Yadda ake Buɗe Port don takamaiman Adireshin IP a Firewalld


Ta yaya zan iya ba da izinin zirga-zirga daga takamaiman adireshin IP a cikin keɓaɓɓiyar hanyar sadarwa ko ba da izinin zirga-zirga daga takamaiman hanyar sadarwa ta hanyar wuta, zuwa takamaiman tashar jiragen ruwa ko sabis a kan Red Hat Enterprise Linux (RHEL) ko uwar garken CentOS?

A cikin wannan gajeren labarin, zaku koyi yadda ake buɗe tashar jiragen ruwa don takamaiman adireshin IP ko kewayon cibiyar sadarwa a cikin RHEL ko kuma uwar garken CentOS da ke gudanar da Firewall firewall.

Hanya mafi dacewa don magance wannan ita ce ta amfani da yankin wuta. Don haka, kuna buƙatar ƙirƙirar sabon yanki wanda zai riƙe sabbin abubuwan daidaitawa (ko kuna iya amfani da kowane yanki mai tsaro wanda yake akwai).

Bude Port don takamaiman Adireshin IP a Firewalld

Da farko ƙirƙirar sunan yanki mai dacewa (a cikin yanayinmu, munyi amfani da mariadb-access don ba da damar isa ga uwar garken bayanan MySQL).

# firewall-cmd --new-zone=mariadb-access --permanent

Na gaba, sake shigar da saitunan wuta don amfani da sabon canjin. Idan kun tsallake wannan matakin, zaku iya samun kuskure lokacin da kuke ƙoƙarin amfani da sabon sunan yankin. A wannan karon, sabon yankin ya kamata ya bayyana a cikin jerin yankuna kamar yadda aka haskaka a cikin hoton da ke tafe.

# firewall-cmd --reload
# firewall-cmd --get-zones

Na gaba, ƙara tushen adireshin IP (10.24.96.5/20) da tashar (3306) da kuke son buɗewa a kan sabar gida kamar yadda aka nuna. Bayan haka saika loda saitunan wuta don amfani da sabbin canje-canje.

# firewall-cmd --zone=mariadb-access --add-source=10.24.96.5/20 --permanent
# firewall-cmd --zone=mariadb-access --add-port=3306/tcp  --permanent
# firewall-cmd --reload

A madadin, zaku iya ba da izinin zirga-zirga daga duk hanyar sadarwar (10.24.96.0/20) zuwa sabis ko tashar jiragen ruwa.

# firewall-cmd --zone=mariadb-access --add-source=10.24.96.0/20 --permanent
# firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent
# firewall-cmd --reload

Don tabbatar da cewa sabon yankin yana da saitunan da ake buƙata kamar yadda aka ƙara a sama, bincika bayanansa tare da umarni mai zuwa.

# firewall-cmd --zone=mariadb-access --list-all 

Cire Tashar da Yanki daga Firewalld

Kuna iya cire asalin adireshin IP ko hanyar sadarwa kamar yadda aka nuna.

# firewall-cmd --zone=mariadb-access --remove-source=10.24.96.5/20 --permanent
# firewall-cmd --reload

Don cire tashar jiragen ruwa daga yankin, ba da umarnin mai zuwa, kuma sake shigar da saitunan wuta:

# firewall-cmd --zone=mariadb-access --remove-port=3306/tcp --permanent
# firewall-cmd --reload

Don cire yankin, gudanar da umarnin mai zuwa, sa'annan ka sake shigar da saitunan wuta:

# firewall-cmd --permanent --delete-zone=mariadb-access
# firewall-cmd --reload

Na ƙarshe amma ba jerin ba, zaku iya amfani da ƙa'idodi masu wadatar wuta. Ga misali:

# firewall-cmd --permanent –zone=mariadb-access --add-rich-rule='rule family="ipv4" source address="10.24.96.5/20" port protocol="tcp" port="3306" accept'

Tunani: Yin Amfani da Harhadawa a cikin akwatin RHEL 8.

Shi ke nan! Muna fatan abubuwan da aka sama sun yi muku aiki. Idan haka ne, bari mu sani ta hanyar hanyar maida martani a kasa. Hakanan zaku iya yin tambayoyi ko raba tsokaci game da wannan batun.