一步步教你如何开启、关闭ubuntu防火墙
<p><span><strong>前言</strong></span></p>
<p>
防火墙(Firewall),也称防护墙。它是一种位于内部网络与外部网络之间的网络安全系统。一项信息安全的防护系统,依照特定的规则,允许或是限制传输的数据通过。</p>
<p>
防火墙对于我们的网络安全的重要性不言而喻 但是在实际的开发过程中 我们有可能会</p>
<p>
需要开启、关闭防火墙 那么 Ubuntu中怎么管理防火墙呢。下面就来一起看看吧。</p>
<p>
<span><strong>安装方法</strong></span></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_736712">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">apt-get </code><code class="bash functions">install</code> <code class="bash plain">ufw</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
</p>
<p>
当然,这是有图形界面的(比较简陋),在新立得里搜索gufw试试……</p>
<p>
<span><strong>使用方法</strong></span></p>
<p>
<strong>1 启用</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_343989">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw </code><code class="bash functions">enable</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">sudo</code> <code class="bash plain">ufw default deny</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
作用:开启了防火墙并随系统启动同时关闭所有外部对本机的访问(本机访问外部正常)。</p>
<p>
<strong>2 关闭</strong></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_497612">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw disable</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
2 查看防火墙状态</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_958096">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw status</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
3 开启/禁用相应端口或服务举例</p>
<blockquote>
<p>
sudo ufw allow 80 允许外部访问80端口</p>
<p>
sudo ufw delete allow 80 禁止外部访问80 端口</p>
<p>
sudo ufw allow from 192.168.1.1 允许此IP访问所有的本机端口</p>
<p>
sudo ufw deny smtp 禁止外部访问smtp服务 </p>
<p>
sudo ufw delete allow smtp 删除上面建立的某条规则 </p>
<p>
sudo ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22 要拒绝所有的TCP流量从10.0.0.0/8 到192.168.0.1地址的22端口</p>
</blockquote>
<p>
可以允许所有RFC1918网络(局域网/无线局域网的)访问这个主机(/8,/16,/12是一种网络分级):</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_335481">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow from 10.0.0.0</code><code class="bash plain">/8</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow from 172.16.0.0</code><code class="bash plain">/12</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow from 192.168.0.0</code><code class="bash plain">/16</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
推荐设置</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_65182">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">apt-get </code><code class="bash functions">install</code> <code class="bash plain">ufw</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">sudo</code> <code class="bash plain">ufw </code><code class="bash functions">enable</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw default deny</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
这样设置已经很安全,如果有特殊需要,可以使用<code>sudo ufw allow</code>开启相应服务。</p>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对的支持。</p>
<p>
原文链接:https://www.cnblogs.com/kluan/p/5993767.html</p>
頁:
[1]