Difference between revisions of "Firewalls/fa"
Views
Actions
Namespaces
Variants
Tools
(Created page with "پس از نصب UFW، باید آن را با استفاده از دستورات زیر شروع کرده و فعال کنید: $usercmd2 $usercmd3") Tags: Mobile web edit Mobile edit |
(Created page with "{{هشدار|هم iptables.service و هم ufw.service را با هم فعال نکنید. ابتدا iptables.service غیرفعال و سپس ufw.service را فعال کن...") Tags: Mobile web edit Mobile edit |
||
Line 19: | Line 19: | ||
{{UserCmd|command=sudo ufw enable}} | {{UserCmd|command=sudo ufw enable}} | ||
{{ | {{هشدار|هم iptables.service و هم ufw.service را با هم فعال نکنید. ابتدا iptables.service غیرفعال و سپس ufw.service را فعال کنید.}} | ||
==Adding Rules== | ==Adding Rules== |
Revision as of 12:03, 15 April 2022
نمای کلّی
اجرای یک دیوارآتش محلی تقریباً همیشه یک تمرین خوب است. حتی زمانی که پشت دیوارآتش شبکه قرار دارید، یک دیوارآتش محلی از شما در برابر تهدیدات داخل شبکه محافظت می کند.
UFW
UFW مخفف Uncomplicated FireWall است و برنامه ای برای مدیریت دیوارآتش و فیلتر شبکه است. این یک رابط خطفرمان فراهم می کند و هدف آن این است که بدون پیچیدگی و آسان برای استفاده باشد. UFW بسیار سادهتر از iptables است و مکان خوبی برای شروع است مگر اینکه نیازهای بسیار تخصصی داشته باشید.
=نصب UFW
می توانید بسته ufw را با استفاده از مدیر بسته مورد علاقه خود یا با دستور زیر نصب کنید:
پس از نصب UFW، باید آن را با استفاده از دستورات زیر شروع کرده و فعال کنید:
Adding Rules
To view the current configuration you can use the command ufw status
. Here is what it looks like in a new install:
$ sudo ufw status verbose
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip
This indicates that it will block all incoming traffic and allow all outgoing traffic. This is a good starting point for most desktop systems. However, often we will want to allow some incoming traffic. This can be done with the command ufw allow
. For example, if we want to allow incoming ssh traffic so we can connect to the machine from other machines on the network we could use the command:
If we wanted to also tcp connections to a local webserver on a non-standard https port, 8443. We could use the command:
UFW and Applications
You may notice a difference in the above two commands. When we built the rules for ssh we used the name and for https we used the port number, 8443. This is because UFW has a small database of applications it knows the ports for. You can see the list with the command:
For applications on the list you can add them by name. If you want to review the configuration for one of the applications, you can use the command ufw app info
. For example, to the configuration for ssh:
$ sudo ufw app info SSH
Profile: SSH Title: SSH server Description: SSH server Port: 22/tcp
Some additional preconfigured applications can be added by installing the package ufw-extras
with your favorite package manager or the command:
Removing Rules
Rules can be removed with the ufw delete
command. For example, to delete our 8443 rules we could use the command:
You can also delete them by number. This is easier if you have a numbered list which you can see with the command:
$ sudo ufw status numbered
Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 22 (v6) ALLOW IN Anywhere (v6)
Now if we wanted to stop allowing ssh on ipv6 we could use the command:
GUFW
Prefer to use GUI applications and still want to manage your firewall? No problem. GUFW is a GTK front-end for UFW that aims to make managing a Linux firewall as accessible and easy as possible. It features pre-sets for common ports and p2p applications.
If it is not installed already gufw can be installed from the repos:
It will now be available in the menu as Firewall Configuration or by running gufw
directly.
iptables
iptables is included as part of the Linux kernel. iptables is significantly more complicated than using a tool like UFW. As a result, a full tutorial on iptables is beyond the scope of this wiki. Using iptables on Manjaro should be the same for every distribution of Linux so there is plenty of available documentation. Some of this is linked below. Here are some basics to get you started.
To enable loading rules on startup you can use the command:
This will load the rules from the file /etc/iptables/iptables.rules
.
To display the currently loaded rules:
To save the current rules to a file
To load the rules from a file
To allow ssh connections
See Also
- The Arch Wiki on UFW
- The UFW website
- The GUFW website
- The iptables man page
- The Arch Wiki on iptables
- The Debian Wiki on iptables