Dokokin FirewallD masu amfani don Sanyawa da Sarrafa Wuta a cikin Linux


Firewalld yana ba da hanya don saita ƙa'idodin Tacewar zaɓi a cikin Linux wanda za'a iya amfani dashi nan take, ba tare da buƙatar sake kunna wuta ba kuma yana goyan bayan D-BUS da ra'ayoyin yanki wanda ke sa daidaitawa cikin sauƙi.

Firewalld ya maye gurbin tsohuwar hanyar wuta ta Fedora (Fedora 18 a gaba), RHEL/CentOS 7 da sauran sabbin rarrabawa sun dogara da wannan sabon tsarin. Ɗaya daga cikin babban dalili na gabatar da sabon tsarin tacewar wuta shine tsohon Tacewar zaɓi yana buƙatar sake kunnawa bayan yin kowane canji, don haka ya karya duk haɗin kai. Kamar yadda aka fada a sama, cewa sabuwar firewalld tana goyan bayan yankuna masu ƙarfi waɗanda ke da amfani wajen daidaita saiti daban-daban da dokoki don ofis ɗin ku ko hanyar sadarwar gida ta hanyar layin umarni ko ta amfani da hanyar GUI.

Da farko, ra'ayin firewalld yana da matukar wahala a daidaita shi, amma ayyuka da yankuna suna sauƙaƙa ta hanyar haɗa duka biyu kamar yadda aka rufe a wannan labarin.

A cikin labarinmu na farko, inda muka ga yadda ake wasa da Firewalld da yankunansa, yanzu a nan, a cikin wannan labarin, za mu ga wasu ƙa'idodi masu amfani don daidaita tsarin Linux ɗinku na yanzu ta amfani da hanyar layin umarni.

  1. Kanfigareshan na Firewalld a cikin RHEL/CentOS 7

Duk misalan da aka rufe a cikin wannan labarin ana gwada su a zahiri akan rarrabawar CentOS 7, kuma suna aiki akan rarraba RHEL da Fedora.

Kafin aiwatar da dokokin firewalld, tabbatar da fara bincika ko an kunna sabis na Firewalld kuma yana gudana.

# systemctl status firewalld

Hoton da ke sama yana nuna cewa Firewalld yana aiki kuma yana gudana. Yanzu lokaci ya yi da za a bincika duk yankuna masu aiki da ayyuka masu aiki.

# firewall-cmd --get-active-zones
# firewall-cmd --get-services

Idan incase, ba ku saba da layin umarni ba, kuna iya sarrafa wuta daga GUI, don wannan kuna buƙatar shigar da kunshin GUI akan tsarin, idan ba'a shigar da shi ta amfani da umarnin mai zuwa ba.

# yum install firewalld firewall-config

Kamar yadda aka fada a sama, wannan labarin an rubuta shi ne musamman don masoya layin umarni kuma duk misalan, waɗanda za mu rufe su sun dogara ne akan layin umarni kawai, babu hanyar GUI..yi hakuri…..

Kafin ci gaba da ci gaba, da farko tabbatar da tabbatar da wane yanki na jama'a za ku saita tacewar ta Linux kuma jera duk ayyuka masu aiki, tashar jiragen ruwa, ƙa'idodi masu kyau don yankin jama'a ta amfani da bin umarni.

# firewall-cmd --zone=public --list-all

A cikin hoton da ke sama, babu wasu ƙa'idodi masu aiki tukuna, bari mu ga yadda ake ƙarawa, cirewa da gyara dokoki a cikin ragowar ɓangaren wannan labarin….

1. Ƙara da Cire Tashoshi a cikin Firewalld

Don buɗe kowace tashar jiragen ruwa don yankin jama'a, yi amfani da umarni mai zuwa. Misali, umarni mai zuwa zai buɗe tashar jiragen ruwa 80 don yankin jama'a.

# firewall-cmd --permanent --zone=public --add-port=80/tcp

Hakazalika, don cire ƙarin tashar jiragen ruwa, kawai yi amfani da zaɓin '–remove' tare da umarnin wuta kamar yadda aka nuna a ƙasa.

# firewall-cmd --zone=public --remove-port=80/tcp

Bayan ƙara ko cire takamaiman tashar jiragen ruwa, tabbatar da tabbatar ko an ƙara ko cire tashar ta amfani da zaɓin '-list-ports'.

# firewall-cmd --zone=public --list-ports

2. Ƙara da Cire Ayyuka a cikin Firewalld

Ta hanyar tsoho Firewalld yana zuwa tare da takamaiman sabis, idan kuna son ƙara jerin takamaiman ayyuka, kuna buƙatar ƙirƙirar sabon fayil na xml tare da duk ayyukan da aka haɗa a cikin fayil ɗin ko kuma zaku iya ayyana ko cire kowane sabis da hannu ta hanyar bin bin. umarni.

Misali, umarni masu zuwa zasu taimake ka don ƙara ko cire takamaiman ayyuka, kamar yadda muka yi don FTP anan cikin wannan misalin.

# firewall-cmd --zone=public --add-service=ftp
# firewall-cmd --zone=public --remove-service=ftp
# firewall-cmd --zone=public --list-services

3. Toshe fakiti masu shigowa da masu fita (Yanayin tsoro)

Idan kuna son toshe duk wata hanyar haɗi mai shigowa ko mai fita, kuna buƙatar amfani da yanayin 'firgita' don toshe irin waɗannan buƙatun. Misali, doka mai zuwa zata sauke duk wata kafaffen haɗin gwiwa akan tsarin.

# firewall-cmd --panic-on

Bayan kunna yanayin tsoro, gwada yin ping kowane yanki (ce google.com) kuma duba ko yanayin firgita yana ANA ta amfani da zaɓin '–query-panic' kamar yadda aka jera a ƙasa.

# ping google.com -c 1
# firewall-cmd --query-panic

Kuna gani a hoton da ke sama, tambayar firgita ta ce Unknown host google.com. Yanzu gwada musaki yanayin tsoro sannan kuma sake yin ping kuma duba.

# firewall-cmd --query-panic
# firewall-cmd --panic-off
# ping google.com -c 1

Yanzu wannan lokacin, za a sami buƙatun ping daga google.com..