以前要透過 #iptables 來設定防火牆,不過 iptables 參數設定有點複雜,在 Ubuntu 下提供了一個簡化的指令 ufw (Uncomplicated Firewall) 來設定防火牆
主要我需要 ssh (port 22) , http (port 80) , https (port 443) 可以通就好.直接透過 #ufw allow tcp_port 設定即可.
root@localhost:~# sudo ufw allow ssh Rules updated Rules updated (v6) root@localhost:~# sudo ufw allow http Rules updated Rules updated (v6) root@localhost:~# sudo ufw allow https Rules updated Rules updated (v6)
其他的 port 的連線都不允許.透過 #ufw default deny 把沒有設定 allow 的 TCP Port 全部擋起來.
root@localhost:~# sudo ufw default deny Default incoming policy changed to 'deny' (be sure to update your rules accordingly)
設定好就可以啟動 ufw ,防火牆會立即啟動,下次開機一樣會啟動.啟動前千萬要注意 allow 是否已經設定正確.
root@localhost:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
啟動完可以透過 ufw 看一下防火牆 狀態,我們一樣可以透過 #iptables -L 來看.
root@localhost:~# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
root@localhost:~# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 80 (v6) ALLOW IN Anywhere (v6) 443 (v6) ALLOW IN Anywhere (v6)
詳細資料可以透過下面的參數.
root@localhost:~# ufw show raw
沒有解決問題,試試搜尋本站其他內容
3 thoughts on “Ubuntu – ufw (Uncomplicated Firewall) 防火牆”