Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
en:veos:installation [2024/06/11 08:54] – elena.krasnobryzh | en:veos:installation [2025/05/23 14:23] (current) – ↷ Links adapted because of a move operation elena.krasnobryzh | ||
---|---|---|---|
Line 4: | Line 4: | ||
<note tip> | <note tip> | ||
- | * [[en: | + | * [[en: |
- | * [[en: | + | * [[en: |
- | * [[en: | + | * [[en: |
- | :!: If any discrepancies are found at this stage, contact [[en: | + | :!: If any discrepancies are found at this stage, contact [[en: |
===== ISO Links ===== | ===== ISO Links ===== | ||
- | | + | |
[[en: | [[en: | ||
Line 107: | Line 107: | ||
- Save the password for **vasexpertsmnt**. | - Save the password for **vasexpertsmnt**. | ||
- Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to /// | - Set permission for users of the wheel group to use all commands on behalf of all users, for this you need to add to /// | ||
- | - To provide remote access via SSH and set restrictions on valid IP addresses from the list: < | + | - To provide remote access via SSH and set restrictions on valid IP addresses from the list: < |
< | < | ||
- | iptables -A INPUT -m conntrack --ctstate RELATED, ESTABLISHED -j ACCEPT | + | < |
- | iptables -A INPUT -p tcp -s 45.151.108.0/ | + | iptables -A INPUT -m conntrack --ctstate RELATED, |
- | iptables -A INPUT -p tcp -s 94.140.198.64/ | + | iptables -A INPUT -p tcp -s 45.151.108.0/ |
- | iptables -A INPUT -p tcp -s 78.140.234.98 | + | iptables -A INPUT -p tcp -s 94.140.198.64/ |
- | iptables -A INPUT -p tcp -s 193.218.143.187 | + | iptables -A INPUT -p tcp -s 193.218.143.187 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 93.100.47.212 | + | iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 93.100.73.160 -m tcp --dport 22 -j ACCEPT | + | iptables -A INPUT -p tcp -s 78.140.234.98 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 77.247.170.134 -m tcp --dport 22 -j ACCEPT | + | iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 91.197.172.2 -m tcp --dport 22 -j ACCEPT | + | iptables -A INPUT -p tcp -s 46.243.181.35 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT | + | iptables -A INPUT -p tcp -s 46.243.181.242 -m tcp --dport 22 -j ACCEPT |
- | iptables -A INPUT -p tcp -s 93.159.236.11 -m tcp --dport 22 -j ACCEPT | + | iptables -A INPUT -p tcp --dport 22 -j DROP |
- | iptables -A INPUT -p tcp --dport 22 -j DROP | + | service iptables save |
- | service iptables save | + | |
</ | </ | ||
If you are using firewalld: | If you are using firewalld: | ||
< | < | ||
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --permanent --zone=public --add-rich-rule=' |
- | firewall-cmd --permanent --zone = public --add-rich-rule = 'rule family = " | + | firewall-cmd --zone=public --remove-service=ssh --permanent |
- | firewall-cmd | + | firewall-cmd --reload |
- | firewall-cmd --reload | + | |
- | firewall-cmd --zone = public --remove-service = ssh --permanent | + | |
</ | </ | ||
**!Save your settings as the server will be rebooted during installation!** \\ | **!Save your settings as the server will be rebooted during installation!** \\ | ||
\\ | \\ | ||
- | After making sure that remote access via SSH is provided, send to [[en: | + | After making sure that remote access via SSH is provided, send to [[en: |
Line 150: | Line 147: | ||
<note warning> | <note warning> | ||
- | Do not update the operating system kernel until the system is activated [[en: | + | Do not update the operating system kernel until the system is activated [[en: |
- | this may cause the network card driver to fail (([[en: | + | this may cause the network card driver to fail (([[en: |
</ | </ | ||