debian安装kali_如何在Ubuntu，Debian，Kali，Mint中启动，停止和启用，禁用Iptables或Ufw...-CSDN博客

debian安装kali

Ubuntu is popular Linux distribution used in different enterprise or personal IT environment. Security is important part of the today IT. We can use firewall services like iptables in order to tighten security of our Ubuntu system. In this tutorial we will look how to install, remove, enable, disable, start and stop Ubuntu iptables. This tutorial can be used for Kali, Debian, Mint distributions too.

Ubuntu是在不同企业或个人IT环境中使用的流行Linux发行版。安全性是当今IT的重要组成部分。我们可以使用iptables类的防火墙服务来加强我们Ubuntu系统的安全性。在本教程中，我们将研究如何安装，删除，启用，禁用，启动和停止Ubuntu iptables。本教程也可以用于Kali，Debian和Mint发行版。

Ufw或Ubuntu防火墙 (Ufw or Ubuntu Firewall)

Ubuntu rebranded iptables as ufw or Ubuntu firewall in its distrbution. So we will use ufw for different operations according to iptables in this tutorial.

Ubuntu将iptables命名为ufw或Ubuntu防火墙。因此，根据本教程中的iptables ，我们将ufw用于不同的操作。

安装Ufw (Install Ufw)

We can install ufw package for Ubuntu, Debian, Mint and Kali like below.

我们可以为Ubuntu，Debian，Mint和Kali安装ufw软件包，如下所示。

$ apt install ufw

安装iptables (Install Iptables)

Actually iptables package and related tools are installed by default for Ubuntu, Kali, Debian and Mint. But if they are removed accidentally or intentionally we may need to install iptables with the following command. Most of the operations like iptables installation examined in this tutorial will require root privileges.

实际上，默认情况下为Ubuntu，Kali，Debian和Mint安装了iptables软件包和相关工具。但是，如果意外或有意删除了它们，我们可能需要使用以下命令安装iptables 。本教程中检查的大多数操作(如iptables安装)都将需要root特权。

$ apt install iptables

删除，卸载Iptables (Remove, Uninstall Iptables)

Or we may want to uninstall iptables package and related tools. I generally uninstall iptables in my kali systems because use cases do nor requires iptables.

或者我们可能要卸载iptables软件包和相关工具。我通常会在我的kali系统中卸载iptables ，因为用例也不需要iptables 。

$ apt remove iptables

ufw帮助 (ufw Help)

We can get help about ufw command with -h option. This will list most common commands provided by ufw.

我们可以通过-h选项获得有关ufw命令的帮助。这将列出ufw提供的最常见命令。

$ ufw --help

As we can there are commands and their summary descriptions. There is also Applications profiles.

我们可以提供命令及其简要说明。也有“应用程序”配置文件。

列出iptables / Ufw服务状态 (List Iptables/Ufw Service Status)

Now in order to manage iptables we should list the status of the service. We will use systemctl status command with ufw for Ubuntu and iptables for other distributions. As default behaivour ufw is enable by default in Ubuntu.

现在，为了管理iptables我们应该列出服务的状态。对于Ubuntu，我们将在ufw使用systemctl status命令，对于其他发行版，将使用iptables 。默认情况下，在Ubuntu中默认启用behaivour ufw 。

$ systemctl status ufw

要么

$ systemctl status iptables

启动Iptables / Ufw服务 (Start Iptables/Ufw Service)

We can start ufw or iptables service in Ubuntu and related distributions by using systemctl start command like below.

我们可以使用如下所示的systemctl start命令在Ubuntu和相关发行版中启动ufw或iptables服务。

$ systemctl start ufw

OR we can use ufw command to start the related service like below.

或者我们可以使用ufw命令启动相关服务，如下所示。

$ ufw enable

要么

$ systemctl start iptables

停止iptables / Ufw服务 (Stop Iptables/Ufw Service)

We can stop with the same command systemctl and stop option.

我们可以使用相同的命令systemctl和stop选项stop 。

$ systemctl stop ufw

OR we can use commandufw to start the related service like below.

或者我们可以使用命令ufw来启动相关服务，如下所示。

$ ufw disable

要么

$ systemctl stop iptables

启用Iptables / Ufw服务 (Enable Iptables/Ufw Service)

Services may be enabled inorder to start after a reboot or fresh start. We can enable iptablesufw with the following commands.

可以启用服务以便在重新启动或重新启动后启动。我们可以使用以下命令启用iptables ufw 。

$ systemctl enable ufw

要么

$ systemctl enable iptables

禁用Iptables / Ufw服务 (Disable Iptables/Ufw Service)

If we do not want to remove iptables or ufw but we do not want to start related services automatically at the system start we can disable related services with the following command.

如果我们不想删除iptables或ufw但又不想在系统启动时自动启动相关服务，则可以使用以下命令禁用相关服务。

$ systemctl disable ufw

要么

$ systemctl disable iptables

使用ufw允许端口或服务 (Allow Port Or Service with ufw)

ufw provides simple way to manage ports. We may need to allow some ports. We will use allow option. In this example we will allow TCP port 22 which is SSH default port.

ufw提供了管理端口的简单方法。我们可能需要允许一些端口。我们将使用allow选项。在此示例中，我们将允许使用TCP端口22(这是SSH默认端口)。

We need to provide the tcp as protocol too.

我们也需要提供tcp作为协议。

$ sudo ufw allow 22/tcp

We can also allow just providing the service or protocol name. Following command will also allow SSH port like above command.

我们也可以只提供服务或协议名称。以下命令还将允许SSH端口像上面的命令一样。

$ sudo uwf allow ssh

允许端口范围 (Allow Port Range)

In some cases, some applications or services may use multiple ports in a range. We may need to allow a given port range. We can use : in order to specify the range. For example 2000:3000 can be used to specify ports between 2000 and 3000 .

在某些情况下，某些应用程序或服务可能会使用一个范围内的多个端口。我们可能需要允许给定的端口范围。我们可以使用:来指定范围。例如2000:3000可用于指定2000和3000之间的端口。

LEARN MORE What Is NAT (Network Address Translation) and How It Works?

了解更多NAT(网络地址转换)是什么以及它如何工作？

In this example we will allow ports between 2000 and 3000 .

在此示例中，我们将允许端口在2000到3000之间。

$ sudo ufw allow 2000:3000/tcp

拒绝港口(Deny Port)

The default policy or setup of the ufw is denying all ports. This is more secure way to setup and manage firewalls. During the management of the firewall we may enable some ports. After some time we may need to disable these enabled ports. We can use deny option in order to prevent traffic for given port. In this example we will deny TCP port 22.

ufw的默认策略或设置是拒绝所有端口。这是设置和管理防火墙的更安全的方法。在防火墙管理期间，我们可能会启用某些端口。一段时间后，我们可能需要禁用这些已启用的端口。我们可以使用deny选项来阻止给定端口的流量。在此示例中，我们将拒绝TCP端口22。

$ sudo ufw allow 22/tcp

清单规则(List Rules)

Over time some rules will be added to the ufw. In order to check, remove or update this rules we need to list them. We can list existing firewall tules with the status verbose options. In order to work this command ufw should be enabled and running.

随着时间的流逝，一些规则将被添加到ufw中。为了检查，删除或更新此规则，我们需要列出它们。我们可以列出带有status verbose选项的现有防火墙消息。为了运行此命令，应该启用并运行ufw。

$ sudo ufw status verbose

As we see there are rules we have been added previously.

正如我们看到的，我们之前已经添加了规则。

删除规则 (Delete Rules)

In order to remove previously defined rules we need to delete them . Like addding new rule we just need to change allow with delete. In this example we will delete the TCP 22 or ssh rule. We should provide the allow or deny of the rule.

为了删除以前定义的规则，我们需要delete它们。就像添加新规则一样，我们只需要使用delete更改allow delete 。在此示例中，我们将删除TCP 22或ssh规则。我们应该提供该规则的allow或deny 。

$ sudo ufw delete deny 22/tcp

As we can see we delete the rule deny 22/tcp

如我们所见，我们删除了规则deny 22/tcp

检查UFW状态 (Check ufw Status)

We can check the status of the ufw with status option. Event the ufw service is running ufw may be disabled.

我们可以使用status选项检查ufw的status 。如果ufw服务正在运行，则ufw可能会被禁用。

$ sudo ufw status

As we can see the line Status:active shows that the ufw is actively working.

如我们所见， Status:active行Status:active表明ufw正在积极工作。

LEARN MORE How To Manage Windows Firewall From Command Line With Netsh Command?

了解更多信息如何使用Netsh命令从命令行管理Windows防火墙？

重置ufw中的所有规则 (Reset All Rules In ufw)

If we want to remove all rules deleting or removing them one by one is very tedious task. We can remove all added rules with a single option named reset . Keep in mind that this will remove all rules and revert back to default configuration.

如果要删除所有规则，则一一删除或删除它们是非常繁琐的任务。我们可以使用单个名为reset选项删除所有添加的规则。请记住，这将删除所有规则并恢复为默认配置。

$ sudo ufw reset

As we can see from screenshot it will ask us wheter we are sureto remove. Event we remove the rules they are saved automatically to the /etc/ufw/ directory with rules category and date by ufw.

正如我们从屏幕截图中看到的那样，它将询问我们是否一定要删除它。如果我们删除了规则，它们会被/etc/ufw/自动保存到带有规则类别和日期的/etc/ufw/目录中。