Ungayisetha kanjani i-Firewall ku-Ubuntu Server
Kushicilelwe: 15 Pébruari 2025 jam 21.40.35 UTC
Lesi sihloko sichaza futhi sinikeza izibonelo ezithile zendlela yokusetha i-firewall ku-GNU/Linux usebenzisa i-ufw, okufushane nge-Uncomplicated FireWall - futhi igama lifanelekile, kuyindlela elula kakhulu yokuqinisekisa ukuthi awunawo amachweba amaningi avuliwe kunalokho okudingayo.
How to Set Up a Firewall on Ubuntu Server
Ulwazi kulokhu okuthunyelwe lusekelwe ku-Ubuntu Server 14.04 x64. Ingase ivumeleke noma ingasebenzi kwezinye izinguqulo. (Buyekeza: Ngingaqinisekisa ukuthi ulwazi kulokhu okuthunyelwe lusasebenza futhi lusebenza njenge-Ubuntu Server 24.04, nokho phakathi neminyaka eyi-10, i-ufw isithole "ihlakaniphe kakhulu" ngokuba namaphrofayili wezinhlelo zokusebenza ezijwayelekile zeseva (isibonelo, ungavumela "i-Nginx igcwele" esikhundleni samachweba angama-80 kanye ne-443 asetshenziswa ngokuhlukile) futhi ukucisha yonke imithetho emisha ayisasetshenziswa ngokuhlukana)
Ngesikhathi ngiqala ngamaseva e-GNU/Linux (Ubuntu), ukumisa i-firewall ehilelekile ekwenzeni nokugcina ifayela lokucushwa elingaba yinkimbinkimbi lama-iptables. Kodwa-ke, ngisanda kuthola ufw , okufushane kwe-Uncomplicated Firewall - futhi empeleni iyi-:-)
Ukufakwa kwami kwe-Ubuntu Server 14.04 sekuvele kune-ufw efakiwe, kepha uma ingenayo, mane uyifake kumakhosombe:
I-UFW empeleni iyithuluzi elenza kube lula ukucushwa kwama-iptables - ngemuva kwezigcawu, kusengama-iptable kanye ne-Linux kernel firewall eyenza ukuhlunga, ngakho-ke i-ufw ayincane futhi ivikeleke kakhulu kunalezi. Kodwa-ke, ngenxa yokuthi i-ufw ikwenza kube lula kakhulu ukumisa i-firewall ngendlela efanele, ingase yehlise ingcuphe yephutha lomuntu futhi ngenxa yalokho ivikeleke kakhulu kubaphathi abangenalwazi.
Uma iseva yakho ilungiselelwe nge-IPv6 kanye ne-IPv4, qiniseka ukuthi lokhu kuvulelwe i-UFW futhi. Hlela ifayela /etc/default/ufw bese ubheka umugqa othi IPV6=yebo . Ekufakeni kwami ibivele ikhona, kodwa uma ingekho noma ithi cha, kufanele uyihlele
Bese usebenzisa umyalo womyalo ukunika amandla izimbobo ofuna zivulwe. Uma uxhumeke kuseva yakho nge-ssh, qiniseka ukuthi uyakuvumela lokho futhi noma kungase kuphazamise uxhumano lwakho futhi mhlawumbe kukukhiye ngaphandle kweseva yakho uma uyivula - kuye ngokuthi uyakwazi yini ukufinyelela ngokomzimba kuseva noma cha, lokhu kungase kuphazamise kancane ;-)
Isibonelo, uma usebenzisa i-ssh embotsheni evamile engu-22 futhi ulungiselela iseva yewebhu esekela kokubili okungabetheliwe (HTTP ku-port 80) nokuxhumeka okubethelwe (HTTPS ku-port 443), ungakhipha imiyalo elandelayo ukuze ulungiselele ufw:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Uma udinga imithetho eyengeziwe, mane uyengeze njengenhla.
Uma unekheli le-IP elimile futhi udinga kuphela ukukwazi ukuxhuma nge-ssh usuka endaweni eyodwa, ungakwazi futhi ukukhawulela ukuxhumeka kwe-ssh ekhelini elingumsuka owodwa elifana naleli:
Kunjalo, faka elakho ikheli le-IP esikhundleni.
Uma usuqedile, vula i-ufw ngokufaka:
Futhi usuqedile! I-firewall iyasebenza futhi izoqala ngokuzenzakalelayo lapho uqalisa kabusha iseva yakho :-)
Uma wenza izinguquko ekucushweni kwe-ufw, ungase udinge ukuyikhubaza futhi uyinike amandla futhi ukuze isebenze, kanje:
sudo ufw enable
Ukuze ubheke ukucushwa kwamanje, mane ufake:
Uma i-ufw inikwe amandla, lokhu kuzovele kubonise umlayezo "ongasebenzi", ngaphandle kwalokho kuzoklelisa imithetho echazwe njengamanje.