewall, izinkinga ngokuxhumeka kunethiwekhi zisekhona. Kulokhu, inkathazo ingacasha ohlelweni lokuphepha lweSelinux. Yikhiphe bese ubheka ukuthi ngabe izenzo ezinjalo zizosiza yini. Imiyalo enemininingwane kulesi sihloko izothola enye indatshana kusixhumanisi esilandelayo.
Funda futhi: Selinux Transport in CentOS 7
Manje uyazi ngezindlela ezitholakalayo zokuqothula izinsiza ku-CentroS 7. Uma kungekho ukuzethemba ukuthi le nkinga ikuleli thuluzi, akudingekile ukucisha indlela yokuqala futhi uqinisekise ukusebenza .