Yadda ake saita Firewall akan uwar garken Ubuntu

Buga: 15 Faburairu, 2025 da 21:35:33 UTC

Wannan labarin ya bayyana kuma yana ba da wasu misalan yadda ake saita Tacewar zaɓi akan GNU/Linux ta amfani da ufw, wanda gajere ne don Uncomplicated FireWall - kuma sunan ya dace, hakika hanya ce mai sauƙi don tabbatar da cewa ba ku da ƙarin tashoshin jiragen ruwa a buɗe fiye da yadda kuke buƙata.

An fassara wannan shafin na'ura daga Turanci don a sami damar isa ga mutane da yawa gwargwadon iko. Abin takaici, fassarar inji ba ta zama cikakkiyar fasaha ba, don haka kurakurai na iya faruwa. Idan kuna so, kuna iya duba ainihin sigar Turanci anan:

How to Set Up a Firewall on Ubuntu Server

Bayanin da ke cikin wannan sakon ya dogara ne akan Ubuntu Server 14.04 x64. Yana iya ko ba zai yi aiki ba don wasu nau'ikan. (Sabunta: Zan iya tabbatar da cewa bayanin da ke cikin wannan sakon yana da inganci kuma yana aiki kamar na Ubuntu Server 24.04, duk da haka a cikin shekaru 10 na matsakaici, ufw ya sami ɗan "wayo" ta hanyar samun bayanan martaba don aikace-aikacen uwar garken gama gari (alal misali, zaku iya kunna "Nginx cikakke" maimakon tashar jiragen ruwa 80 da 443) ba tare da yin amfani da sabbin ka'idoji ba.

Lokacin da na fara farawa tare da sabobin GNU/Linux (Ubuntu), kafa bangon wuta wanda ke haɗa hannu da ƙirƙira da kiyaye babban fayil ɗin sanyi don iptables. Koyaya, kwanan nan na gano ufw , wanda gajere ne don Wutar Wuta mara wahala - kuma da gaske :-)

Shigarwa na Ubuntu Server 14.04 an riga an shigar da ufw, amma idan ba ku yi ba, kawai shigar da shi daga ma'ajin:

sudo apt-get install ufw

UFW haƙiƙa kayan aiki ne kawai wanda ke sauƙaƙe daidaitawar iptables - a bayan al'amuran, har yanzu iptables ne da kuma Linux kernel Tacewar zaɓi wanda ke yin tacewa, don haka ufw bai zama ƙasa ko mafi aminci fiye da waɗannan ba. Koyaya, saboda ufw yana ba da sauƙin saita bangon bango daidai, yana iya rage haɗarin kuskuren ɗan adam don haka yana iya zama mafi aminci ga admins marasa gogewa.

Idan an saita uwar garken ku tare da IPv6 da IPv4, tabbatar da cewa an kunna wannan don UFW kuma. Shirya fayil ɗin /etc/default/ufw kuma nemi layi yana cewa IPV6=ee . A kan shigarwa na ya riga ya kasance, amma idan ba haka ba ko kuma idan ya ce a'a, ya kamata ku gyara shi

Sa'an nan kawai amfani da umarnin gaggawa don kunna tashoshin da kuke son buɗewa. Idan an haɗa ku zuwa uwar garken ku ta hanyar ssh, tabbatar da ba da izinin hakan ko kuma yana iya ɓata haɗin haɗin ku kuma yana iya kulle ku daga sabar ku lokacin kunna ta - ya danganta ko kuna da damar shiga uwar garken ko a'a, wannan na iya zama mara daɗi ;-)

Misali, idan kun yi amfani da ssh akan daidaitaccen tashar jiragen ruwa 22 kuma kuna saita sabar gidan yanar gizo wacce ke tallafawa duka waɗanda ba a ɓoye su ba (HTTP akan tashar jiragen ruwa 80) da rufaffen (HTTPS akan tashar jiragen ruwa 443), zaku ba da umarni masu zuwa don saita ufw:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Idan kuna buƙatar ƙarin dokoki, kawai ƙara su kamar yadda suke sama.

Idan kuna da adreshin IP na tsaye kuma kawai kuna buƙatar samun damar haɗawa ta hanyar ssh daga wuri ɗaya, kuna iya ƙuntata haɗin ssh zuwa adireshin asali guda ɗaya kamar haka:

sudo ufw allow from 192.168.0.1 to any port 22

Tabbas, shigar da adireshin IP na ku maimakon.

Lokacin da aka gama, kunna ufw ta shigar da:

sudo ufw enable

Kuma kun gama! Tacewar zaɓi yana gudana kuma zai fara ta atomatik lokacin da kuka sake kunna sabar ku :-)

Idan kun yi canje-canje ga tsarin ufw, kuna iya buƙatar musaki kuma sake kunna shi don aiwatar da su, kamar haka:

sudo ufw disable
sudo ufw enable

Don duba tsarin tsari na yanzu, kawai shigar:

sudo ufw status

Idan ba a kunna ufw ba, wannan zai nuna kawai saƙon "marasa aiki", in ba haka ba zai jera ƙa'idodin da aka ayyana a halin yanzu.