如何在Ubuntu 20.04上使用UFW设置防火墙

介绍 (Introduction)

UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.

UFW或简单的防火墙是简化的防火墙管理界面，它隐藏了诸如iptables和nftables类的低级数据包过滤技术的复杂性。 如果您希望开始保护网络安全，并且不确定使用哪种工具，UFW可能是您的正确选择。

This tutorial will show you how to set up a firewall with UFW on Ubuntu 20.04.

本教程将向您展示如何在Ubuntu 20.04上使用UFW设置防火墙。

先决条件 (Prerequisites)

To follow this tutorial, you will need:

要遵循本教程，您将需要：

• One Ubuntu 20.04 server with a sudo non-root user, which you can set up by following our Initial Server Setup with Ubuntu 20.04 tutorial.

  一台具有sudo非root用户的Ubuntu 20.04服务器，您可以按照我们的《 Ubuntu 20.04初始服务器设置》教程进行设置 。

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

UFW默认安装在Ubuntu上。 如果由于某种原因已将其卸载，则可以使用sudo apt install ufw 。

第1步—将IPv6与UFW一起使用(可选) (Step 1 — Using IPv6 with UFW (Optional))

This tutorial is written with IPv4 in mind, but will work for IPv6 as well as long as you enable it. If your Ubuntu server has IPv6 enabled, ensure that UFW is configured to support IPv6 so that it will manage firewall rules for IPv6 in addition to IPv4. To do this, open the UFW configuration with nano or your favorite editor.

本教程是在考虑IPv4的前提下编写的，但是只要启用了IPv6，它就可以使用。 如果您的Ubuntu服务器启用了IPv6，请确保将UFW配置为支持IPv6，以便它除了管理IPv4外，还将管理IPv6的防火墙规则。 为此，请使用nano或您喜欢的编辑器打开UFW配置。

• sudo nano /etc/default/ufw
  须藤nano / etc / default / ufw

Then make sure the value of IPV6 is yes. It should look like this:

然后确保IPV6值为yes 。 它看起来应该像这样：

/etc/default/ufw excerpt

/ etc / default / ufw摘录

IPV6=yes

Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.

保存并关闭文件。 现在，启用UFW后，它将被配置为写入IPv4和IPv6防火墙规则。 但是，在启用UFW之前，我们将要确保已将防火墙配置为允许您通过SSH连接。 让我们从设置默认策略开始。

步骤2 —设置默认策略 (Step 2 — Setting Up Default Policies)

If you’re just getting started with your firewall, the first rules to define are your default policies. These rules control how to handle traffic that does not explicitly match any other rules. By default, UFW is set to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your server would not be able to connect, while any application within the server would be able to reach the outside world.

如果您刚开始使用防火墙，则定义的第一条规则是默认策略。 这些规则控制如何处理与其他任何规则都不明确匹配的流量。 默认情况下，UFW设置为拒绝所有传入连接并允许所有传出连接。 这意味着尝试访问您的服务器的任何人都将无法连接，而服务器中的任何应用程序都将可以访问外部。

Let’s set your UFW rules back to the defaults so we can be sure that you’ll be able to follow along with this tutorial. To set the defaults used by UFW, use these commands:

让我们将UFW规则重新设置为默认值，这样我们就可以确保您能够按照本教程进行操作。 要设置UFW使用的默认值，请使用以下命令：

• sudo ufw default deny incoming
  sudo ufw默认拒绝传入
• sudo ufw default allow outgoing
  sudo ufw默认允许传出

These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.

这些命令将默认设置设置为拒绝传入并允许传出连接。 这些防火墙默认值仅够一台个人计算机就足够了，但是服务器通常需要响应外部用户的传入请求。 接下来，我们将对其进行研究。