Gudanar da wutar wuta mai sauƙi tare da UWF

Luis Gómez

5 minti

ubuntu Firewall

Tacewar katangar yanzu ta zama ɗayan kayan aikin tsaro na kowane komputa, walau gida ko kasuwanci. Saitin sa sau da yawa bashi da sauki Kuma yana iya zama ciwon kai ga ƙananan masu amfani da ƙwarewa. Don taimakawa cikin wannan aikin akwai kayan aikin kamar UWF (Firewall mara rikitarwa) wanda yake ƙoƙari sauƙaƙa tsarin mulki na Firewall na kungiyar.

UWF ƙirar ƙira ce ta gaba wacce ta dace sosai da sabobin kuma shine, a zahiri, tsoffin kayan aikin sanyi a Ubuntu Linux. Ci gabanta ya gudana tare da ra'ayin ƙirƙirar aikace-aikace mai sauƙi da sauƙi don amfani kuma ya kasance. Rulesirƙirar dokoki don adiresoshin IPv4 da IPv6 bai kasance da sauƙi ba. A cikin darasin da za mu nuna muku a ƙasa, za mu koya muku amfani da umarnin UWF na asali don tsara ƙa'idodi na yau da kullun waɗanda kuke buƙata a cikin Firewall ɗinku.

Ayyuka na yau da kullun waɗanda za mu iya aiwatarwa a cikin bango na tsarin suna da banbanci sosai kuma sun haɗa da daga toshe wani adireshin IP ko tashar jiragen ruwa don ba da damar zirga-zirga kawai daga takamaiman ƙaramin subnet. Yanzu zamu sake duba waɗanda suka fi dacewa ta amfani da umarnin da ake buƙata don kiran UWF, ee, koyaushe daga tashar tashar:

Toshe takamaiman adireshin IP tare da UWF

Asali na asali wanda dole ne mu gabatar shine masu zuwa:

sudo ufw deny from {dirección-ip} to any

Don toshewa ko hana izinin duk fakiti na takamaiman adireshin IP za mu gabatar:

 sudo ufw deny from {dirección-ip} to any

Nuna matsayin Firewall da dokokinta

Zamu iya tabbatar da sabbin ka'idojin da muka gabatar yanzu da jumla mai zuwa:

$ sudo ufw status numbered

Ko tare da umarnin mai zuwa:

$ sudo ufw status

hoton uwf

Takamaiman toshe takamaiman adireshin IP ko tashar jiragen ruwa

Haɗin kalmomin wannan yanayin zai zama masu zuwa:

ufw deny from {dirección-ip} to any port {número-puerto}

Bugu da ƙari, idan muna son tabbatar da ƙa'idodin, za mu yi haka tare da umarni mai zuwa:

$ sudo ufw status numbered

Misali na fitarwa wanda wannan umarnin zai bayar shine masu zuwa:

Matsayi: mai aiki Don Aiki Daga - ------ ---- [1] 192.168.1.10 80 / tcp KYAUTA Duk Inda [2] 192.168.1.10 22 / tcp BADA I ko'ina (3] Duk Inda DENY 192.168.1.20 [4] 80 INKI IN 202.54.1.5

Toshe takamaiman adireshin IP, tashar jiragen ruwa, da nau'in yarjejeniya

Don samun damar toshe takamaiman adireshin IP, tashar jiragen ruwa da / ko nau'in yarjejeniya akan kwamfutarka, dole ne ku shigar da umarni mai zuwa:

sudo ufw deny proto {tcp|udp} from {dirección-ip} to any port {número-puerto}

Misali, idan muna karbar wani hari daga a gwanin kwamfuta Daga adireshin IP 202.54.1.1, ta tashar jiragen ruwa 22 kuma ƙarƙashin yarjejeniyar TCP, hukuncin da za a shigar zai zama mai zuwa:

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

Tarewa da subnet

A kan wannan takamaiman yanayin rubutun ya yi daidai da na abubuwan da suka gabata, sanarwa:

$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

Cire adireshin IP ko share doka

Idan baku daina toshe adireshin IP a cikin tsarinku ko kawai kun rikice lokacin shigar doka, gwada wannan umarni:

$ sudo ufw status numbered
$ sudo ufw delete NUM

Misali, idan muna son kawar da lambar mulki ta 4, dole ne mu shigar da umarnin kamar haka:

$ sudo ufw delete 4

Sakamakon umarnin da aka shigar, zamu sami sako akan allon kwatankwacin wannan da muke nuna maka:

Sharewa:
 musun daga 202.54.1.5 zuwa kowane tashar jirgin ruwa 80
Ci gaba da aiki (y | n)? y
An share doka

Yadda ake UWF ba toshe adireshin IP ba

Dokokin da UWF (ko iptables, ya dogara da yadda kake kallon sa) suna aiki koyaushe suna bin umarninka kuma ana kashe su da zarar wasa ya faru. Don haka, alal misali, idan doka ta ba kwamfuta da takamaiman adireshin IP damar haɗi zuwa kwamfutarmu ta tashar jiragen ruwa na 22 da amfani da yarjejeniyar TCP (ka ce, sudo ufw ba da damar 22), kuma daga baya akwai sabuwar doka wacce ke toshe takamaiman adireshin IP zuwa tashar tashar guda 22 (misali tare da ufw musun proto tcp daga 192.168.1.2 zuwa kowane tashar jirgin ruwa 22), dokar da ake amfani da ita ta farko ita ce wacce ke ba da damar shiga tashar ta 22 kuma daga baya, wacce ke toshe waccan tashar zuwa IP ɗin da aka nuna, a'a. Saboda hakan ne oda ka'idoji abu ne mai yanke hukunci yayin saita bangon waya.

Idan muna son hana wannan matsalar faruwa, za mu iya shirya fayil ɗin da ke cikin /etc/ufw/before.rules kuma, a cikin sa, ƙara sashi kamar "toshe adireshin IP", bayan layin da ke nuna ƙarshen wannan "Lines da ake buƙatar layin".

Jagoran da muka shirya muku ya ƙare anan. Kamar yadda kake gani, daga yanzu zuwa gaba tare da taimakon UWF gudanar da mulkin Firewall Ba zai zama keɓance ga masu gudanar da tsarin ko masu amfani da ci gaba ba.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Junquera m
    sa 8 shekaru

    fitarwa UWF = UFW
    ?

    Amsa zuwa Junquera