ufw(Uncomplicated FireWall)是ubuntu默认安装的防火墙管理工具,实际上底层调用的还是iptables。顾名思义,ufw的出现是为了让不熟悉iptables机制的用户能够快速的配置防火墙。
通用开局
ufw本身作为一个服务,使用前需要确保ufw服务进程的状态开启:
systemctl status ufw
ufw的命令语法也十分简单直接,而且部分操作即时生效。
# 防火墙状态查看,默认是关闭 root@test:~# ufw status Status: inactive # 防火墙开启: root@test:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup root@test:~# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip # 配置默认的入站规则为拒绝,实际上不需要配置,因为这是默认配置: root@test:~# ufw default deny Default incoming policy changed to 'deny' (be sure to update your rules accordingly) # 查看当前防火墙放行的应用(端口) root@test:~# ufw app list Available applications: OpenSSH # 根据业务需求放行端口,例如放行TCP的8080端口 root@test:~# ufw status Status: active root@test:~# ufw allow 8080/tcp Rule added Rule added (v6) root@test:~# ufw status Status: active To Action From -- ------ ---- 8080/tcp ALLOW Anywhere 8080/tcp (v6) ALLOW Anywhere (v6) # 移除规则 root@test:~# ufw status Status: active To Action From -- ------ ---- 8080/tcp ALLOW Anywhere 8080/tcp (v6) ALLOW Anywhere (v6) root@test:~# ufw delete allow 8080/tcp Rule deleted Rule deleted (v6) root@test:~# ufw status Status: active # 限制访问本机ssh的源IP root@test:~# ufw allow proto tcp from 192.168.0.1 to any port 22 Rule added root@test:~# ufw status Status: active To Action From -- ------ ---- 8080/tcp ALLOW Anywhere 22/tcp ALLOW 192.168.0.1 8080/tcp (v6) ALLOW Anywhere (v6)
评论列表,共 0 条评论
暂无评论