ufw\u3092\u4f7f\u3046\u3068\u3069\u306e\u3088\u3046\u306a\u3001 iptables\u3092\u5410\u304f\u306e\u304b\u78ba\u8a8d\u3057\u3066\u307f\u305f\u3002<\/p>\n
\u3042\u3068\u3001ufw\u3068\u306f\u3001Ubuntu Fire Wall \u3067\u306f\u306a\u304f\u3001Uncomplicated Fire Wall\u3000\u3060\u305d\u3046\u3067\u3059\u3002<\/p>\n
<\/p>\n
#\u00a0ufw allow 22<\/p>\n
#\u00a0\u00a0ufw default DENY<\/p>\n
#\u00a0ufw enable<\/p>\n
<pre><\/p>\n
# iptables -nL\r\nChain INPUT (policy DROP)\r\ntarget prot opt source destination \r\nufw-before-logging-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-before-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-logging-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-reject-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-track-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain FORWARD (policy DROP)\r\ntarget prot opt source destination \r\nufw-before-logging-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-before-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-logging-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-reject-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\nufw-before-logging-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-before-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-after-logging-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-reject-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nufw-track-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-after-forward (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-after-input (1 references)\r\ntarget prot opt source destination \r\nufw-skip-to-policy-input udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:137 \r\nufw-skip-to-policy-input udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:138 \r\nufw-skip-to-policy-input tcp -- 0.0.0.0\/0 0.0.0.0\/0 tcp dpt:139 \r\nufw-skip-to-policy-input tcp -- 0.0.0.0\/0 0.0.0.0\/0 tcp dpt:445 \r\nufw-skip-to-policy-input udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:67 \r\nufw-skip-to-policy-input udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:68 \r\nufw-skip-to-policy-input all -- 0.0.0.0\/0 0.0.0.0\/0 ADDRTYPE match dst-type BROADCAST \r\n\r\nChain ufw-after-logging-forward (1 references)\r\ntarget prot opt source destination \r\nLOG all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' \r\n\r\nChain ufw-after-logging-input (1 references)\r\ntarget prot opt source destination \r\nLOG all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' \r\n\r\nChain ufw-after-logging-output (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-after-output (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-before-forward (1 references)\r\ntarget prot opt source destination \r\nufw-user-forward all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-before-input (1 references)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 state RELATED,ESTABLISHED \r\nufw-logging-deny all -- 0.0.0.0\/0 0.0.0.0\/0 state INVALID \r\nDROP all -- 0.0.0.0\/0 0.0.0.0\/0 state INVALID \r\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 3 \r\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 4 \r\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 11 \r\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 12 \r\nACCEPT icmp -- 0.0.0.0\/0 0.0.0.0\/0 icmp type 8 \r\nACCEPT udp -- 0.0.0.0\/0 0.0.0.0\/0 udp spt:67 dpt:68 \r\nufw-not-local all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nACCEPT all -- 224.0.0.0\/4 0.0.0.0\/0 \r\nACCEPT all -- 0.0.0.0\/0 224.0.0.0\/4 \r\nufw-user-input all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-before-logging-forward (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-before-logging-input (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-before-logging-output (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-before-output (1 references)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 state RELATED,ESTABLISHED \r\nufw-user-output all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-logging-allow (0 references)\r\ntarget prot opt source destination \r\nLOG all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 10 LOG flags 0 level 4 prefix `[UFW ALLOW] ' \r\n\r\nChain ufw-logging-deny (2 references)\r\ntarget prot opt source destination \r\nRETURN all -- 0.0.0.0\/0 0.0.0.0\/0 state INVALID limit: avg 3\/min burst 10 \r\nLOG all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK] ' \r\n\r\nChain ufw-not-local (1 references)\r\ntarget prot opt source destination \r\nRETURN all -- 0.0.0.0\/0 0.0.0.0\/0 ADDRTYPE match dst-type LOCAL \r\nRETURN all -- 0.0.0.0\/0 0.0.0.0\/0 ADDRTYPE match dst-type MULTICAST \r\nRETURN all -- 0.0.0.0\/0 0.0.0.0\/0 ADDRTYPE match dst-type BROADCAST \r\nufw-logging-deny all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 10 \r\nDROP all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-reject-forward (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-reject-input (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-reject-output (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-skip-to-policy-forward (0 references)\r\ntarget prot opt source destination \r\nDROP all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-skip-to-policy-input (7 references)\r\ntarget prot opt source destination \r\nDROP all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-skip-to-policy-output (0 references)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-track-input (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-track-output (1 references)\r\ntarget prot opt source destination \r\nACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW \r\nACCEPT udp -- 0.0.0.0\/0 0.0.0.0\/0 state NEW \r\n\r\nChain ufw-user-forward (1 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-user-input (1 references)\r\ntarget prot opt source destination \r\nACCEPT tcp -- 0.0.0.0\/0 0.0.0.0\/0 tcp dpt:22 \r\nACCEPT udp -- 0.0.0.0\/0 0.0.0.0\/0 udp dpt:22 \r\n\r\nChain ufw-user-limit (0 references)\r\ntarget prot opt source destination \r\nLOG all -- 0.0.0.0\/0 0.0.0.0\/0 limit: avg 3\/min burst 5 LOG flags 0 level 4 prefix `[UFW LIMIT BLOCK] ' \r\nREJECT all -- 0.0.0.0\/0 0.0.0.0\/0 reject-with icmp-port-unreachable \r\n\r\nChain ufw-user-limit-accept (0 references)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0\/0 0.0.0.0\/0 \r\n\r\nChain ufw-user-logging-forward (0 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-user-logging-input (0 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-user-logging-output (0 references)\r\ntarget prot opt source destination \r\n\r\nChain ufw-user-output (1 references)\r\ntarget prot opt source destination \r\n#<\/pre>\n<\/pre><\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
ufw\u3092\u4f7f\u3046\u3068\u3069\u306e\u3088\u3046\u306a\u3001 iptables\u3092\u5410\u304f\u306e\u304b\u78ba\u8a8d\u3057\u3066\u307f\u305f\u3002 \u3042\u3068\u3001ufw\u3068\u306f\u3001Ubuntu Fire Wall \u3067\u306f\u306a\u304f\u3001Uncomplicated Fire Wall\u3000\u3060\u305d\u3046\u3067\u3059\u3002 #\u00a0ufw …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-594","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=594"}],"version-history":[{"count":1,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/594\/revisions"}],"predecessor-version":[{"id":595,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=\/wp\/v2\/posts\/594\/revisions\/595"}],"wp:attachment":[{"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asfit.net\/blog\/kan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}