Nyore firewall manejimendi neUWF

Luis Gómez

5 maminitsi

ubuntu firewall

Iyo firewall ikozvino yave imwe yezvakakosha maturusi ekuchengetedza chero komputa, ingave imba kana bhizinesi. Kugadziriswa kwayo kazhinji hakusi nyore Uye inogona kuve musoro wevashandisi vasina ruzivo. Kubatsira mune iri basa pane zvishandiso zvakaita seUWF (Uncomplicated Firewall) inoedza kurerutsa firewall kutonga manejimendi yechikwata.

UWF iptables kumberi-kumagumo iyo inonyanya kukodzera zvakanyanya kumaseva uye iri, muchokwadi, iyo yekumisikidza yekumisikidza chishandiso muUbuntu Linux. Kuvandudzwa kwaro kwakaitwa pamwe nepfungwa yekugadzira iri nyore uye nyore kushandisa chishandiso uye zvave zviripo. Kugadzira mitemo ye IPv4 ne IPv6 kero hakuna kumbove kuri nyore. Muchidzidzo icho chatinokuratidza pazasi, isu tinokudzidzisa iwe kushandisa iyo yekutanga UWF mirairo yekumisikidza yakajairwa mitemo iwe yaungangoda mune yako firewall.

Iwo ekutanga mabasa atinogona kuita mukati meiyo system firewall akasiyana kwazvo uye anosanganisira kubva kuvharira imwe IP kero kana chiteshi kubvumira traffic chete kubva kune yakatarwa subnet. Isu tichaongorora zvinoenderana zvakanyanya tichishandisa mirairo inodiwa kukumbira UWF, hongu, nguva dzose kubva kuhurongwa hwesisitimu:

Bvisa chaiyo IP kero neUWF

Mutsara wekutanga watinofanira kuunza ndiwo anotevera:

sudo ufw deny from {dirección-ip} to any

Kuvhara kana kudzivirira kupasiswa kwemapakeji ese eiyo chaiyo IP kero isu tichaunza.

 sudo ufw deny from {dirección-ip} to any

Ratidza mamiriro eiyo firewall nemitemo yayo

Tinogona kuongorora mirau mitsva yatichangounza nemutsara unotevera:

$ sudo ufw status numbered

Kana nemirairo inotevera:

$ sudo ufw status

uwf-mufananidzo

Kunyatso kuvharwa kweiyo chaiyo IP kero kana chiteshi

Iyo syntax mune ino kesi ichave inotevera:

ufw deny from {dirección-ip} to any port {número-puerto}

Zvekare, kana isu tichida kuongorora mitemo, tichazviita nemirairo inotevera:

$ sudo ufw status numbered

Muenzaniso wezvaizobuditswa nemurairo uyu unotevera:

Chinzvimbo: chinoshingairira Kuita chiito Kubva - ------ ---- [1] 192.168.1.10 80 / tcp BATSIRA Chero kupi [2] 192.168.1.10 22 / tcp Bvumidza Kwese Kwese [3] Kwese kupi DENY 192.168.1.20 [4] 80 KURA MUNA 202.54.1.5

Bvisa chaiyo IP kero, chiteshi, uye protocol mhando

Kuti ukwanise kuvhara chaiyo IP kero, chiteshi uye / kana rudzi rweprotocol pakombuta yako, unofanirwa kuisa unotevera kuraira:

sudo ufw deny proto {tcp|udp} from {dirección-ip} to any port {número-puerto}

Semuenzaniso, dai isu taitambira kurwisa kubva ku Hacker Kubva kukero ye IP 202.54.1.1, kuburikidza nechiteshi chengarava 22 uye pasi peTCP protocol, mutongo uchazopinda unenge uri unotevera:

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

Kuvhara subnet

Kune ino chaiyo kesi syntax yakafanana chaizvo nezviitiko zvakapfuura, ona:

$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

Zivhura IP kero kana bvisa mutemo

Kana iwe usisiri kuda kuvharira IP kero mukati meyako system kana iwe uchangobva kuvhiringidzika paunopinda mutemo, edza unotevera kuraira:

$ sudo ufw status numbered
$ sudo ufw delete NUM

Semuenzaniso, kana isu tichida kubvisa mutemo nhamba 4, isu tinofanirwa kuisa iwo murairo zvinotevera:

$ sudo ufw delete 4

Nekuda kwekuraira kwakapinda, isu taizowana meseji pachiratidziro chakafanana neinotevera yatinokuratidza:

Kudzima:
 deni kubva ku202.54.1.5 kune chero chiteshi 80
Enderera nekushanda (y | n)? y
Mutemo wabviswa

Maitiro ekuita UWF isabvumidze IP kero

Mitemo iyo UWF (kana iptables, zvinoenderana nekuti unoitarisa sei) inoshanda vanogara vachitevera odha yako uye vanourayiwa nekukurumidza apo mutambo unoitika. Nekudaro, semuenzaniso, kana mutemo uri kubvumidza komputa ine chaiyo IP kero kuti ibatanidze kune yedu komputa kuburikidza nechiteshi 22 uye kushandisa TCP protocol (iti, sudo ufw chirega 22), uye gare gare pane mutemo mutsva unonyatsovhara chaiyo IP kero kune imwechete chiteshi 22 (semuenzaniso ne ufw kuramba proto tcp kubva 192.168.1.2 kune chero chiteshi 22), mutemo unoshandiswa pekutanga ndiwo unobvumidza kupinda pachiteshi 22 uye gare gare, iwo unovhara chiteshi icho kune IP yakaratidzwa, kwete. Imhaka yeizvozvo kurongeka kwemitemo chinhu chakakosha kana uchigadzira firewall yemuchina.

Kana isu tichida kudzivirira dambudziko iri kuti riitike, tinogona kugadzirisa iyo faira iri mu /etc/ufw/before.rules uye, mukati maro, wedzera chikamu chakadai se "Vharidzira IP Kero", uchangotevera mutsetse unoratidza kupera kweiyo imwechete "# End inodikanwa mitsara".

Iyo gwara ratakugadzirira iwe rinopera pano. Sezvauri kuona, kubva ikozvino zvichienda uye nerubatsiro rweUWF manejimendi yeiyo firewall Izvo hazvichazove zvega zvehurongwa maneja kana vashandisi vemberi.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Junquera akadaro
    inoita 8 makore

    kutumira kunze UWF = UFW
    ?

    Pindura Junquera