Ubuntu20.04防火墙设置简易教程(小白)
<p><span><strong>前言</strong></span></p>
<p>
在现在这个网络越发便捷的社会,各种网络勒索病毒层出不穷,即使是Google浏览器也是在不断的更新版本修复漏洞。很多人认为只有Windows系统才容易中病毒,若使用Linux系统就不容易中病毒,经常让自己的电脑裸奔运行,既不装杀毒软件,也不开启防火墙。其实Linux下也是存在中病毒的可能的,只是那些病毒几乎是无法像在Windows系统下一样自动运行的,Linux的特性决定了很多时候都需要你给予root权限软件才能运行,这确实使电脑中病毒的几率大大降低了,但是不管你的Linux系统是ubuntu还是其它发行版本,即使你不安装杀毒软件,防火墙也是必须要开启的,可惜我们很多人的电脑都是关闭了防火墙,今天这篇博客主要教大家怎么开启Ubuntu系统的防火墙,避免电脑重要文件遭到窃取。</p>
<p>
<span><strong>1.安装</strong></span></p>
<p>
Ubuntu20.04一般都默认安装了UFW(Uncomplicated Firewall),它是一款轻量化的工具,主要用于对输入输出的流量进行监控。如果没有安装,请用下面的命令安装:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_650177">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">apt </code><code class="bash functions">install</code> <code class="bash plain">ufw</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
正常情况安装以后应该是默认禁止状态的,输入<code>sudo ufw status verbose</code>命令可以看到如下界面:</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Ubuntu20.04防火墙设置简易教程(小白)" alt="Ubuntu20.04防火墙设置简易教程(小白)" src="https://zhuji.jb51.net/uploads/img/202305/505055c8f69521adb920db3421184a8f.jpg"></p>
<p>
这表示防火墙没有开启,下面启用防火墙。</p>
<p>
<span><strong>2.启用</strong></span></p>
<p>
终端中输入如下命令:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_976871">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw </code><code class="bash functions">enable</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">sudo</code> <code class="bash plain">ufw default deny</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
运行以上两条命令后,开启了防火墙,并在系统启动时自动开启。再次输入<code>sudo ufw status verbose</code>,可以看到如下界面:</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="Ubuntu20.04防火墙设置简易教程(小白)" alt="Ubuntu20.04防火墙设置简易教程(小白)" src="https://zhuji.jb51.net/uploads/img/202305/92eba49da493822a4f90199712453af8.jpg"></p>
<p>
上面的默认配置表示关闭所有外部对本机的访问,但本机访问外部正常,同时我又开启了3690端口,允许外部通过3690端口访问本机,这里说下,SVN默认使用的就是3690端口,这样我就可以从外部通过SVN提交代码到本机了。</p>
<p>
<span><strong>3.开启/禁用</strong></span></p>
<p>
一般的用户,只需设置如下三条命令:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_9781">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">apt </code><code class="bash functions">install</code> <code class="bash plain">ufw</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">sudo</code> <code class="bash plain">ufw </code><code class="bash functions">enable</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw default deny</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
就已经足够安全了,如果你需要开放某些服务,再使用<code>sudo ufw allow</code>命令开启,举例如下:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_787533">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow | deny </code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
打开或关闭某个端口,例如:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_358054">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow 53 允许外部访问53端口(tcp</code><code class="bash plain">/udp</code><code class="bash plain">)</code>
</div>
<div class="line number2 index1 alt1">
</div>
<div class="line number3 index2 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow 3690 允许外部访问3690端口(svn)</code>
</div>
<div class="line number4 index3 alt1">
</div>
<div class="line number5 index4 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow from 192.168.1.111 允许此IP访问所有的本机端口</code>
</div>
<div class="line number6 index5 alt1">
</div>
<div class="line number7 index6 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow proto tcp from 192.168.0.0</code><code class="bash plain">/24</code> <code class="bash plain">to any port 22 允许指定的IP段访问特定端口</code>
</div>
<div class="line number8 index7 alt1">
</div>
<div class="line number9 index8 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw delete allow smtp 删除上面建立的某条规则,比如删除svn端口就是 </code><code class="bash functions">sudo</code> <code class="bash plain">ufw delete allow 3690</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>4.开启/关闭防火墙</strong></span></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_896444">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw </code><code class="bash functions">enable</code> <code class="bash plain">| disable</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>5.示例</strong></span></p>
<p>
下面是ufw命令行的一些示例:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_78379">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">ufw </code><code class="bash functions">enable</code><code class="bash plain">/disable</code><code class="bash plain">:打开/关闭ufw</code>
</div>
<div class="line number2 index1 alt1">
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">ufw status:查看已经定义的ufw规则</code>
</div>
<div class="line number4 index3 alt1">
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">ufw default allow</code><code class="bash plain">/deny</code><code class="bash plain">:外来访问默认允许/拒绝</code>
</div>
<div class="line number6 index5 alt1">
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">ufw allow</code><code class="bash plain">/deny</code> <code class="bash plain">20:允许/拒绝访问20端口,20后可跟</code><code class="bash plain">/tcp</code><code class="bash plain">或</code><code class="bash plain">/udp</code><code class="bash plain">,表示tcp或udp封包。</code>
</div>
<div class="line number8 index7 alt1">
</div>
<div class="line number9 index8 alt2">
<code class="bash functions">sudo</code> <code class="bash plain">ufw allow proto tcp from 192.168.0.0</code><code class="bash plain">/24</code> <code class="bash plain">to any port 22:允许自192.168.0.0</code><code class="bash plain">/24</code><code class="bash plain">的tcp封包访问本机的22端口。</code>
</div>
<div class="line number10 index9 alt1">
</div>
<div class="line number11 index10 alt2">
<code class="bash plain">ufw delete allow</code><code class="bash plain">/deny</code> <code class="bash plain">20:删除以前定义的</code><code class="bash string">"允许/拒绝访问20端口"</code><code class="bash plain">的规则</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
到此这篇关于Ubuntu20.04防火墙设置简易教程(小白)的文章就介绍到这了,更多相关Ubuntu20.04防火墙设置 内容请搜索以前的文章或继续浏览下面的相关文章希望大家以后多多支持!</p>
<p>
原文链接:https://blog.csdn.net/weixin_42171170/article/details/106957543</p>
頁:
[1]