Ulawulo olulula lwe-firewall kunye ne-UWF

Ubuntu firewall

I-firewall ngoku iye yaba sesinye sezixhobo ezisisiseko sokhuseleko kuyo nayiphi na ikhompyuter, nokuba yeyekhaya okanye yeshishini. Ukucwangciswa kwayo kuhlala kungalulanga Kwaye kunokuba yintloko kubasebenzisi abanamava. Ukunceda kulo msebenzi kukho izixhobo ezinje nge-UWF (i-Firewall engaqondakaliyo) yenza lula ulawulo lolawulo lomlilo yeqela.

I-UWF sisiphelo esingaphambili se-iptables esilungele ngokukodwa iiseva kwaye, enyanisweni, isixhobo sokumisela esingagqibekanga ku-Ubuntu Linux. Uphuhliso lwayo lwenziwa ngombono wokudala usetyenziso olulula nolusebenzisekayo kwaye belukhona. Ukudala imigaqo ye-IPv4 kunye ne-IPv6 iidilesi akukaze kube lula. Kwisifundo esikubonisa apha ngezantsi, siya kukufundisa ukusebenzisa imiyalelo esisiseko ye-UWF ukumisela imigaqo yesiqhelo onokuyidinga kwi-firewall yakho.

Imisebenzi esisiseko esinokuyenza kwi-firewall yenkqubo yahluke kakhulu kwaye ibandakanya ukuvimba idilesi ye-IP okanye izibuko ukuvumela ukugcwala kuphela kwi-subnet ethile. Siza kuvavanya ezona zichaphazelekayo sisebenzisa imiyalelo eyimfuneko yokubhenela i-UWF, ewe, rhoqo kwisiphelo sendlela:

Vimba idilesi ye-IP ethile kunye ne-UWF

Is syntax esisiseko ekufuneka siyazise yile ilandelayo:

sudo ufw deny from {dirección-ip} to any

Ukuthintela okanye ukuthintela ukuhamba kwazo zonke iipakethi zedilesi ethile ye-IP esiza kuyazisa:

 sudo ufw deny from {dirección-ip} to any 

Bonisa inqanaba le-firewall kunye nemithetho yayo

Singayingqina imigaqo emitsha esisandula ukuyazisa ngesi sivakalisi silandelayo:

$ sudo ufw status numbered

Okanye ngalo myalelo ulandelayo:

$ sudo ufw status

umfanekiso we-uwf

Ukuthintela ngokuthe ngqo idilesi ye-IP okanye izibuko

Is syntax kule meko iya kuba yile ilandelayo:

ufw deny from {dirección-ip} to any port {número-puerto}

Kwakhona, ukuba sifuna ukuqinisekisa imigaqo esiya kuyenza ngalo myalelo ulandelayo:

$ sudo ufw status numbered

Umzekelo weziphumo eziza kubonelelwa ngulo myalelo zezi zilandelayo:

Isimo: iyasebenza ukuya kwiNtshukumo Ukusuka------- ---- [1] 192.168.1.10 80 / tcp VUMELA naphina [2] 192.168.1.10 22 / tcp VUMELELA naphina [3] naphi na naphi DENY 192.168.1.20 [4] UKUQHUBA 80 KWI-202.54.1.5

Vimba idilesi ye-IP ethile, izibuko, kunye nohlobo lwenkqubo

Ukuze ukwazi ukuvimba idilesi ethile ye-IP, izibuko kunye / okanye uhlobo lweprotocol kwikhompyuter yakho, kuya kufuneka ufake lo myalelo ulandelayo:

sudo ufw deny proto {tcp|udp} from {dirección-ip} to any port {número-puerto}

Umzekelo, ukuba besifumana uhlaselo oluvela ku Hacker Ukusuka kwidilesi ye-IP 202.54.1.1, ngezibuko le-22 nangaphantsi komgaqo we-TCP, isigwebo esiza kungeniswa siya kuba koku kulandelayo:

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

Ukuthintela i-subnet

Kule meko ikhethekileyo i-syntax ifana kakhulu namatyala angaphambili, qaphela:

$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

Vulela idilesi ye-IP okanye ucime umthetho

Ukuba awusafuni ukuvimba idilesi ye-IP ngaphakathi kwenkqubo yakho okanye uye wadideka ngokungena kumgaqo, zama lo myalelo ulandelayo:

$ sudo ufw status numbered
$ sudo ufw delete NUM

Umzekelo, ukuba sifuna ukuphelisa umthetho wenombolo 4, kufuneka singenise lo myalelo ngolu hlobo lulandelayo:

$ sudo ufw delete 4

Ngenxa yokungena komyalelo, siya kufumana umyalezo kwiscreen esifana nale ilandelayo esikubonisa yona:

Ukucima:
 deni ukusuka kwi-202.54.1.5 ukuya kulo naliphi na izibuko 80
Qhubeka nokusebenza (y | n)? y
Umthetho ususiwe

Uyenza njani i-UWF ingavali idilesi ye-IP

Imigaqo ethi UWF (okanye iptables, kuxhomekeke kwindlela ojonga ngayo) iyasebenza zihlala zilandela iodolo yakho kwaye zenziwa kwangoko xa umdlalo usenzeka. Ke, umzekelo, ukuba umthetho uvumela ikhompyuter enedilesi ethile ye-IP ukuba iqhagamshele kwikhompyuter yethu ngezibuko 22 kunye nokusebenzisa umthetho olandelwayo we-TCP (yithi, sudo ufw vumela i-22), kwaye kamva kukho umthetho omtsha othintela ngokuthe ngqo idilesi ye-IP kwizibuko elifanayo le-22 (umzekelo ufw khanyela proto tcp ukusuka 192.168.1.2 kulo naliphi na izibuko 22), umgaqo osetyenziswa kuqala ngulowo uvumela ukufikelela kwizibuko lama-22 kwaye kamva, lowo uvimba elo zibuko kwi-IP ebonisiweyo, hayi. Kungenxa yoko uku-odolwa kwemigaqo yinto ethatha isigqibo xa kuqwalaselwa i-firewall yomatshini.

Ukuba sifuna ukukhusela le ngxaki ingenzeki, Singahlela ifayile ebekwe kwi /etc/ufw/before.rules kwaye, ngaphakathi kuyo, yongeza icandelo elinjenge "Vimba idilesi ye-IP", emva nje komgca obonisa ukuphela kwendlela efanayo "# Ukuphela kwemigca efunekayo".

Isikhokelo esikulungiselele sona siphela apha. Njengoko ubona, ukusukela ngoku ngoncedo lwe-UWF kulawulo lwefayile ye firewall Ayizukuphinda ikhetheke kuphela kubalawuli benkqubo okanye kubasebenzisi abaphambili.


Izimvo, shiya eyakho

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   IJunquera sitsho

    ukuthumela ngaphandle UWF = UFW
    ?