歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

ufw——linux下一個簡單的防火牆

ufw——linux下一個簡單的防火牆   ufw屬於管理員工具。    ufw的man文檔中已經有豐富的示例,例如:  01 Users  can  specify rules using either a simple syntax or a full syntax. 02        The simple syntax only specifies the port and optionally the protocol to 03        be allowed or denied on the host. For example: 04   05          ufw allow 53 06   07        This rule will allow tcp and udp port 53 to any address on this host. To 08        specify a protocol, append '/protocol' to the port. For example: 09   10          ufw allow 25/tcp 11   12        This will allow tcp port 25 to any address on this host. ufw  will  also 13        check /etc/services for the port and protocol if specifying a service by 14        name.  Eg: 15   16          ufw allow smtp 17   18        ufw supports both ingress and egress filtering and users may  optionally 19        specify  a direction of either in or out for either incoming or outgoing 20        traffic. If no direction is supplied, the rule applies to incoming traf‐ 21        fic. Eg: 22   23          ufw allow in http 24          ufw reject out smtp 25   26        Users  can  also use a fuller syntax, specifying the source and destina‐ 27        tion addresses and ports. This syntax is based on OpenBSD's  PF  syntax. 28        For example: 29   30          ufw deny proto tcp to any port 80 31   32        This will deny all traffic to tcp port 80 on this host. Another example: 33   34          ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 35   36        This  will deny all traffic from the RFC1918 Class A network to tcp port 37        25 with the address 192.168.0.1. 38   39          ufw deny proto tcp from 2001:db8::/32 to any port 25 40   41        This will deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on 42        this  host.  Note that IPv6 must be enabled in /etc/default/ufw for IPv6 43        firewalling to work. 44   45          ufw allow proto tcp from any to any port 80,443,8080:8090 46   47        The above will allow all traffic to tcp  ports  80,  443  and  8080-8090 48        inclusive.   Note  that  when  specifying multiple ports, the ports list 49        must be numeric, cannot contain spaces and must be modified as a  whole. 50        Eg,  in  the above example you cannot later try to delete just the '443' 51        port. You cannot specify more than 15 ports (ranges count as 2 ports, so 52        the port count in the above example is 4). 使用示例:  01 $ ufw status 02 ERROR: You need to be root to run this script 03   04 $ ufw deny 80/tcp 05 ERROR: You need to be root to run this script 06   07 $ sudo ufw deny 80/tcp 08 [sudo] password for sunlt: 09 Rules updated 10 Rules updated (v6) 11   12 $ sudo ufw status 13 Status: inactive 14   15 $ sudo ufw enable 16 Firewall is active and enabled on system startup 17   18 $ sudo ufw status 19 Status: active 20   21 To                         Action      From 22 --                         ------      ---- 23 80/tcp                     DENY        Anywhere 24 80/tcp                     DENY        Anywhere (v6) 25   26   27 $ sudo ufw status numbered 28 Status: active 29   30      To                         Action      From 31      --                         ------      ---- 32 [ 1] 80/tcp                     DENY IN     Anywhere 33 [ 2] 80/tcp                     DENY IN     Anywhere (v6) 34   35   36 $ sudo ufw delete 1 37 Deleting: 38  deny 80/tcp 39 Proceed with operation (y|n)? y 40 Rule deleted 41   42 $ sudo ufw delete 2 43 ERROR: Could not find rule '2' 44   45 $ sudo ufw status numbered 46 Status: active 47   48      To                         Action      From 49      --                         ------      ---- 50 [ 1] 80/tcp                     DENY IN     Anywhere (v6) 51   52   53 $ sudo ufw delete 1       54 Deleting: 55  deny 80/tcp 56 Proceed with operation (y|n)? y 57 Rule deleted (v6) 58   59 $ sudo ufw status numbered 60 Status: active 61   62 $ sudo ufw disable 63 Firewall stopped and disabled on system startup  
Copyright © Linux教程網 All Rights Reserved