Yadda ake Shigar da Sanya UFW - Wutar Wutar Wuta marar rikitarwa a cikin Debian/Ubuntu
Tunda an haɗa kwamfutoci da juna, ayyuka suna girma cikin sauri. Imel, Social Media, Shagon Kan layi, Taɗi har zuwa Taron Yanar Gizo sabis ne da mai amfani ke amfani da shi. Amma a gefe guda wannan haɗin yana son wuka mai gefe biyu. Hakanan yana yiwuwa a aika munanan saƙonni zuwa ga waɗannan kwamfutoci kamar Virus, malware, trojan-apps na ɗaya daga cikinsu.
Intanet, kamar yadda babbar hanyar sadarwa ta kwamfuta ba koyaushe take cika da mutanen kirki ba. Domin tabbatar da kwamfutocinmu/sabar ɗinmu ba su da aminci, muna buƙatar kare ta.
Ɗayan abin da dole ne ya kasance yana da abubuwan da ke kan kwamfutarka/sabobin shine Firewall. Daga Wikipedia, ma'anar ita ce:
A cikin kwamfuta, Firewall tsarin tsaro ne na software ko tushen hardware wanda ke sarrafa zirga-zirgar hanyar sadarwa mai shigowa da mai fita ta hanyar nazarin fakitin bayanan da tantance ko ya kamata a ba su izinin shiga ko a'a, bisa la'akari da ka'idojin aiki.
Iptables yana ɗaya daga cikin Tacewar zaɓi wanda sabobin ke amfani dashi sosai. Shiri ne da ake amfani da shi don sarrafa zirga-zirga masu shigowa da masu fita a cikin uwar garken bisa tsarin dokoki. Gabaɗaya, amintaccen haɗi kawai ake ba da izinin shigar da uwar garke. Amma IPTables yana gudana a yanayin wasan bidiyo kuma yana da rikitarwa. Wadanda suka saba da dokokin iptables da umarni, za su iya karanta labarin mai zuwa wanda ya bayyana yadda ake amfani da tacewar zaɓi na iptables.
- Basic IPTables (Linux Firewall) Jagoran
Shigar da UFW Firewall a Debian/Ubuntu
Don rage rikitaccen yadda ake saita IPTables, akwai gaba da yawa. Idan kuna gudanar da Linux Ubuntu, zaku sami ufw azaman kayan aikin wuta na tsoho. Bari mu fara bincika game da ufw Firewall.
ufw (Ba tare da rikitarwa ba) shine gaba don mafi yawan amfani da Tacewar zaɓi na iptables kuma yana da daɗi ga masu amfani da wutan wuta. ufw yana ba da tsari don sarrafa netfilter, haka kuma yana ba da hanyar sadarwa ta layin umarni don sarrafa tacewar wuta. Yana ba da abokantaka mai sauƙin amfani da sauƙi don amfani da keɓancewa don sabbin sabbin Linux waɗanda ba su da masaniya da dabarun Tacewar zaɓi.
Yayin da, a gefe guda umarni masu rikitarwa iri ɗaya suna taimaka wa masu gudanarwa suna saita ƙa'idodi masu rikitarwa ta amfani da layin umarni. ufw shine haɓakawa don sauran rabawa kamar Debian, Ubuntu da Linux Mint.
Da farko, bincika idan an shigar da ufw ta amfani da umarni mai zuwa.
$ sudo dpkg --get-selections | grep ufw ufw install
Idan ba a shigar da shi ba, zaku iya shigar da shi ta amfani da umarnin da ya dace kamar yadda aka nuna a ƙasa.
$ sudo apt-get install ufw
Kafin amfani, yakamata ku bincika ko ufw yana gudana ko a'a. Yi amfani da wannan umarni don duba shi.
$ sudo ufw status
Idan kun sami Matsayi: baya aiki, yana nufin baya aiki ko kashewa.
Don kunna shi, kawai kuna buƙatar buga umarni mai zuwa a tashar tashar.
$ sudo ufw enable Firewall is active and enabled on system startup
Don kashe shi, kawai rubuta.
$ sudo ufw disable
Bayan an kunna Tacewar zaɓi zaka iya ƙara dokokinka a ciki. Idan kana son ganin menene tsoffin ƙa'idodin, zaku iya rubutawa.
$ sudo ufw status verbose
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip $
Kamar yadda kuke gani, ta tsohuwa ana hana kowace haɗin da ke shigowa. Idan kuna son nesantar injin ku to dole ne ku ba da izinin tashar tashar da ta dace. Misali kuna son ba da izinin haɗin ssh. Anan ga umarnin don ba da izini.
$ sudo ufw allow ssh [sudo] password for pungki : Rule added Rule added (v6) $
Idan ka sake duba matsayin, za ka ga fitarwa kamar wannan.
$ sudo ufw status To Action From -- ----------- ------ 22 ALLOW Anywhere 22 ALLOW Anywhere (v6)
Idan kuna da dokoki da yawa, kuma kuna son sanya lambobi akan kowace ƙa'idodi akan tashi, yi amfani da siga mai lamba.
$ sudo ufw status numbered To Action From ------ ----------- ------ [1] 22 ALLOW Anywhere [2] 22 ALLOW Anywhere (v6)
Dokar farko ta ce haɗin mai shigowa zuwa tashar jiragen ruwa 22 daga Ko'ina, duka tcp ko udp fakiti an yarda. Idan kuna son ba da izinin fakitin tcp kawai? Sannan zaku iya ƙara ma'aunin tcp bayan lambar tashar jiragen ruwa. Ga misali tare da fitowar samfurin.
$ sudo ufw allow ssh/tcp To Action From ------ ----------- ------ 22/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere (v6)
Dabarar iri ɗaya ake amfani da ita ga Ƙarfin Mulki. Bari mu ce kuna son musanta tsarin ftp. Don haka sai ka buga kawai.
$ sudo ufw deny ftp To Action From ------ ----------- ------ 21/tcp DENY Anywhere 21/tcp DENY Anywhere (v6)
Wani lokaci muna da tashar jiragen ruwa ta al'ada wacce ba ta bin kowane ma'auni. Bari mu ce mun canza tashar ssh akan injin mu daga 22, zuwa 2290. Sannan don ba da damar tashar 2290, zamu iya ƙara shi kamar haka.
$ sudo ufw allow To Action From -- ----------- ------ 2290 ALLOW Anywhere 2290 ALLOW Anywhere (v6)
Hakanan yana yiwuwa a gare ku don ƙara tashar tashar jiragen ruwa cikin ƙa'ida. Idan muna so mu bude tashar jiragen ruwa daga 2290 - 2300 tare da yarjejeniyar tcp, to umurnin zai kasance kamar haka.
$ sudo ufw allow 2290:2300/tcp To Action From ------ ----------- ------ 2290:2300/tcp ALLOW Anywhere 2290:2300/tcp ALLOW Anywhere (v6)
yayin da idan kuna son amfani da udp, kawai yi amfani da umarni mai zuwa.
$ sudo ufw allow 2290:2300/udp To Action From ------ ----------- ------ 2290:2300/udp ALLOW Anywhere 2290:2300/udp ALLOW Anywhere (v6)
Da fatan za a tuna cewa dole ne ku sanya 'tcp' ko 'udp' a sarari in ba haka ba za ku sami saƙon kuskure mai kama da ƙasa.
ERROR: Must specify ‘tcp’ or ‘udp’ with multiple ports
A baya mun ƙara dokoki dangane da sabis ko tashar jiragen ruwa. Ufw kuma yana ba ku damar ƙara dokoki dangane da Adireshin IP. Anan ga samfurin umarni.
$ sudo ufw allow from 192.168.0.104
Hakanan zaka iya amfani da abin rufe fuska na subnet don faɗaɗa kewayon.
$ sudo ufw allow form 192.168.0.0/24 To Action From -- ----------- ------ Anywhere ALLOW 192.168.0.104 Anywhere ALLOW 192.168.0.0/24
Kamar yadda kake gani, daga siga zai iyakance tushen haɗin kawai. Yayin da makoma - wanda ke wakilta zuwa shafi - yana Ko'ina. Hakanan zaka iya sarrafa wurin ta amfani da sigar 'To'. Bari mu ga samfurin don ba da damar shiga tashar jiragen ruwa 22 (ssh).
$ sudo ufw allow to any port 22
Umurnin da ke sama zai ba da damar shiga daga ko'ina kuma daga kowace yarjejeniya zuwa tashar jiragen ruwa 22.
Don ƙarin ƙayyadaddun ƙa'idodi, zaku iya haɗa Adireshin IP, yarjejeniya da tashar jiragen ruwa. Bari mu ce muna son ƙirƙirar ƙa'idar da ke iyakance haɗin kai kawai daga IP 192.168.0.104, kawai yarjejeniya tcp da tashar jiragen ruwa 22. Sa'an nan umarnin zai kasance kamar ƙasa.
$ sudo ufw allow from 192.168.0.104 proto tcp to any port 22
Jumla don ƙirƙirar ƙa'idar ƙaryatawa yayi kama da ƙa'idar izini. Kuna buƙatar canza siga kawai daga izini don ƙin yarda.
Wani lokaci kana iya buƙatar share ƙa'idar da kake da ita. Har yanzu tare da ufw yana da sauƙi share dokoki. Daga samfurin sama, kuna da doka a ƙasa kuma kuna son share shi.
To Action From -- ----------- ------ 22/tcp ALLOW 192.168.0.104 21/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere (v6)
Akwai hanyoyi guda biyu na share dokoki.
Umurnin da ke ƙasa zai share ƙa'idodin da suka dace da sabis ɗin ftp. Don haka 21/tcp wanda ke nufin za a share tashar ftp.
$ sudo ufw delete allow ftp
Amma lokacin da kuka yi ƙoƙarin share ƙa'idar farko a misalin da ke sama ta amfani da umarnin ƙasa.
$ sudo ufw delete allow ssh Or $ sudo ufw delete allow 22/tcp
Kuna iya samun saƙon kuskure kamar.
Could not delete non-existent rule Could not delete non-existent rule (v6)
Sannan zaku iya yin wannan dabarar. Kamar yadda muka ambata a sama, zaku iya nuna adadin ƙa'idar don nuna dokar da muke son gogewa. Bari mu nuna muku shi.
$ sudo ufw status numbered To Action From -- ----------- ------ [1] 22/tcp ALLOW 192.168.0.104 [2] 21/tcp ALLOW Anywhere [3] 21/tcp ALLOW Anywhere (v6)
Sannan zaku iya share ka'idar ta farko ta amfani da. Danna \y zai share ka'idar har abada.
$ sudo ufw delete 1 Deleting : Allow from 192.168.0.104 to any port 22 proto tcp Proceed with operation (y|n)? y
Daga waɗannan hanyoyin za ku ga bambanci. Hanyar 2 za ta tambayi tabbacin mai amfani kafin share ƙa'idar yayin da hanyar 1 ba ta kasance ba.
A wani yanayi, kuna iya sharewa/sake saita duk dokoki. Kuna iya yin ta ta hanyar bugawa.
$ sudo ufw reset Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Idan ka danna \y, to ufw zai adana duk dokokin da ke akwai kafin yin sake saita ufw ɗinka. Sake saita ka'idojin kuma zai hana Firewall ɗinka. Kana buƙatar sake kunna ta idan kana son amfani da su.
Kamar yadda na fada a sama, ufw Tacewar zaɓi na iya yin duk abin da iptables zai iya yi. Ana samun wannan ta hanyar amfani da fayilolin dokoki daban-daban, waɗanda ba komai bane illa iptables-dawo da fayilolin rubutu masu dacewa. Kyakkyawan kunna ufw da/ko sanya ƙarin umarnin iptables waɗanda ba a yarda da su ta hanyar umarnin ufw lamari ne na gyara fayilolin rubutu da yawa.
- /etc/default/ufw: Babban tsari don tsare-tsaren tsoho, tallafin IPv6 da kernel modules.
- /etc/ufw/before[6].dokokin: ana lissafta dokoki a cikin waɗannan fayilolin kafin kowace ƙa'ida da aka ƙara ta hanyar umarnin ufw.
- /etc/ufw/after[6].dokokin: dokoki a cikin waɗannan fayilolin ana ƙididdige su bayan kowace ƙa'idodi da aka ƙara ta hanyar umarnin ufw.
- /etc/ufw/sysctl.conf: kernel network tunables.
- /etc/ufw/ufw.conf: saita ko an kunna ufw akan boot kuma yana saita LOGLEVEL.
Kammalawa
UFW a matsayin gaba-gaba ga iptables tabbas yana yin sauƙin dubawa ga mai amfani. Mai amfani baya buƙatar tunawa da haɗaɗɗiyar haɗin iptables. UFW kuma tana amfani da 'Turanci bayyananne' azaman sigar sa.
Izinin, ƙin yarda, sake saiti ɗaya ne daga cikinsu. Na yi imani cewa akwai ƙarin iptables gaba-gaba a can. Amma tabbas ufw shine ɗayan mafi kyawun madadin ga masu amfani waɗanda ke son saita bangon bangon su cikin sauri, mai sauƙi kuma ba shakka amintattu. Da fatan za a ziyarci shafin littafin ufw ta hanyar buga man ufw don ƙarin bayani.