Tr\u01b0\u1edbc khi th\u1ef1c s\u1ef1 d\u00f9ng \u0111\u1ebfn FirewallD \u0111\u1ec3 qu\u1ea3n l\u00fd t\u01b0\u1eddng l\u1eeda, h\u00e3y c\u00f9ng l\u00e0m quen v\u1edbi c\u00e1c kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n: Zone v\u00e0 th\u1eddi gian hi\u1ec7u l\u1ef1c c\u1ee7a quy t\u1eafc.<\/p>\n
Trong FirewallD, zone l\u00e0 m\u1ed9t nh\u00f3m c\u00e1c quy t\u1eafc nh\u1eb1m ch\u1ec9 ra nh\u1eefng lu\u1ed3ng d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c cho ph\u00e9p, d\u1ef1a tr\u00ean m\u1ee9c \u0111\u1ed9 tin t\u01b0\u1edfng c\u1ee7a \u0111i\u1ec3m xu\u1ea5t ph\u00e1t lu\u1ed3ng d\u1eef li\u1ec7u \u0111\u00f3 trong h\u1ec7 th\u1ed1ng m\u1ea1ng. \u0110\u1ec3 s\u1eed d\u1ee5ng, b\u1ea1n c\u00f3 th\u1ec3 l\u1ef1a ch\u1ecdn zone m\u1eb7c \u0111inh, thi\u1ebft l\u1eadp c\u00e1c quy t\u1eafc trong zone hay ch\u1ec9 \u0111\u1ecbnh giao di\u1ec7n m\u1ea1ng(Network Interface) \u0111\u1ec3 quy \u0111\u1ecbnh h\u00e0nh vi \u0111\u01b0\u1ee3c cho ph\u00e9p<\/p>\n
C\u00e1c zone \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh tr\u01b0\u1edbc theo m\u1ee9c \u0111\u1ed9 tin c\u1eady, theo th\u1ee9 t\u1ef1 t\u1eeb \u201c\u00edt-tin-c\u1eady-nh\u1ea5t\u201d \u0111\u1ebfn \u201c\u0111\u00e1ng-tin-c\u1eady-nh\u1ea5t\u201d:<\/p>\n
Trong FirewallD, c\u00e1c quy t\u1eafc \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh th\u1eddi gian hi\u1ec7u l\u1ef1c Runtime ho\u1eb7c Permanent.<\/p>\n
V\u00ed d\u1ee5, th\u00eam quy t\u1eafc cho c\u1ea3 thi\u1ebft l\u1eadp Runtime v\u00e0 Permanent:<\/p>\n
# firewall-cmd --zone=public --add-service=http\r\n#\u00a0firewall-cmd --zone=public --add-service=http --permanent\r\n# firewall-cmd --reload<\/pre>\nVi\u1ec7c Restart\/Reload s\u1ebd h\u1ee7y b\u1ed9 c\u00e1c thi\u1ebft l\u1eadp Runtime \u0111\u1ed3ng th\u1eddi \u00e1p d\u1ee5ng thi\u1ebft l\u1eadp Permanent m\u00e0 kh\u00f4ng h\u1ec1 ph\u00e1 v\u1ee1 c\u00e1c k\u1ebft n\u1ed1i v\u00e0 session hi\u1ec7n t\u1ea1i. \u0110i\u1ec1u n\u00e0y gi\u00fap ki\u1ec3m tra ho\u1ea1t \u0111\u1ed9ng c\u1ee7a c\u00e1c quy t\u1eafc tr\u00ean t\u01b0\u1eddng l\u1eeda v\u00e0 d\u1ec5 d\u00e0ng kh\u1edfi \u0111\u1ed9ng l\u1ea1i n\u1ebfu c\u00f3 v\u1ea5n \u0111\u1ec1 x\u1ea3y ra.<\/p>\n
L\u01b0u \u00fd<\/em><\/strong>: C\u00e1c v\u00ed d\u1ee5 thi\u1ebft l\u1eadp trong b\u00e0i s\u1eed d\u1ee5ng c\u1ea3 Runtime v\u00e0 Permanent.<\/p>\n
2. C\u00e0i \u0111\u1eb7t FirewallD<\/h2>\n
\u2013 FirewallD \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh tr\u00ean CentOS 7. C\u00e0i \u0111\u1eb7t n\u1ebfu ch\u01b0a c\u00f3:<\/p>\n
# yum install firewalld<\/pre>\n\u2013 Kh\u1edfi \u0111\u1ed9ng FirewallD:<\/p>\n
# systemctl start firewalld<\/pre>\n\u2013 Ki\u1ec3m tra t\u00ecnh tr\u1ea1ng ho\u1ea1t \u0111\u1ed9ng<\/p>\n
# systemctl status firewalld\r\n\u25cf firewalld.service - firewalld - dynamic firewall daemon\r\n Loaded: loaded (\/usr\/lib\/systemd\/system\/firewalld.service; disabled; vendor preset: enabled)\r\n Active: active (running) since Wed 2017-12-13 16:43:20 +07; 30s ago\r\n Docs: man:firewalld(1)\r\n Main PID: 12696 (firewalld)\r\n CGroup: \/system.slice\/firewalld.service\r\n \u2514\u250012696 \/usr\/bin\/python -Es \/usr\/sbin\/firewalld --nofork --nopid<\/pre>\n# systemctl is-active firewalld\r\nactive<\/pre>\n# firewall-cmd --state\r\nrunning<\/pre>\n\u2013 Thi\u1ebft l\u1eadp FirewallD kh\u1edfi \u0111\u1ed9ng c\u00f9ng h\u1ec7 th\u1ed1ng<\/p>\n
# systemctl enable firewalld<\/pre>\nKi\u1ec3m tra l\u1ea1i :<\/p>\n
# systemctl is-enabled firewalld\r\nenabled<\/pre>\nBan \u0111\u1ea7u, b\u1ea1n kh\u00f4ng n\u00ean cho ph\u00e9p FirewallD kh\u1edfi \u0111\u1ed9ng c\u00f9ng h\u1ec7 th\u1ed1ng c\u0169ng nh\u01b0 thi\u1ebft l\u1eadp Permanent, tr\u00e1nh b\u1ecb kh\u00f3a kh\u1ecfi h\u1ec7 th\u1ed1ng n\u1ebfu thi\u1ebft l\u1eadp sai. Ch\u1ec9 thi\u1ebft l\u1eadp nh\u01b0 v\u1eady khi b\u1ea1n \u0111\u00e3 ho\u00e0n th\u00e0nh c\u00e1c quy t\u1eafc t\u01b0\u1eddng l\u1eeda c\u0169ng nh\u01b0 test c\u1ea9n th\u1eadn.
\n\u2013 Kh\u1edfi \u0111\u1ed9ng l\u1ea1i<\/p>\n# systemctl restart firewalld\r\n# firewall-cmd --reload<\/pre>\n\u2013 D\u1eebng v\u00e0 v\u00f4 hi\u1ec7u h\u00f3a FirewallD<\/p>\n
# systemctl stop firewalld\r\n# systemctl disable firewalld<\/pre>\n3. C\u1ea5u h\u00ecnh FirewallD<\/h2>\n
3.1. Thi\u1ebft l\u1eadp c\u00e1c Zone<\/h3>\n
\u2013 Li\u1ec7t k\u00ea t\u1ea5t c\u1ea3 c\u00e1c zone trong h\u1ec7 th\u1ed1ng<\/p>\n
# firewall-cmd --get-zones\r\nblock dmz drop external home internal public trusted work<\/pre>\n\u2013 Ki\u1ec3m tra zone m\u1eb7c \u0111\u1ecbnh<\/p>\n
# firewall-cmd --get-default-zone\r\npublic<\/pre>\n\u2013 Ki\u1ec3m tra zone active (\u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng b\u1edfi giao di\u1ec7n m\u1ea1ng)
\nV\u00ec FirewallD ch\u01b0a \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp b\u1ea5t k\u1ef3 quy t\u1eafc n\u00e0o n\u00ean zone m\u1eb7c \u0111\u1ecbnh c\u0169ng \u0111\u1ed3ng th\u1eddi l\u00e0 zone duy nh\u1ea5t \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t, \u0111i\u1ec1u khi\u1ec3n m\u1ecdi lu\u1ed3ng d\u1eef li\u1ec7u.<\/p>\n# firewall-cmd --get-active-zones\r\npublic\r\ninterfaces: eth0<\/pre>\n\u2013 Tino s\u1ebd h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng duy nh\u1ea5t public<\/strong>\u00a0zone \u2013 cho ph\u00e9p nh\u1eefng services\/port \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp v\u00e0 t\u1eeb ch\u1ed1i m\u1ecdi th\u1ee9 kh\u00e1c<\/div>\n\u2013 Thay \u0111\u1ed5i zone m\u1eb7c \u0111\u1ecbnh, v\u00ed d\u1ee5 th\u00e0nh home:<\/p>\n
# firewall-cmd --set-default-zone=home\r\nsuccess<\/pre>\n3.2. Thi\u1ebft l\u1eadp c\u00e1c quy t\u1eafc<\/h3>\n
Tr\u01b0\u1edbc khi thi\u1ebft l\u1eadp c\u00e1c quy t\u1eafc m\u1edbi, h\u00e3y c\u00f9ng Tino ki\u1ec3m tra c\u00e1c quy t\u1eafc hi\u1ec7n t\u1ea1i:
\n\u2013 Li\u1ec7t k\u00ea to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc c\u1ee7a c\u00e1c zones:<\/p>\n# firewall-cmd --list-all-zones<\/pre>\n\u2013 Li\u1ec7t k\u00ea to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc trong zone m\u1eb7c \u0111\u1ecbnh v\u00e0 zone active<\/p>\n
# firewall-cmd --list-all\r\npublic (active)\r\n target: default\r\n icmp-block-inversion: no\r\n interfaces: eth0\r\n sources:\r\n services: ssh dhcpv6-client\r\n ports:\r\n protocols:\r\n masquerade: no\r\n forward-ports:\r\n source-ports:\r\n icmp-blocks:\r\n rich rules:\r\n<\/pre>\nK\u1ebft qu\u1ea3 cho th\u1ea5y public l\u00e0 zone m\u1eb7c \u0111\u1ecbnh \u0111ang \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t, li\u00ean k\u1ebft v\u1edbi card m\u1ea1ng eth0 v\u00e0 cho ph\u00e9p DHCP c\u00f9ng SSH.
\n\u2013 Li\u1ec7t k\u00ea to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc trong m\u1ed9t zone c\u1ee5 th\u1ec3, v\u00ed d\u1ee5 home<\/p>\n# firewall-cmd --zone=home --list-all\r\nhome\r\n target: default\r\n icmp-block-inversion: no\r\n interfaces:\r\n sources:\r\n services: ssh mdns samba-client dhcpv6-client\r\n ports:\r\n protocols:\r\n masquerade: no\r\n forward-ports:\r\n source-ports:\r\n icmp-blocks:\r\n rich rules:\r\n<\/pre>\n\u2013 Li\u1ec7t k\u00ea danh s\u00e1ch services\/port \u0111\u01b0\u1ee3c cho ph\u00e9p trong zone c\u1ee5 th\u1ec3:<\/p>\n
# firewall-cmd --zone=public --list-services\r\n# firewall-cmd --zone=public --list-ports<\/pre>\na. Thi\u1ebft l\u1eadp cho Service<\/h4>\n
\u0110\u00e2y ch\u00ednh l\u00e0 \u0111i\u1ec3m kh\u00e1c bi\u1ec7t c\u1ee7a FirewallD so v\u1edbi Iptables \u2013 qu\u1ea3n l\u00fd th\u00f4ng qua c\u00e1c services. Vi\u1ec7c thi\u1ebft l\u1eadp t\u01b0\u1eddng l\u1eeda \u0111\u00e3 tr\u1edf n\u00ean d\u1ec5 d\u00e0ng h\u01a1n bao gi\u1edd h\u1ebft \u2013 ch\u1ec9 vi\u1ec7c th\u00eam c\u00e1c services v\u00e0o zone \u0111ang s\u1eed d\u1ee5ng.
\n\u2013 \u0110\u1ea7u ti\u00ean, x\u00e1c \u0111\u1ecbnh c\u00e1c services tr\u00ean h\u1ec7 th\u1ed1ng:<\/p>\n# firewall-cmd --get-services\r\nRH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server<\/pre>\nL\u01b0u \u00fd: Bi\u1ebft th\u00eam th\u00f4ng tin v\u1ec1 service qua th\u00f4ng tin l\u01b0u t\u1ea1i\u00a0
\/usr\/lib\/firewalld\/services\/<\/code>.<\/p>\nH\u1ec7 th\u1ed1ng th\u00f4ng th\u01b0\u1eddng c\u1ea7n cho ph\u00e9p c\u00e1c services sau: ssh(22\/TCP), http(80\/TCP), https(443\/TCP), smtp(25\/TCP), smtps(465\/TCP) v\u00e0 smtp-submission(587\/TCP)<\/div>\n\u2013 Thi\u1ebft l\u1eadp cho ph\u00e9p services tr\u00ean FirewallD, s\u1eed d\u1ee5ng\u00a0
--add-service<\/code>:<\/p>\n# firewall-cmd --zone=public --add-service=http\r\nsuccess\r\n# firewall-cmd --zone=public --add-service=http --permanent\r\nsuccess<\/pre>\nNgay l\u1eadp t\u1ee9c, zone \u201cpublic\u201d cho ph\u00e9p k\u1ebft n\u1ed1i HTTP tr\u00ean c\u1ed5ng 80. Ki\u1ec3m tra l\u1ea1i<\/p>\n
# firewall-cmd --zone=public --list-services\r\nssh dhcpv6-client http<\/pre>\n\u2013 V\u00f4 hi\u1ec7u h\u00f3a services tr\u00ean FirewallD, s\u1eed d\u1ee5ng\u00a0
--remove-service<\/code>:<\/p>\n# firewall-cmd --zone=public --remove-service=http\r\n# firewall-cmd --zone=public --remove-service=http --permanent<\/pre>\nb. Thi\u1ebft l\u1eadp cho Port<\/h4>\n
Trong tr\u01b0\u1eddng h\u1ee3p b\u1ea1n th\u00edch qu\u1ea3n l\u00fd theo c\u00e1ch truy\u1ec1n th\u1ed1ng qua Port, FirewallD c\u0169ng h\u1ed7 tr\u1ee3 b\u1ea1n \u0111i\u1ec1u \u0111\u00f3.
\n\u2013 M\u1edf Port v\u1edbi tham s\u1ed1\u00a0--add-port<\/code>:<\/p>\n# firewall-cmd --zone=public --add-port=9999\/tcp\r\n# firewall-cmd --zone=public --add-port=9999\/tcp --permanent<\/pre>\nM\u1edf 1 d\u1ea3i port<\/p>\n
# firewall-cmd --zone=public --add-port=4990-5000\/tcp\r\n# firewall-cmd --zone=public --add-port=4990-5000\/tcp --permanent<\/pre>\nKi\u1ec3m tra l\u1ea1i<\/p>\n
# firewall-cmd --zone=public --list-ports\r\n9999\/tcp 4990-5000\/tcp<\/pre>\n\u2013 \u0110\u00f3ng Port v\u1edbi tham s\u1ed1\u00a0
--remove-port<\/code>:<\/p>\n# firewall-cmd --zone=public --remove-port=9999\/tcp\r\n# firewall-cmd --zone=public --remove-port=9999\/tcp --permanent<\/pre>\n4. C\u1ea5u h\u00ecnh n\u00e2ng cao<\/h2>\n
4.1. T\u1ea1o Zone ri\u00eang<\/h3>\n
M\u1eb7c d\u00f9, c\u00e1c zone c\u00f3 s\u1eb5n l\u00e0 qu\u00e1 \u0111\u1ee7 v\u1edbi nhu c\u1ea7u s\u1eed d\u1ee5ng, b\u1ea1n v\u1eabn c\u00f3 th\u1ec3 t\u1ea1o l\u1eadp zone c\u1ee7a ri\u00eang m\u00ecnh \u0111\u1ec3 m\u00f4 t\u1ea3 r\u00f5 r\u00e0ng h\u01a1n v\u1ec1 c\u00e1c ch\u1ee9c n\u0103ng c\u1ee7a ch\u00fang. V\u00ed d\u1ee5, b\u1ea1n c\u00f3 th\u1ec3 t\u1ea1o ri\u00eang m\u1ed9t zone cho webserver\u00a0publicweb<\/em><\/strong>\u00a0hay m\u1ed9t zone c\u1ea5u h\u00ecnh ri\u00eang cho DNS trong m\u1ea1ng n\u1ed9i b\u1ed9\u00a0privateDNS<\/em><\/strong>. B\u1ea1n c\u1ea7n thi\u1ebft l\u1eadp Permanent khi th\u00eam m\u1ed9t zone.<\/p>\n
# firewall-cmd --permanent --new-zone=publicweb\r\nsuccess\r\n# firewall-cmd --permanent --new-zone=privateDNS\r\nsuccess\r\n# firewall-cmd --reload\r\nsuccess<\/pre>\nKi\u1ec3m tra l\u1ea1i<\/p>\n
# firewall-cmd --get-zones\r\nblock dmz drop external home internal privateDNS public publicweb trusted work<\/pre>\nKhi \u0111\u00e3 c\u00f3 zone thi\u1ebft l\u1eadp ri\u00eang, b\u1ea1n c\u00f3 th\u1ec3 c\u1ea5u h\u00ecnh nh\u01b0 c\u00e1c zone th\u00f4ng th\u01b0\u1eddng: thi\u1ebft l\u1eadp m\u1eb7c \u0111\u1ecbnh, th\u00eam quy t\u1eafc\u2026 V\u00ed d\u1ee5:<\/p>\n
# firewall-cmd --zone=publicweb --add-service=ssh --permanent\r\n# firewall-cmd --zone=publicweb --add-service=http --permanent\r\n# firewall-cmd --zone=publicweb --add-service=https --permanent\r\n<\/pre>\n4.2. \u0110\u1ecbnh ngh\u0129a services ri\u00eang tr\u00ean FirewallD<\/h3>\n
Vi\u1ec7c m\u1edf port tr\u00ean t\u01b0\u1eddng l\u1eeda r\u1ea5t d\u1ec5 d\u00e0ng nh\u01b0ng l\u1ea1i khi\u1ebfn b\u1ea1n g\u1eb7p kh\u00f3 kh\u0103n khi ghi nh\u1edb c\u00e1c port v\u00e0 c\u00e1c services t\u01b0\u01a1ng \u1ee9ng. V\u00ec v\u1eady, khi c\u00f3 m\u1ed9t services m\u1edbi th\u00eam v\u00e0o h\u1ec7 th\u1ed1ng, b\u1ea1n s\u1ebd c\u00f3 2 ph\u01b0\u01a1ng \u00e1n:<\/p>\n
\n
- M\u1edf Port c\u1ee7a services \u0111\u00f3 tr\u00ean FirewallD<\/li>\n
- T\u1ef1 \u0111\u1ecbnh ngh\u0129a services \u0111\u00f3 tr\u00ean FirewallD<\/li>\n<\/ul>\n
V\u00ed d\u1ee5, B\u1ea1n s\u1ebd t\u1ef1 \u0111\u1ecbnh ngh\u0129a servies tino-admin<\/em><\/strong>\u00a0v\u1edbi port 9999.
\n\u2013 T\u1ea1o file \u0111\u1ecbnh ngh\u0129a ri\u00eang t\u1eeb file chu\u1ea9n ban \u0111\u1ea7u<\/p>\n# cp \/usr\/lib\/firewalld\/services\/ssh.xml \/etc\/firewalld\/services\/tino-admin.xml<\/pre>\n\u2013 Ch\u1ec9nh s\u1eeda \u0111\u1ec3 \u0111\u1ecbnh ngh\u0129a servies tr\u00ean FirewallD<\/p>\n
# nano \/etc\/firewalld\/services\/tino-admin.xml<\/pre>\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<service>\r\n<short>Tino-Admin<\/short>\r\n<description>Control Tino Tool<\/description>\r\n<port protocol=\"tcp\" port=\"9999\"\/>\r\n<\/service>\r\n<\/pre>\n\u2013 L\u01b0u l\u1ea1i v\u00e0 kh\u1edfi \u0111\u1ed9ng l\u1ea1i FirewallD<\/p>\n
# firewall-cmd --reload<\/pre>\n\u2013 Ki\u1ec3m tra l\u1ea1i danh s\u00e1ch services:<\/p>\n
# firewall-cmd --get-services\r\nRH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability tino-admin http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server<\/pre>\nNh\u01b0 v\u1eady, tino-admin \u0111\u00e3 \u0111\u01b0\u1ee3c th\u00eam v\u00e0o danh s\u00e1ch services c\u1ee7a FirewallD. B\u1ea1n c\u00f3 th\u1ec3 thi\u1ebft l\u1eadp nh\u01b0 c\u00e1c servies th\u00f4ng th\u01b0\u1eddng, bao g\u1ed3m c\u1ea3 cho ph\u00e9p\/ch\u1eb7n trong zone. V\u00ed d\u1ee5:<\/p>\n
# firewall-cmd --zone=public --add-service=tino-admin\r\n# firewall-cmd --zone=public --add-service=tino-admin --permanent<\/pre>\n","protected":false},"excerpt":{"rendered":"1. C\u00e1c kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n trong FirewallD Tr\u01b0\u1edbc khi th\u1ef1c s\u1ef1 d\u00f9ng \u0111\u1ebfn FirewallD \u0111\u1ec3 qu\u1ea3n l\u00fd t\u01b0\u1eddng l\u1eeda, h\u00e3y c\u00f9ng l\u00e0m quen v\u1edbi c\u00e1c kh\u00e1i ni\u1ec7m c\u01a1 b\u1ea3n: Zone v\u00e0 th\u1eddi gian hi\u1ec7u l\u1ef1c c\u1ee7a quy t\u1eafc. 1.1. Zone Trong FirewallD, zone l\u00e0 m\u1ed9t nh\u00f3m c\u00e1c quy t\u1eafc nh\u1eb1m ch\u1ec9 ra nh\u1eefng lu\u1ed3ng […]<\/p>\n","protected":false},"author":7,"featured_media":16424,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"tags":[],"ht_kb_category":[17],"class_list":["post-2289","ht_kb","type-ht_kb","status-publish","format-standard","has-post-thumbnail","hentry","ht_kb_category-huong-dan-ve-cloud-vps"],"_links":{"self":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/2289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb"}],"about":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/comments?post=2289"}],"version-history":[{"count":0,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/2289\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media\/16424"}],"wp:attachment":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media?parent=2289"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/tags?post=2289"},{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb_category?post=2289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}