Ungayisetha kanjani i-Firewall ku-Ubuntu Server
Kushicilelwe: Februwari 15, 2025 21:40:35 UTC
Igcine ukubuyekezwa: Januwari 12, 2026 08:38:20 UTC
Lesi sihloko sichaza futhi sinikeza izibonelo ezithile zendlela yokusetha i-firewall ku-GNU/Linux usebenzisa i-ufw, okufinyezwa ngokuthi i-Uncomplicated FireWall - futhi igama liyafaneleka, empeleni kuyindlela elula kakhulu yokuqinisekisa ukuthi awunawo amachweba amaningi avulekile kunalawo owadingayo.
How to Set Up a Firewall on Ubuntu Server
Ulwazi olukulesi sihloko lusekelwe ku-Ubuntu Server 14.04 x64. Lungase lusebenze noma lungasebenzi kwezinye izinguqulo. (Isibuyekezo: Ngingaqinisekisa ukuthi ulwazi olukulesi sihloko lusasebenza futhi lusebenza kusukela ku-Ubuntu Server 24.04, kodwa eminyakeni eyi-10 ephakathi, i-ufw iye yaba "nobuhlakani" ngokuba namaphrofayili ezinhlelo zokusebenza zeseva ezivamile (isibonelo, ungavumela i-"Nginx egcwele" esikhundleni samachweba angu-80 no-443 ngokwehlukana) futhi ukukhubaza/ukuvumela yonke i-firewall ukuthi kusetshenziswe imithetho emisha akusadingeki)
Ngesikhathi ngiqala ngamaseva e-GNU/Linux (Ubuntu), ukusetha i-firewall kwakuhilela ukudala ngesandla nokugcina ifayela lokucushwa elingase libe yinkimbinkimbi lama-iptables. Kodwa-ke, muva nje ngithole i-ufw, okufinyezwa ngokuthi i-Uncomplicated Firewall - futhi ngempela :-)
Ukufakwa kwami kwe-Ubuntu Server 14.04 sekuvele kufakwe i-ufw, kodwa uma kungenjalo, vele uyifake kusuka ezindaweni zokugcina:
Empeleni i-UFW iyithuluzi nje elenza kube lula ukucushwa kwe-iptables - ngemuva kwezigcawu, kuseyi-iptables kanye ne-Linux kernel firewall eyenza ukuhlunga, ngakho-ke i-ufw ayinciphisi futhi ayiphephile kakhulu kunalezi. Kodwa-ke, ngoba i-ufw yenza kube lula kakhulu ukumisa i-firewall ngendlela efanele, inganciphisa ingozi yamaphutha abantu futhi ngenxa yalokho kungenzeka iphephile kakhulu kubaphathi abangenalwazi.
Uma iseva yakho ilungiselelwe nge-IPv6 kanye ne-IPv4, qiniseka ukuthi lokhu kuyasebenza naku-UFW. Hlela ifayela /etc/default/ufw bese ubheka umugqa othi IPV6=yebo. Ekufakweni kwami yayisivele ikhona, kodwa uma ingekho noma uma ithi cha, kufanele uyihlele.
Bese usebenzisa umyalo osheshayo ukuze uvule ama-port ofuna avulwe. Uma uxhumeke kuseva yakho nge-ssh, qiniseka ukuthi uyakuvumela lokho noma kungaphazamisa uxhumano lwakho futhi mhlawumbe kukukhiyele ngaphandle kweseva yakho uma uyisebenzisa - kuye ngokuthi unokufinyelela ngokomzimba kuseva noma cha, lokhu kungase kube yinto engathandeki ;-)
Isibonelo, uma usebenzisa i-ssh ku-port ejwayelekile engu-22 futhi ulungiselela iseva yewebhu esekela kokubili ukuxhumana okungabethelwe (HTTP ku-port 80) kanye nokubethelwe (HTTPS ku-port 443), uzokhipha imiyalo elandelayo ukuze ulungiselele i-ufw:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Uma udinga eminye imithetho, mane uyifake njengoba kushiwo ngenhla.
Uma unekheli le-IP elingaguquki futhi udinga kuphela ukukwazi ukuxhuma nge-ssh usuka endaweni eyodwa, ungakhawulela nokuxhumeka kwe-ssh ekhelini elilodwa lomsuka elifana naleli:
Vele, faka ikheli lakho le-IP esikhundleni salokho.
Uma usuqedile, vumela i-ufw ngokufaka:
Futhi usuqedile! I-firewall iyasebenza futhi izoqala ngokuzenzakalelayo uma uqala kabusha iseva yakho :-)
Uma wenza izinguquko ekucushweni kwe-ufw, kungadingeka ukuthi ukhubaze futhi uluvumele futhi ukuze uzisebenzise, kanje:
sudo ufw enable
Ukuze ubheke ukucushwa kwamanje, vele ufake:
Uma i-ufw ingasebenzi, lokhu kuzomane kubonise umlayezo "ongasebenzi", ngaphandle kwalokho kuzobala imithetho echazwe njengamanje.