we all know,Among Linux system has a very fast hardware firewall is called iptables,It can do far exceeds the scope of the firewall, but ......,usually,We only used it as a firewall to use。
but,If you just want a port policy,That does not seem to need to face iptables That lengthy configuration commands。Now,I'll introduce you to the other, a more simple firewall:
Uncomplicated Firewall
A look at the name on the very clear "no complex firewall" Yes,It is ufw,exist Ubuntu Operating system which has been built,Use it to quickly and easily operate the firewall features,For example, switch port,IP Access,Limit the connection, etc., etc.。It is with a range of almost all Linux firewall,Iptables is used as a background,so,You can also in iptables On to do more custom,Both can be used together of course ......,I do not recommend you do。iptables rules to give priority to ufw。
Recommended reason ufw,This is because the goods inside the built-in Ubuntu,So just built vps you can use it to quickly deploy it!
Based switch command
1 2 3 4 5 6 7 8 9 |
ufw enable // 启用防火墙 ufw disable // 禁用防火墙 ufw reload //重新加载防火墙 ufw status // 显示防火墙状态 ufw status verbose // 查看防火墙详细状态 |
1 |
ufw default deny //设置默认 input 流量为拒绝 |
note,If you are connected to the server via ssh,Then you should add a rule,Then open the firewall,Otherwise the consequences。
Said here about,ufw enable the firewall will automatically configure the boot,Disable boot is canceled。
Basic control commands
Generally, we can use allow and deny Option to allow or disallow connections,Followed by the port number or protocol name will do,With a slash "/" Split,Then you can explicitly additional TCP or UDP,Without adding theBoth are considered default。Other,We generally prefer to configure the input entry,If you want to control output entry,It can explicitly stressed in or out between the port number and allow or deny,Of course, certainly in default。
1 2 |
ufw allow|deny [in|out] PORT [/tcp|udp] // 允许或者阻止 进入或者流出 端口 协议 |
Here are a few chestnuts:
1 2 3 4 5 6 |
ufw allow 22 //允许任何人通过端口22连入本机(包括 UDP 和 TCP) ufw deny 53/tcp //阻止任何人通过53端口用TCP 连入本机 ufw allow smtp //用协议名字方式来添加条目 |
Advanced control command
1 2 3 4 5 6 7 8 |
ufw show raw //以 iptables 格式输出当前的规则 ufw status [verbose|numbered] //显示详细的状态,如果要删除条目,你可能需要用到 numbered ufw delete NUM //删除某个条目,号码参考上一条命令。 ufw delete allow 53/udp //也可以在之前的命令当中直接添加 delete 参数来删除条目 |
And allow、deny corresponding options,In fact, there limit and reject,The former is used to limit the number of connections within 30 seconds,More than six times out automatically deny IP;The latter and deny the same function,butNoreturn"You are refused"Message。
If you have multiple network cards,So on additional options after emphasize in and out,You can make policy for a certain card,For chestnuts:
1 |
ufw allow in on eth0 to any port 80 proto tcp |
Add more complex control statements
By editing the file:
1 2 3 4 5 |
/etc/ufw/before.rules //在 ufw 的所有条目之前生效 /etc/ufw/after.rules //在 ufw 的所有条目之后生效 |
To add more complex、ufw command can not support iptables control statements,For example, open or nat forwarding address masquerading, etc.,It iptables command format and command the same format - for loading these files is iptables-restore
Of course,After modifying these two files,You need to reboot in order to make them take effect ufw。
Further reading
All right,Basically common presentation so much,If you want to use the more advanced features,Please move:
Another:If you use the desktop version,This stock is in fact there are graphic terminal,Called the Gufw。😜
Original article written by LogStudio:R0uter's Blog » Under Ubuntu more simple firewall Uncomplicated Firewall
Reproduced Please keep the source and description link:https://www.logcg.com/archives/988.html
Comments