Ferikgong 13, 2026Dikaelo
Jang go Beakanya Firewall mo Linux Server
Kaelo e e tletseng ka ga go beakanya UFW (Ubuntu) le Firewalld (CentOS) firewalls go sireletsa server ya gago.
Firewall e botlhokwa mo tshireletsong ya server, go laola traffic ya network e e tsenang le e e tswang. Kaelo e e akaretsa go beakanya UFW mo Ubuntu/Debian le Firewalld mo di-system tsa CentOS/RHEL.
Go Tsenya UFW
bash
sudo apt update
sudo apt install ufw -yDitaelo tsa Motheo tsa UFW
bash
# Tlhola seemo
sudo ufw status
# Letlelela firewall
sudo ufw enable
# Letlelela SSH (botlhokwa!)
sudo ufw allow 22/tcp
# Letlelela HTTP le HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Ganetsa port
sudo ufw deny 3306/tcp
# Tlosa molao
sudo ufw delete allow 80/tcpGo Dirisa Di-profile tsa Application
bash
# Lista di-application tse di leng teng
sudo ufw app list
# Letlelela Nginx
sudo ufw allow 'Nginx Full'
# Letlelela OpenSSH
sudo ufw allow 'OpenSSH'Go Tsenya Firewalld
bash
sudo yum install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalldDitaelo tsa Motheo tsa Firewalld
bash
# Tlhola seemo
sudo firewall-cmd --state
# Lista melao yotlhe
sudo firewall-cmd --list-all
# Letlelela tirelo
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# Letlelela port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reloadGo Bereka ka Di-zone
Firewalld e dirisa di-zone go laola tshireletso ya network. Di-zone tse di tlwaelegileng:
bash
# Lista di-zone
sudo firewall-cmd --get-zones
# Seta default zone
sudo firewall-cmd --set-default-zone=public
# Tsenya tirelo mo zone
sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --reloadMekgwa e e Molemo ya Tshireletso
- Letlelela SSH ka gale pele ga o letlelela firewall go thibela go iphatlalatsa kwa ntle
- Dirisa di-IP address tse di rileng fa go kgonega: sudo ufw allow from 192.168.1.100
- Tlhola melao ya firewall ka gale mme o tlose e e sa dirisiweng
- Letlelela logging go tlhokomela tiro ya firewall
- Testa melao ya firewall pele ga o e dirisa mo production