Manjaro

Difference between revisions of "Firewalls/zh-cn"

Firewalls/zh-cn (view source)

Revision as of 17:04, 10 December 2021

70 bytes removed ,  2 years ago
Created page with "{{warning|iptables.service 和 ufw.service 是冲突的,不要同时启用他们}}"
(Created page with "建议您运行本地防火墙,即使您已经处于网络防火墙的保护之下。本地防火墙将保护你免受内网中威胁的影响。")
 
(Created page with "{{warning|iptables.service 和 ufw.service 是冲突的,不要同时启用他们}}")
Line 2: Line 2:
__TOC__
__TOC__


=Overview=
==绪论==


建议您运行本地防火墙,即使您已经处于网络防火墙的保护之下。本地防火墙将保护你免受内网中威胁的影响。
建议您运行本地防火墙,即使您已经处于网络防火墙的保护之下。本地防火墙将保护你免受内网中威胁的影响。




=UFW=  
==不复杂的防火墙(Uncomplicated FireWall)==  


UFW stands for Uncomplicated FireWall, and is a program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.  UFW is far simpler than iptables and a good place to start unless you have very specialized needs.
UFW表示简单的防火墙,作为一个对netfilter防火墙的的包装。它提供了一个命令行界面,旨在简单易用。UFW远比iptables更加简单;除非你有特殊需求,使用UFW是最佳选择。




==Installing UFW==
==安装UFW==


You can install the {{ic|ufw}} package using you favorite package manager or the command:
您可以使用任何包管理器安装UFW,如 pamac install ufw
pamac install ufw




Once UFW is installed you need to start and enable it using the commands:
一旦UFW安装好了,您需要使用一下命令启动您的防火墙:
sudo systemctl enable ufw.service
sudo systemctl enable ufw.service
sudo ufw enable
sudo ufw enable




{{warning|Don't enable both iptables.service and ufw.service}}
{{warning|iptables.service ufw.service 是冲突的,不要同时启用他们}}




==Adding Rules==
==添加规则==


To view the current configuration you can use the command {{ic|ufw status}}.  Here is what it looks like in a new install:
想要看见目前的设置,可以输入 {{ic|ufw status}}。 如果您是第一次安装,命令行中应当有如下输出:
<pre>
<pre>
sudo ufw status verbose
sudo ufw status verbose
Line 38: Line 37:




This indicates that it will block all incoming traffic and allow all outgoing traffic.  This is a good starting point for most desktop systems.  However, often we will want to allow some incoming traffic.  This can be done with the command {{ic|ufw allow}}.  For example, if we want to allow incoming ssh traffic so we can connect to the machine from other machines on the network we could use the command:
这表示它将阻止所有传入流量并允许所有传出流量。这在大多数情况下是一个很好的起点。但是,您通常希望允许一些传入的流量。这可以通过命令{{ic | UFW允许}}来完成。例如,如果您想要允许传入的SSH流量,所以您可以从网络上的其他机器连接到这台机器,您可以使用:
sudo ufw allow ssh
sudo ufw allow ssh




Yubo
14

edits

Retrieved from "https://wiki.manjaro.org/index.php/Special:MobileDiff/29407"