{"id":141,"date":"2022-02-13T21:43:42","date_gmt":"2022-02-13T13:43:42","guid":{"rendered":"https:\/\/me.nicejelly.xyz\/?p=141"},"modified":"2022-02-13T21:43:42","modified_gmt":"2022-02-13T13:43:42","slug":"ufw%e5%91%bd%e4%bb%a4","status":"publish","type":"post","link":"https:\/\/me.spacelite.top\/?p=141","title":{"rendered":"UFW\u547d\u4ee4"},"content":{"rendered":"<p>1.\u5b89\u88c5<\/p>\n<p>sudo apt-get install ufw<\/p>\n<p>2.\u542f\u7528<\/p>\n<p>sudo ufw enable<\/p>\n<p>sudo ufw default deny<\/p>\n<p>\u8fd0\u884c\u4ee5\u4e0a\u4e24\u6761\u547d\u4ee4\u540e\uff0c\u5f00\u542f\u4e86\u9632\u706b\u5899\uff0c\u5e76\u5728\u7cfb\u7edf\u542f\u52a8\u65f6\u81ea\u52a8\u5f00\u542f\u3002\u5173\u95ed\u6240\u6709\u5916\u90e8\u5bf9\u672c\u673a\u7684\u8bbf\u95ee\uff0c\u4f46\u672c\u673a\u8bbf\u95ee\u5916\u90e8\u6b63\u5e38\u3002<\/p>\n<p>3.\u5f00\u542f\/\u7981\u7528<\/p>\n<p>sudo ufw allow|deny [service]<\/p>\n<p>\u6253\u5f00\u6216\u5173\u95ed\u67d0\u4e2a\u7aef\u53e3\uff0c\u4f8b\u5982\uff1a<\/p>\n<p>sudo ufw allow smtp\u3000\u5141\u8bb8\u6240\u6709\u7684\u5916\u90e8IP\u8bbf\u95ee\u672c\u673a\u768425\/tcp (smtp)\u7aef\u53e3<\/p>\n<p>sudo ufw allow 22\/tcp \u5141\u8bb8\u6240\u6709\u7684\u5916\u90e8IP\u8bbf\u95ee\u672c\u673a\u768422\/tcp (ssh)\u7aef\u53e3<\/p>\n<p>sudo ufw allow 53 \u5141\u8bb8\u5916\u90e8\u8bbf\u95ee53\u7aef\u53e3(tcp\/udp)<\/p>\n<p>sudo ufw allow from 192.168.1.100 \u5141\u8bb8\u6b64IP\u8bbf\u95ee\u6240\u6709\u7684\u672c\u673a\u7aef\u53e3<\/p>\n<p>sudo ufw allow proto udp 192.168.0.1 port 53 to 192.168.0.2 port 53<\/p>\n<p>sudo ufw deny smtp \u7981\u6b62\u5916\u90e8\u8bbf\u95eesmtp\u670d\u52a1<\/p>\n<p>sudo ufw delete allow smtp \u5220\u9664\u4e0a\u9762\u5efa\u7acb\u7684\u67d0\u6761\u89c4\u5219<\/p>\n<p>4.\u67e5\u770b\u9632\u706b\u5899\u72b6\u6001<\/p>\n<p>sudo ufw status<\/p>\n<p>\u4e00\u822c\u7528\u6237\uff0c\u53ea\u9700\u5982\u4e0b\u8bbe\u7f6e\uff1a<\/p>\n<p>sudo apt-get install ufw<\/p>\n<p>sudo ufw enable<\/p>\n<p>sudo ufw default deny<\/p>\n<p>\u4ee5\u4e0a\u4e09\u6761\u547d\u4ee4\u5df2\u7ecf\u8db3\u591f\u5b89\u5168\u4e86\uff0c\u5982\u679c\u4f60\u9700\u8981\u5f00\u653e\u67d0\u4e9b\u670d\u52a1\uff0c\u518d\u4f7f\u7528sudo ufw allow\u5f00\u542f\u3002<\/p>\n<p>\u5f00\u542f\/\u5173\u95ed\u9632\u706b\u5899 (\u9ed8\u8ba4\u8bbe\u7f6e\u662f\u2019disable\u2019)<\/p>\n<p>sudo \u00a0ufw enable|disable<\/p>\n<p>\u8f6c\u6362\u65e5\u5fd7\u72b6\u6001<\/p>\n<p>sudo \u00a0ufw logging on|off<\/p>\n<p>\u8bbe\u7f6e\u9ed8\u8ba4\u7b56\u7565 (\u6bd4\u5982 \u201cmostly open\u201d vs \u201cmostly closed\u201d)<\/p>\n<p>sudo \u00a0ufw default allow|deny<\/p>\n<p>\u8bb8 \u53ef\u6216\u8005\u5c4f\u853d\u7aef\u53e3 (\u53ef\u4ee5\u5728\u201cstatus\u201d \u4e2d\u67e5\u770b\u5230\u670d\u52a1\u5217\u8868)\u3002\u53ef\u4ee5\u7528\u201c\u534f\u8bae\uff1a\u7aef\u53e3\u201d\u7684\u65b9\u5f0f\u6307\u5b9a\u4e00\u4e2a\u5b58\u5728\u4e8e\/etc\/services\u4e2d\u7684\u670d\u52a1\u540d\u79f0\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u5305\u7684meta-data\u3002 \u2018allow\u2019 \u53c2\u6570\u5c06\u628a\u6761\u76ee\u52a0\u5165 \/etc\/ufw\/maps \uff0c\u800c \u2018deny\u2019 \u5219\u76f8\u53cd\u3002\u57fa\u672c\u8bed\u6cd5\u5982\u4e0b\uff1a<\/p>\n<p>sudo \u00a0ufw allow|deny [service]<\/p>\n<p>\u663e\u793a\u9632\u706b\u5899\u548c\u7aef\u53e3\u7684\u4fa6\u542c\u72b6\u6001\uff0c\u53c2\u89c1 \/var\/lib\/ufw\/maps\u3002\u62ec\u53f7\u4e2d\u7684\u6570\u5b57\u5c06\u4e0d\u4f1a\u88ab\u663e\u793a\u51fa\u6765\u3002<\/p>\n<p><audio style=\"display: none;\" controls=\"controls\"><\/audio><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.\u5b89\u88c5 sudo apt-get install ufw 2.\u542f\u7528 sudo ufw enable&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-141","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/posts\/141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=141"}],"version-history":[{"count":1,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/posts\/141\/revisions"}],"predecessor-version":[{"id":142,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=\/wp\/v2\/posts\/141\/revisions\/142"}],"wp:attachment":[{"href":"https:\/\/me.spacelite.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me.spacelite.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}