{"id":2867,"date":"2017-11-17T10:28:21","date_gmt":"2017-11-17T02:28:21","guid":{"rendered":"http:\/\/cn.hostease.com\/xueyuan\/?p=2867"},"modified":"2017-11-17T10:28:21","modified_gmt":"2017-11-17T02:28:21","slug":"ubuntu%e9%98%b2%e7%81%ab%e5%a2%99%e5%ae%89%e8%a3%85%e5%92%8c%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/cn.hostease.com\/xueyuan\/hemanual\/ubuntu%e9%98%b2%e7%81%ab%e5%a2%99%e5%ae%89%e8%a3%85%e5%92%8c%e9%85%8d%e7%bd%ae\/","title":{"rendered":"Ubuntu\u9632\u706b\u5899\u5b89\u88c5\u548c\u914d\u7f6e"},"content":{"rendered":"

Ubuntu<\/a>\u5b89\u88c5UFW\u9632\u706b\u5899<\/h4>\n
sudo<\/span> apt-get install ufw <\/code><\/pre>\n
\u4e00\u822c\u7528\u6237\uff0c\u53ea\u9700\u5982\u4e0b\u8bbe\u7f6e\uff1a
\nsudo apt-get install ufw
\nsudo ufw enable
\nsudo ufw default deny<\/p>\n
\u4ee5\u4e0a\u4e09\u6761\u547d\u4ee4\u5df2\u7ecf\u8db3\u591f\u5b89\u5168\u4e86\uff0c\u5982\u679c\u4f60\u9700\u8981\u5f00\u653e\u67d0\u4e9b\u670d\u52a1\uff0c\u518d\u4f7f\u7528sudo ufw allow\u5f00\u542f\u3002<\/p>\n
\u542f\u7528<\/h4>\n
sudo ufw enable \r\nsudo ufw default<\/span> deny \r\n#\u8fd0\u884c\u4ee5\u4e0a\u4e24\u6761\u547d\u4ee4\u540e\uff0c\u5f00\u542f\u4e86\u9632\u706b\u5899\uff0c\u5e76\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u81ea\u52a8\u5f00\u542f\u3002 <\/span>\r\n#\u5173\u95ed\u6240\u6709\u5916\u90e8\u5bf9\u672c\u673a\u7684\u8bbf\u95ee\uff0c\u4f46\u672c\u673a\u8bbf\u95ee\u5916\u90e8\u6b63\u5e38\u3002 <\/span><\/code><\/pre>\n
\u5f00\u542f\/\u7981\u7528<\/h4>\n
sudo<\/span> ufw allow|deny [service] <\/code><\/pre>\n
\u6253\u5f00\u6216\u5173\u95ed\u67d0\u4e2a\u7aef\u53e3\uff0c\u4f8b\u5982\uff1a<\/h4>\n
sudo<\/span> ufw allow smtp\u3000      #\u5141\u8bb8\u6240\u6709\u7684\u5916\u90e8IP\u8bbf\u95ee\u672c\u673a\u768425\/tcp (smtp)\u7aef\u53e3 <\/span>\r\nsudo<\/span> ufw allow 22<\/span>\/tcp      #\u5141\u8bb8\u6240\u6709\u7684\u5916\u90e8IP\u8bbf\u95ee\u672c\u673a\u768422\/tcp (ssh)\u7aef\u53e3 <\/span>\r\nsudo<\/span> ufw allow 53<\/span>          #\u5141\u8bb8\u5916\u90e8\u8bbf\u95ee53\u7aef\u53e3(tcp\/udp) <\/span>\r\nsudo<\/span> ufw allow from 192.168<\/span>.1.100<\/span> #\u5141\u8bb8\u6b64IP\u8bbf\u95ee\u6240\u6709\u7684\u672c\u673a\u7aef\u53e3 <\/span>\r\nsudo<\/span> ufw allow proto udp 192.168<\/span>.0.1<\/span> port 53<\/span> to 192.168<\/span>.0.2<\/span> port 53<\/span> \r\nsudo<\/span> ufw deny smtp         #\u7981\u6b62\u5916\u90e8\u8bbf\u95eesmtp\u670d\u52a1 <\/span>\r\nsudo<\/span> ufw delete allow smtp #\u5220\u9664\u4e0a\u9762\u5efa\u7acb\u7684\u67d0\u6761\u89c4\u5219 <\/span><\/code><\/pre>\n
\u67e5\u770b\u9632\u706b\u5899\u72b6\u6001<\/h4>\n
sudo<\/span> ufw status <\/code><\/pre>\n
\u8865\u5145\uff1a<\/h4>\n
#\u5f00\u542f\/\u5173\u95ed\u9632\u706b\u5899 (\u9ed8\u8ba4\u8bbe\u7f6e\u662f\u2019disable\u2019)<\/span>\r\nufw enable|disable\r\n\r\n#\u8f6c\u6362\u65e5\u5fd7\u72b6\u6001<\/span>\r\nufw logging on|off\r\n\r\n#\u8bbe\u7f6e\u9ed8\u8ba4\u7b56\u7565 (\u6bd4\u5982 \u201cmostly open\u201d vs \u201cmostly closed\u201d)<\/span>\r\nufw default<\/span> allow|deny\r\n\r\n#\u8bb8\u53ef\u6216\u8005\u5c4f\u853d\u67d0\u4e9b\u5165\u57e0\u7684\u5305 (\u53ef\u4ee5\u5728\u201cstatus\u201d \u4e2d\u67e5\u770b\u5230\u670d\u52a1\u5217\u8868\uff3b\u89c1\u540e\u6587\uff3d)<\/span>\r\n#\u53ef\u4ee5\u7528\u201c\u534f\u8bae\uff1a\u7aef\u53e3\u201d\u7684\u65b9\u5f0f\u6307\u5b9a\u4e00\u4e2a\u5b58\u5728\u4e8e\/etc\/services\u4e2d\u7684\u670d\u52a1\u540d\u79f0\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5305\u7684meta-data\u3002 \u2018allow\u2019 \u53c2\u6570\u5c06\u628a\u6761\u76ee\u52a0\u5165 \/etc\/ufw\/maps \uff0c\u800c \u2018deny\u2019 \u5219\u76f8\u53cd\u3002\u57fa\u672c\u8bed\u6cd5\u5982\u4e0b\uff1a<\/span>\r\nufw allow|deny [service]\r\n\r\n#\u663e\u793a\u9632\u706b\u5899\u548c\u7aef\u53e3\u7684\u4fa6\u542c\u72b6\u6001\uff0c\u53c2\u89c1 \/var\/lib\/ufw\/maps\u3002\u62ec\u53f7\u4e2d\u7684\u6570\u5b57\u5c06\u4e0d\u4f1a\u88ab\u663e\u793a\u51fa\u6765\u3002<\/span>\r\nufw status<\/code><\/pre>\n
UFW\u4f7f\u7528\u8303\u4f8b\uff1a<\/h4>\n
#\u5141\u8bb8 53 \u7aef\u53e3<\/span>\r\n$ sudo<\/span> ufw allow 53<\/span>\r\n\r\n#\u7981\u7528 53 \u7aef\u53e3<\/span>\r\n$ sudo<\/span> ufw delete allow 53<\/span>\r\n\r\n#\u5141\u8bb8 80 \u7aef\u53e3<\/span>\r\n$ sudo<\/span> ufw allow 80<\/span>\/tcp\r\n\r\n#\u7981\u7528 80 \u7aef\u53e3<\/span>\r\n$ sudo<\/span> ufw delete allow 80<\/span>\/tcp\r\n\r\n#\u5141\u8bb8 smtp \u7aef\u53e3<\/span>\r\n$ sudo<\/span> ufw allow smtp\r\n\r\n#\u5220\u9664 smtp \u7aef\u53e3\u7684\u8bb8\u53ef<\/span>\r\n$ sudo<\/span> ufw delete allow smtp\r\n\r\n#\u5141\u8bb8\u67d0\u7279\u5b9a IP<\/span>\r\n$ sudo<\/span> ufw allow from 192.168<\/span>.254.254<\/span>\r\n\r\n#\u5220\u9664\u4e0a\u9762\u7684\u89c4\u5219<\/span>\r\n$ sudo<\/span> ufw delete allow from 192.168<\/span>.254.254<\/span>    <\/code><\/pre>\n
[\u6ce8]
\n\u5c40\u57df\u7f51ping\u4e0d\u901amac\u4e3b\u673a\u7684\u539f\u56e0\uff1a
\n1. \u7f51\u7edc\u8fde\u63a5\u6216\u7f51\u7edc\u4e0d\u7a33\u5b9a
\n2. mac\u7535\u8111\u9501\u5c4f\u6216\u5173\u673a
\n3. \u9632\u706b\u5899\u8bbe\u7f6e
\n4. ICMP\u534f\u8bae\u8bbe\u7f6e<\/p>\n
\u672c\u6587\u6c38\u4e45\u66f4\u65b0\u94fe\u63a5\u5730\u5740<\/strong>\uff1ahttps:\/\/www.linuxidc.com\/Linux\/2016-12\/138259.htm<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Ubuntu\u5b89\u88c5UFW\u9632\u706b\u5899 sudo apt-get install ufw \u4e00\u822c\u7528\u6237\uff0c\u53ea\u9700\u5982\u4e0b\u8bbe\u7f6e\uff1a su … \u9605\u8bfb\u66f4\u591a<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,5],"tags":[791],"class_list":["post-2867","post","type-post","status-publish","format-standard","hentry","category-hemanual","category-jishu","tag-ubuntuufw"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2867","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/comments?post=2867"}],"version-history":[{"count":1,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2867\/revisions"}],"predecessor-version":[{"id":2868,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/posts\/2867\/revisions\/2868"}],"wp:attachment":[{"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/media?parent=2867"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/categories?post=2867"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cn.hostease.com\/xueyuan\/wp-json\/wp\/v2\/tags?post=2867"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}