ubuntu 中 iptables 和 ufw 的关系
我突然发现,自己平常使用的 iptables 和 ufw 到底是啥关系?平常其实iptables和ufw在配置防火墙,开启端口是,还是偶尔会使用到的。
没去思考过这两者是啥关系,哎。。。,这就不够好了!!学习,不就是应当举一反三吗?自己还有加油啊!主动性不够!
百度一下,发现别人也和我一样,有提出过这样的问题? 所以,有时候, 能提出问题,就已经是相当的了不起了!!
知之者不如乐知者,乐知者不如好知者!此话是相当的有道理啊!
下面是被人的提问,以及一些人的回答
还给出了ubuntu 官网的介绍:https://help.ubuntu.com/community/UFW#UFW_-_Uncomplicated_Firewall
下面是ubuntu 官网的介绍文档:
--------------------------------------------------------------------------------------------------------------------------------------------
Firewall
Introduction
Traffic into or out of a computer is filtered through "ports," which are relatively arbitrary designations appended to traffic packets destined for use by a particular application.
By convention, some ports are routinely used for particular types of applications. For example, port 80 is generally used for insecure web browsing and port 443 is used for secure web browsing.
Traffic to particular applications can be allowed or blocked by "opening" or "closing" (i.e. filtering) the ports designated for a particular type of traffic. If port 80 is "closed," for example, no (insecure) web browsing will be possible. The AntiVirus page might also be of interest.
The Linux kernel includes the netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your computer. All modern Linux firewall solutions use this system for packet filtering.
The kernel's packet filtering system would be of little use to users or administrators without a user interface with which to manage it. This is the purpose of iptables. When a packet reaches your computer, it is handed off to the netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it via iptables. Thus, iptables is all you need to manage your firewall (if you're familiar with it). Many front-ends are available to simplify the task, however.
Users can therefore configure the firewall to allow certain types of network traffic to pass into and out of a system (for instance SSH or web server traffic). This is done by opening and closing TCP and UDP "ports" in the firewall. Additionally, firewalls can be configured to allow or restrict access to specific IP addresses (or IP address ranges).
Managing the Firewall
iptables
Iptables is the database of firewall rules and is the actual firewall used in Linux systems. The traditional interface for configuring iptables in Linux systems is the command-line interface terminal. The other utilities in this section simplify the manipulation of the iptables database.
UFW
UFW (Uncomplicated Firewall) is a front-end for iptables and is particularly well-suited for host-based firewalls. UFW was developed specifically for Ubuntu (but is available in other distributions), and is also configured from the terminal.
Gufw is a graphical front-end to UFW, and is recommended for beginners.
UFW was introduced in Ubuntu 8.04 LTS (Hardy Heron), and is available by default in all Ubuntu installations after 8.04 LTS.
Guarddog
Guarddog is a front-end for iptables that functions in KDE-based desktops, such as Kubuntu. It has a greater deal of complexity (and flexibility, perhaps).
See Also
Other:
External Links
http://www.netfilter.org/ - Netfilter and iptables homepage
http://www.fs-security.com/ - Firestarter homepage
UbuntuFirewall - Uncomplicated Firewall homepage
最新文章
- K近邻法(KNN)原理小结
- ASP.NET MVC 身份认证
- 【Alpha】Daily Scrum Meeting第一次
- 浏览器兼容性之JavaScript篇
- noi 7627 鸡蛋的硬度
- Apache环境.htaccess伪静态301跳转(www与不带www)
- 网页打印时设置A4大小
- 关于java中普通代码块、构造代码块与静态代码块
- 使用自定义的item、Adapter和AsyncTask、第三方开源框架PullToRefresh联合使用实现自定义的下拉列表(从网络加载图片显示在item中的ImageView)
- 【转】app后端如何选择合适的数据库产品
- 【离线】【深搜】【树】Codeforces 707D Persistent Bookcase
- Decorators and Wrappers in Python
- strpos、 strstr、 substr三个函数的对比讲解
- java利用WatchService实时监控某个目录下的文件变化并按行解析(注:附源代码)
- Continuity of arithmetic operations
- servlet之ServletRequest与ServletResponse (三)
- version control的简单认知
- nginx安装ngx_lua_waf防护
- Linux内核编译指定输出目录
- Django之Models进阶操作(字段属性)