Yadda za a Fara/Tsayawa da Kunna/Kashe FirewallD da Iptables Firewall a Linux

Firewall software ce da ke aiki a matsayin garkuwa tsakanin tsarin mai amfani da hanyar sadarwar waje da ke ba da damar wasu fakiti su wuce yayin watsar da wasu. Firewall yawanci yana aiki akan Layer cibiyar sadarwa watau akan fakitin IP duka Ipv4 da Ipv6.

Ko fakitin zai wuce ko kuma za a toshe, ya dogara da ƙa'idodin da ke kan irin wannan fakitin a cikin Tacewar zaɓi. Waɗannan dokokin za a iya gina su ko kuma ƙayyadaddun masu amfani. Duk fakitin da ya shiga hanyar sadarwar dole ne ya wuce ta wannan garkuwar da ke tabbatar da ta sabawa ka'idojin da aka ayyana a cikinta na irin wannan fakitin.

Kowace doka tana da aikin da aka yi niyya wanda za a yi amfani da shi idan fakitin ya gaza gamsar da shi. A tsarin Linux, Tacewar zaɓi a matsayin sabis na samar da software da yawa, galibi waɗanda suka haɗa da: Firewalld da iptables.

A cikin Linux akwai nau'ikan wuta daban-daban da ake amfani da su, amma galibin daidaitattun su ne Iptables da Firewalld, waɗanda za a tattauna a wannan labarin.

FirewallD shine Babban Manajan Wuta na Tsarukan Linux. Ana amfani da wannan sabis ɗin don saita haɗin haɗin yanar gizon, don haka yanke shawarar wacce hanyar sadarwa ta waje ko fakiti na ciki don ba da damar keta hanyar sadarwar da wacce za a toshe.

Yana ba da izinin daidaitawa iri biyu, dindindin da lokacin aiki. Saitunan lokacin gudu za su sami batattu waɗanda aka sake kunna sabis yayin da na dindindin za a riƙe su a cikin tsarin taya ta yadda za a bi su duk lokacin da sabis ɗin ya fara aiki.

Daidai da waɗannan saitunan, FirewallD yana da kundayen adireshi guda biyu, tsoho/fallasa ɗaya (/ usr/lib/firewall) wanda aka sabunta tsarin su kuma tsarin tsarin (/ sauransu/Firewall) wanda ya kasance na dindindin kuma ya rushe tsoho idan an ba shi. Ana samun wannan azaman tsohuwar sabis a RHEL/CentOS 7 da Fedora 18.

Iptables wani sabis ne wanda ke yanke shawarar ba da izini, sauke ko dawo da fakitin IP. Sabis na Iptables yana sarrafa fakitin Ipv4 yayin da Ip6tables ke sarrafa fakitin Ipv6. Wannan sabis ɗin yana sarrafa jerin tebur inda kowane tebur yake kiyaye don dalilai daban-daban kamar: 'tace' tebur don ka'idodin wuta ne, ana tuntuɓar teburin 'nat' idan akwai sabon haɗin gwiwa, 'mangle' idan an canza fakiti da sauransu.

Kowane tebur yana da sarƙoƙi waɗanda za'a iya gina su a ciki ko ma'anar mai amfani inda sarkar ke nuna ƙayyadaddun ƙa'idodi waɗanda ke aiki da fakiti, don haka yanke shawarar abin da aikin fakitin ya kamata ya zama watau dole ne a YARDA, RUSHE ko MAYARWA. . Wannan sabis ɗin tsoho ne akan tsarin kamar: RHEL/CentOS 6/5 da Fedora, ArchLinux, Ubuntu da sauransu.

Don ƙarin koyo game da Firewalls, bi hanyoyin haɗin yanar gizon:

1. Fahimtar Basira da Tukwici na Firewalls IPtables
2. Sanya Iptables Firewall a Linux
3. Shigar da FirewallD a cikin Linux
4. Dokokin FirewallD masu amfani don Sarrafa Firewall a Linux
5. Yadda ake Sarrafa hanyoyin sadarwa ta hanyar amfani da FirewallD da Iptables

A cikin wannan labarin za mu bayyana yadda ake farawa, dakatarwa ko sake farawa Iptables da ayyukan FirewallD a cikin Linux.

Yadda ake Fara/Dakata da Kunna/Kware Sabis na FirewallD

Idan kuna amfani da nau'ikan CentOS/RHEL 7 ko Fedora 18+, yakamata ku bi umarnin ƙasa don sarrafa sabis na FirewallD.

# systemctl start firewalld 

# systemctl stop firewalld

# systemctl status firewalld

# firewall-cmd --state

A matsayin madadin, zaku iya musaki sabis ɗin tacewar zaɓi don kada ya yi amfani da ƙa'idodi ga fakiti kuma kunna waɗanda ake buƙata kuma.

# systemctl disable firewalld

# systemctl enable firewalld

# systemctl mask firewalld

Hakanan, zaku iya rufe sabis na Tacewar zaɓi wanda ke ƙirƙirar hanyar haɗin alamar alamar firewall.service zuwa /dev/null, don haka yana kashe sabis ɗin.

# systemctl unmask firewalld

Wannan baya nufin rufe sabis ɗin. Wannan yana cire alamar haɗin sabis ɗin da aka ƙirƙira yayin rufe fuska, don haka sake kunna sabis ɗin.

Yadda za a Fara/Dakata da Kunna/Kwasa sabis na IPtables

A kan RHEL/CentOS 6/5/4 da Fedora 12-18 iptables Tacewar zaɓi ya zo kamar yadda kuma daga baya, ana iya shigar da sabis ɗin iptables ta hanyar:

# yum install iptables-services

Bayan haka, ana iya farawa, dakatarwa ko sake kunna sabis ta hanyar bin umarni:

# systemctl start iptables
OR
# service iptables start

# systemctl stop iptables
OR
# service iptables stop

# systemctl disable iptables
Or
# service iptables save
# service iptables stop

# systemctl enable iptables
Or
# service iptables start

# systemctl status iptables
OR
# service iptables status

A kan Ubuntu da wasu rabe-raben Linux duk da haka, ufw shine umarnin da ake amfani dashi don sarrafa sabis na Tacewar zaɓi na iptables. Ufw yana ba da sauƙi mai sauƙi don mai amfani don sarrafa sabis na Tacewar zaɓi na iptables.

$ sudo ufw enable

$ sudo ufw disable

# sudo ufw status 

Koyaya, idan kuna son lissafin sarƙoƙi a cikin iptables waɗanda ke ƙunshe da duk ƙa'idodin bin umarni na iya taimaka muku cimma iri ɗaya:

# iptables -L -n -v

Kammalawa

Waɗannan dabarun ne waɗanda zasu iya taimaka muku farawa, dakatarwa, kashewa da ba da damar ayyukan sarrafa fakiti a cikin Tsarin tushen Linux. Linux distros daban-daban na iya samun ayyuka daban-daban azaman tsoho, kamar: Ubuntu na iya samun iptables azaman tsoho da sabis ɗin da aka riga aka shigar, yayin da CentOS na iya samun wuta azaman sabis ɗin da aka tsara ta tsoho don sarrafa fakiti masu shigowa da masu fita na IP.

An gabatar da shi a cikin wannan labarin shine mafi yawan dabaru don sarrafa waɗannan ayyuka akan kusan dukkanin Linux Distros, duk da haka, idan kun sami wani abu kuma kuna son ƙarawa akan wannan labarin, ana maraba da maganganun ku koyaushe.