Yadda ake saita Firewall akan uwar garken Ubuntu

Buga: 15 Faburairu, 2025 da 21:35:33 UTC
An sabunta ta ƙarshe: 12 Janairu, 2026 da 08:37:50 UTC

Wannan labarin ya yi bayani kuma ya bayar da wasu misalai kan yadda ake kafa firewall akan GNU/Linux ta amfani da ufw, wanda aka taƙaita shi da Uncomplicated FireWall - kuma sunan ya dace, hakika hanya ce mai sauƙi don tabbatar da cewa ba ku da tashoshin da ke buɗe fiye da yadda kuke buƙata.

An fassara wannan shafin na'ura daga Turanci don a sami damar isa ga mutane da yawa gwargwadon iko. Abin takaici, fassarar inji ba ta zama cikakkiyar fasaha ba, don haka kurakurai na iya faruwa. Idan kuna so, kuna iya duba ainihin sigar Turanci anan:

How to Set Up a Firewall on Ubuntu Server

Bayanin da ke cikin wannan sakon ya dogara ne akan Ubuntu Server 14.04 x64. Yana iya zama ko ba zai yi aiki ba ga wasu sigogi. (Sabuntawa: Zan iya tabbatar da cewa bayanin da ke cikin wannan sakon har yanzu yana da inganci kuma yana aiki kamar na Ubuntu Server 24.04, duk da haka a cikin shekaru 10 na tsaka-tsaki, ufw ya sami ɗan "wayo" ta hanyar samun bayanan martaba don aikace-aikacen sabar gama gari (misali, zaku iya kunna "Nginx cike" maimakon tashoshin jiragen ruwa 80 da 443 daban) kuma kashe/ba da damar amfani da dukkan firewall don sabbin dokoki ba lallai bane)

Lokacin da na fara amfani da sabar GNU/Linux (Ubuntu), saita firewall ya ƙunshi ƙirƙirar da kuma kula da fayil ɗin tsari mai rikitarwa ga iptables da hannu. Duk da haka, kwanan nan na gano ufw, wanda aka yi wa lakabi da Uncomplicated Firewall - kuma da gaske :-)

Shigar da Ubuntu Server 14.04 na riga an shigar da ufw, amma idan ba ku yi ba, kawai shigar da shi daga wurin ajiyar bayanai:

sudo apt-get install ufw

UFW a zahiri kayan aiki ne kawai da ke sauƙaƙa tsarin iptables - a bayan fage, har yanzu iptables ne da kuma Linux kernel firewall ne ke yin tacewa, don haka ufw bai fi waɗannan ƙasa ko aminci ba. Duk da haka, saboda ufw yana sauƙaƙa saita firewall daidai, yana iya rage haɗarin kuskuren ɗan adam kuma saboda haka yana iya zama mafi aminci ga masu gudanarwa marasa ƙwarewa.

Idan uwar garkenka an saita shi da IPv6 da kuma IPv4, tabbatar da cewa an kunna shi don UFW. Shirya fayil ɗin /etc/default/ufw kuma nemi layi mai cewa IPV6=yes. A lokacin shigarwa ta, ya riga ya kasance a wurin, amma idan ba haka ba ko kuma idan ya ce a'a, ya kamata ka gyara shi.

Sai kawai a yi amfani da umarnin umarni don kunna tashoshin da kake son buɗewa. Idan an haɗa ka da uwar garkenka ta hanyar ssh, tabbatar da cewa ka ba da damar hakan ko kuma zai iya katse haɗinka kuma wataƙila ya kulle ka daga uwar garkenka lokacin da ka kunna shi - ya danganta da ko kana da damar shiga uwar garken ko a'a, wannan na iya zama ɗan rashin daɗi ;-)

Misali, idan kuna amfani da ssh akan tashar jiragen ruwa ta yau da kullun 22 kuma kuna saita sabar yanar gizo wacce ke goyan bayan haɗin da ba a ɓoye ba (HTTP akan tashar jiragen ruwa 80) da kuma haɗin da aka ɓoye (HTTPS akan tashar jiragen ruwa 443), zaku bayar da waɗannan umarni don saita ufw:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Idan kana buƙatar ƙarin dokoki, kawai ƙara su kamar yadda aka ambata a sama.

Idan kana da adireshin IP mara tsayayye kuma kawai kana buƙatar samun damar haɗawa ta hanyar ssh daga wuri ɗaya, haka nan za ka iya iyakance haɗin ssh zuwa adireshin asali ɗaya kamar haka:

sudo ufw allow from 192.168.0.1 to any port 22

Tabbas, shigar da adireshin IP ɗinku maimakon.

Idan an gama, kunna ufw ta hanyar shigar da:

sudo ufw enable

Kuma kun gama! Wurin kashe gobara yana aiki kuma zai fara aiki ta atomatik idan kun sake kunna sabar ku :-)

Idan ka yi canje-canje ga tsarin ufw, ƙila ka buƙaci ka kashe kuma ka sake kunna shi don sanya su cikin aiki, kamar haka:

sudo ufw disable
sudo ufw enable

Don duba tsarin da ake da shi a yanzu, kawai shigar da:

sudo ufw status

Idan ba a kunna ufw ba, wannan zai nuna saƙon "mara aiki", in ba haka ba zai lissafa ƙa'idodin da aka ƙayyade a halin yanzu.