Ukuphathwa kwe-firewall okulula nge-UWF

Luis Gómez

Imizuzu ye-5

ubuntu firewall

I-firewall manje isiphenduke elinye lamathuluzi ayisisekelo okuphepha kunoma iyiphi ikhompyutha, kungaba ekhaya noma ebhizinisini. Ukucushwa kwayo kaningi akulula Futhi kungaba yikhanda kubasebenzisi abangenawo amava. Ukusiza kulo msebenzi kunamathuluzi afana ne-UWF (Uncomplicated Firewall) azama lula ukuphathwa komthetho we-firewall weqembu.

I-UWF i-iptables front-end elungele kahle amaseva futhi empeleni, ithuluzi lokumisa elizenzakalelayo ku-Ubuntu Linux. Ukuthuthuka kwayo kwenziwa ngomqondo wokudala uhlelo lokusebenza olulula nolusebenziseka kalula futhi bekulokhu kunjalo. Ukudala imithetho yamakheli we-IPv4 ne-IPv6 akukaze kube lula kangako. Esifundweni esikubonisa sona ngezansi, sizokufundisa ukusebenzisa imiyalo eyisisekelo ye-UWF ukumisa imithetho ejwayelekile ongayidinga ku-firewall yakho.

Imisebenzi eyisisekelo esingayenza ku-firewall yohlelo ihlukahlukene kakhulu futhi ifaka phakathi ukuvimba ikheli elithile le-IP noma itheku ukuvumela ithrafikhi kuphela kusuka ku-subnet ethile. Manje sizobuyekeza ezifanele kakhulu sisebenzisa imiyalo edingekayo yokuncenga i-UWF, yebo, njalo kusuka esigungwini sohlelo:

Vimba ikheli elithile le-IP nge-UWF

I-syntax eyisisekelo okufanele siyethule yile elandelayo:

sudo ufw deny from {dirección-ip} to any

Ukuvimba noma ukuvimbela ukudlula kwawo wonke amaphakethe ekheli elithile le-IP sizokwethula:

 sudo ufw deny from {dirección-ip} to any

Khombisa isimo se-firewall nemithetho yaso

Singayiqinisekisa imithetho emisha esisanda kuyethula ngomusho olandelayo:

$ sudo ufw status numbered

Noma ngomyalo olandelayo:

$ sudo ufw status

isithombe se-uwf

Ukuvinjwa okuqondile kwekheli elithile le-IP noma itheku

Isi syntax kuleli cala kungaba okulandelayo:

ufw deny from {dirección-ip} to any port {número-puerto}

Futhi, uma sifuna ukuqinisekisa imithetho sizoyenza ngomyalo olandelayo:

$ sudo ufw status numbered

Isibonelo sokukhishwa okuzonikezwa yilo myalo yilokhu okulandelayo:

Isimo: kuyasetshenzelwa kusenzelwa kusuka - ------ ---- [1] 192.168.1.10 80 / tcp VUMELELA noma ikuphi [2] 192.168.1.10 22 / tcp VUMELA Noma kuphi [3] Nomaphi DENY 192.168.1.20 [4] 80 PHIKA NGO-202.54.1.5

Vimba ikheli elithile le-IP, ichweba, nohlobo lwephrothokholi

Ukuze uvimbele ikheli elithile le-IP, itheku kanye / noma uhlobo lomthetho olandelwayo kukhompyutha yakho, kufanele ufake umyalo olandelayo:

sudo ufw deny proto {tcp|udp} from {dirección-ip} to any port {número-puerto}

Isibonelo, uma ngabe besithola ukuhlaselwa okuvela ku- hacker Kusuka kukheli le-IP 202.54.1.1, kudlulela ethekwini 22 nangaphansi komthetho olandelwayo we-TCP, isigwebo esizofakwa kungaba okulandelayo:

$ sudo ufw deny proto tcp from 202.54.1.1 to any port 22
$ sudo ufw status numbered

Ukuvimba i-subnet

Kuleli cala elithile i-syntax ifana kakhulu namacala angaphambilini, qaphela:

$ sudo ufw deny proto tcp from sub/net to any port 22
$ sudo ufw deny proto tcp from 202.54.1.0/24 to any port 22

Vulela ikheli le-IP noma susa umthetho

Uma ungasafuni ukuvimba ikheli le-IP ngaphakathi kohlelo lwakho noma umane wadideka lapho ufaka umthetho, zama umyalo olandelayo:

$ sudo ufw status numbered
$ sudo ufw delete NUM

Isibonelo, uma sifuna ukususa umthetho wenombolo 4, kufanele sifake umyalo ngale ndlela elandelayo:

$ sudo ufw delete 4

Njengomphumela womyalo ofakiwe, sizothola umlayezo esikrinini ofana nokulandelayo esikukhombisa wona:

Iyasusa:
 deni kusuka ku-202.54.1.5 kunoma iyiphi ichweba 80
Qhubeka nokusebenza (y | n)? y
Umthetho ususiwe

Ungayenza kanjani i-UWF ingavimbeli ikheli le-IP

Imithetho i-UWF (noma i-iptables, kuya ngokuthi uyibuka kanjani) iyasebenza zihlala zilandela i-oda lakho futhi zenziwa ngokushesha nje lapho umdlalo uvela. Ngakho-ke, ngokwesibonelo, uma umthetho uvumela ikhompyutha enekheli elithile le-IP ukuxhuma kukhompyutha yethu nge-port 22 nangephrothokholi ye-TCP (yithi, sudo ufw vumela i-22), futhi kamuva kunomthetho omusha ovimba ngqo ikheli elithile le-IP ethekwini elifanayo 22 (ngokwesibonelo ufw yenqaba i-proto tcp kusuka ku-192.168.1.2 kunoma iyiphi i-port 22), umthetho osetshenziswe kuqala yilowo ovumela ukufinyelela ku-port 22 futhi kamuva, lowo ovimba lelo chweba ku-IP ekhonjisiwe, cha. Kungenxa yalokho ukuhleleka kwemithetho kuyisinqumo esinqumayo lapho kulungiswa i-firewall yomshini.

Uma sifuna ukuvimbela le nkinga ukuthi ingenzeki, singahlela ifayela elitholakala ku- /etc/ufw/before.rules futhi, ngaphakathi kwalo, engeza isigaba esifana nokuthi "Vimba ikheli le-IP", ngemuva nje komugqa okhombisa ukuphela kolayini ofanayo "# End edingekayo".

Umhlahlandlela esikulungiselele wona uphelela lapha. Njengoba ukwazi ukubona, kusukela manje kuqhubeke futhi ngosizo lwe-UWF ukuphathwa kwe- firewall Ngeke isagxila kubaphathi bohlelo noma kubasebenzisi abaphambili.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   UJunquera kusho
    kwenza iminyaka 8

    thekelisa UWF = UFW
    ?

    Phendula uJunquera