Yadda ake Restuntata Samun hanyar sadarwa ta amfani da FirewallD


A matsayinka na mai amfani da Linux, zaka iya zabi ko dai don bada dama ko takaita damar hanyar sadarwa zuwa wasu aiyuka ko adiresoshin IP ta amfani da Firewld firewall wanda yake 'yan asalin CentOS/RHEL 8 kuma galibin masu rarraba RHEL kamar Fedora.

Tacewar wuta ta amfani da wutar layin wuta-cmd don yin amfani da dokokin bango.

Kafin mu iya aiwatar da kowane tsari, bari mu fara kunna aikin wuta ta amfani da systemctl mai amfani kamar yadda aka nuna:

$ sudo systemctl enable firewalld

Da zarar an kunna, yanzu zaku iya fara aikin wuta ta aiwatar da:

$ sudo systemctl start firewalld

Kuna iya tabbatar da matsayin wutar wuta ta hanyar aiwatar da umarnin:

$ sudo systemctl status firewalld

Sakamakon da ke ƙasa ya tabbatar da cewa sabis na gobarar wuta yana aiki kuma yana gudana.

Harhadawa Dokoki ta amfani da Firewalld

Yanzu muna da wutar wuta da ke gudana, zamu iya tafiya kai tsaye don yin wasu gyare-gyare. Firewalld yana baka damar ƙarawa da toshe tashoshin jiragen ruwa, jerin sunayen baƙi, da kuma adireshin adireshi, adireshin don samar da dama ga sabar. Da zarar kayi tare da abubuwan daidaitawa, koyaushe ka tabbata cewa ka sake loda katangar don sabbin ƙa'idodi zasu fara aiki.

Don kara tashar jirgin ruwa, sai a ce tashar 443 don HTTPS, yi amfani da rubutun da ke ƙasa. Lura cewa dole ne ka tantance ko tashar tashar TCP ce ko UDP bayan tashar tashar:

$ sudo firewall-cmd --add-port=22/tcp --permanent

Hakanan, don ƙara tashar UDP, saka zaɓi UDP kamar yadda aka nuna:

$ sudo firewall-cmd --add-port=53/udp --permanent

Tutar - dindindin tutar tana tabbatar da cewa ƙa'idodin sun ci gaba koda bayan sake yi.

Don toshe tashar TCP, kamar tashar 22, gudanar da umurnin.

$ sudo firewall-cmd --remove-port=22/tcp --permanent

Hakanan, toshe tashar tashar UDP zai bi wannan hanyar daidaitawa:

$ sudo firewall-cmd --remove-port=53/udp --permanent

An bayyana ayyukan cibiyar sadarwa a cikin fayil/ayyuka/ayyuka. Don ba da izinin sabis kamar https, aiwatar da umarnin:

$ sudo firewall-cmd --add-service=https

Don toshe sabis, misali, FTP, aiwatar da:

$ sudo firewall-cmd --remove-service=https

Don ba da izinin adireshin IP guda ɗaya a duk faɗin Firewall, aiwatar da umurnin:

$ sudo firewall-cmd --permanent --add-source=192.168.2.50

Hakanan zaka iya ba da damar kewayon IPs ko ɗaukacin hanyar sadarwa ta amfani da sanarwar CIDR (Classless Inter-Domain Routing) sanarwa. Misali don ba da izini gabaɗaya ƙaramin subnet a cikin ƙaramin 255.255.255.0, aiwatar da shi.

$ sudo firewall-cmd --permanent --add-source=192.168.2.0/24

Idan kuna son cire IP ɗin da aka sa a cikin takaddama ta bango, yi amfani da tutar --remove-source kamar yadda aka nuna:

$ sudo firewall-cmd --permanent --remove-source=192.168.2.50

Ga dukkan subnet, gudu:

$ sudo firewall-cmd --permanent --remove-source=192.168.2.50/24

Zuwa yanzu, mun ga yadda za ku iya ƙarawa da cire tashar jiragen ruwa da aiyuka gami da bayyanawa da kuma cire IP ɗin da aka sanya karɓa. Don toshe adireshin IP, ana amfani da 'ƙa'idodin dokoki' don wannan dalili.

Misali don toshe IP 192.168.2.50 gudu umurnin:

$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.2.50' reject"

Don toshe dukkan ƙananan hanyoyin, gudanar:

$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.2.0/24' reject"

Idan kunyi canje-canje ga dokokin Tacewar zaɓi, kuna buƙatar gudanar da umarnin da ke ƙasa don canje-canjen da za a yi amfani da su kai tsaye:

$ sudo firewall-cmd --reload

Don samun leke a duk ƙa'idodi a cikin Firewall, aiwatar da umarnin:

$ sudo firewall-cmd --list-all

Wannan ya ƙare wannan jagorar kan yadda za a ba da izinin ko ƙuntata damar cibiyar sadarwa ta amfani da FirewallD akan CentOS/RHEL 8. Muna fatan kun sami wannan jagorar mai amfani.