{"id":339,"date":"2023-09-27T08:51:19","date_gmt":"2023-09-27T08:51:19","guid":{"rendered":"https:\/\/hypercore.monamedia.net\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/"},"modified":"2023-09-27T08:51:19","modified_gmt":"2023-09-27T08:51:19","slug":"cai-dat-firewall-tren-ubuntu","status":"publish","type":"post","link":"https:\/\/hypercore.monamedia.net\/en\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/","title":{"rendered":"C\u00e0i \u0111\u1eb7t Firewall tr\u00ean Ubuntu"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_56_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >M\u1ee5c L\u1ee5c<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69e086cea3804\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-69e086cea3804\"  type=\"checkbox\" id=\"item-69e086cea3804\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/hypercore.monamedia.net\/en\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/#Gioi_thieu_ve_Firewall_va_tai_sao_ban_can_no\" title=\"Gi\u1edbi thi\u1ec7u v\u1ec1 Firewall v\u00e0 t\u1ea1i sao b\u1ea1n c\u1ea7n n\u00f3\">Gi\u1edbi thi\u1ec7u v\u1ec1 Firewall v\u00e0 t\u1ea1i sao b\u1ea1n c\u1ea7n n\u00f3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/hypercore.monamedia.net\/en\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/#Cai_dat_va_cau_hinh_UFW_Uncomplicated_Firewall\" title=\"C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh UFW (Uncomplicated Firewall)\">C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh UFW (Uncomplicated Firewall)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/hypercore.monamedia.net\/en\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/#Cau_hinh_Firewall_de_bao_ve_he_thong\" title=\"C\u1ea5u h\u00ecnh Firewall \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng\">C\u1ea5u h\u00ecnh Firewall \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/hypercore.monamedia.net\/en\/2023\/09\/27\/cai-dat-firewall-tren-ubuntu\/#Ket_luan\" title=\"K\u1ebft lu\u1eadn\">K\u1ebft lu\u1eadn<\/a><\/li><\/ul><\/nav><\/div>\n<h3 class=\"wp-block-heading\" id=\"gi\u1edbi-thi\u1ec7u-v\u1ec1-firewall-va-t\u1ea1i-sao-b\u1ea1n-c\u1ea7n-no\"><span class=\"ez-toc-section\" id=\"Gioi_thieu_ve_Firewall_va_tai_sao_ban_can_no\"><\/span>Gi\u1edbi thi\u1ec7u v\u1ec1 Firewall v\u00e0 t\u1ea1i sao b\u1ea1n c\u1ea7n n\u00f3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Tr\u01b0\u1edbc khi ch\u00fang ta \u0111i v\u00e0o h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng Firewall tr\u00ean Ubuntu, h\u00e3y t\u00ecm hi\u1ec3u v\u1ec1 kh\u00e1i ni\u1ec7m Firewall v\u00e0 vai tr\u00f2 quan tr\u1ecdng c\u1ee7a n\u00f3 trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/hypercore.vn\/wp-content\/uploads\/2023\/08\/firewall-1.png.webp\" alt=\"\" class=\"wp-image-7510\" \/><figcaption class=\"wp-element-caption\">V\u00ec sao ch\u00fang ta l\u1ea1i c\u1ea7n Firewall?<\/figcaption><\/figure>\n\n\n\n<p>Firewall l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 ph\u1ea7n m\u1ec1m ho\u1eb7c ph\u1ea7n c\u1ee9ng ch\u1ecbu tr\u00e1ch nhi\u1ec7m ki\u1ec3m so\u00e1t v\u00e0 gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng \u0111\u1ebfn v\u00e0 \u0111i t\u1eeb h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n. N\u00f3 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t b\u1ee9c t\u01b0\u1eddng b\u1ea3o v\u1ec7, ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng kh\u00f4ng mong mu\u1ed1n v\u00e0 ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng. \u0110i\u1ec1u n\u00e0y l\u00e0 c\u1ef1c k\u1ef3 quan tr\u1ecdng v\u00ec m\u1ea1ng internet c\u00f3 nhi\u1ec1u nguy c\u01a1 t\u1eeb c\u00e1c hacker v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cai-d\u1eb7t-va-c\u1ea5u-hinh-ufw-uncomplicated-firewall\"><span class=\"ez-toc-section\" id=\"Cai_dat_va_cau_hinh_UFW_Uncomplicated_Firewall\"><\/span>C\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh UFW (Uncomplicated Firewall)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><strong><a href=\"https:\/\/hypercore.vn\/services\/hyper-cloud-server\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud Server<\/a><\/strong>&nbsp;v\u00e0&nbsp;<strong><a href=\"https:\/\/hypercore.vn\/services\/vps-hieu-nang-cao-epyc\/\" target=\"_blank\" rel=\"noreferrer noopener\">Linux VPS<\/a><\/strong>&nbsp;c\u1ee7a HyperCore h\u1ed7 tr\u1ee3 c\u00e0i \u0111\u1eb7t h\u1ec7 \u0111i\u1ec1u h\u00e0nh Ubuntu. Tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh Ubuntu, ch\u00fang ta c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng UFW (Uncomplicated Firewall) \u2013 m\u1ed9t c\u00f4ng c\u1ee5 \u0111\u01a1n gi\u1ea3n v\u00e0 d\u1ec5 s\u1eed d\u1ee5ng \u0111\u1ec3 c\u1ea5u h\u00ecnh Firewall. UFW gi\u00fap ch\u00fang ta qu\u1ea3n l\u00fd Firewall m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng th\u00f4ng qua Terminal.<\/p>\n\n\n\n<p>\u0110\u1ec3 b\u1eaft \u0111\u1ea7u, h\u00e3y c\u00e0i \u0111\u1eb7t UFW b\u1eb1ng c\u00e1ch m\u1edf Terminal v\u00e0 nh\u1eadp c\u00e1c l\u1ec7nh sau:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt update\nsudo apt install ufw<\/pre>\n\n\n\n<p>Sau khi c\u00e0i \u0111\u1eb7t th\u00e0nh c\u00f4ng, h\u00e3y b\u1eadt UFW b\u1eb1ng l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw enable<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"c\u1ea5u-hinh-firewall-d\u1ec3-b\u1ea3o-v\u1ec7-h\u1ec7-th\u1ed1ng\"><span class=\"ez-toc-section\" id=\"Cau_hinh_Firewall_de_bao_ve_he_thong\"><\/span>C\u1ea5u h\u00ecnh Firewall \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>B\u01b0\u1edbc ti\u1ebfp theo l\u00e0 c\u1ea5u h\u00ecnh Firewall \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng. C\u00f3 m\u1ed9t s\u1ed1 quy t\u1eafc m\u00e0 b\u1ea1n n\u00ean xem x\u00e9t:<\/p>\n\n\n\n<ol>\n<li><strong>Ch\u1eb7n t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng \u0111\u1ebfn h\u1ec7 th\u1ed1ng<\/strong>: \u0110\u00e2y l\u00e0 quy t\u1eafc m\u1eb7c \u0111\u1ecbnh khi b\u1eadt Firewall. \u0110\u1ec3 l\u00e0m \u0111i\u1ec1u n\u00e0y, nh\u1eadp l\u1ec7nh:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw default deny incoming<\/pre>\n\n\n\n<ol start=\"2\">\n<li><strong>Cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng ra kh\u1ecfi h\u1ec7 th\u1ed1ng<\/strong>: \u0110\u1ec3 h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 truy c\u1eadp internet, b\u1ea1n c\u1ea7n cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng ra kh\u1ecfi h\u1ec7 th\u1ed1ng:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw default allow outgoing<\/pre>\n\n\n\n<p>3.&nbsp;<strong>Cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 c\u1ee5 th\u1ec3<\/strong>: B\u00e2y gi\u1edd, ch\u1ec9 cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 m\u00e0 b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng. V\u00ed d\u1ee5, \u0111\u1ec3 cho ph\u00e9p k\u1ebft n\u1ed1i HTTP (port 80) v\u00e0 SSH (port 22), s\u1eed d\u1ee5ng c\u00e1c l\u1ec7nh sau:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw allow 80\/tcp\nsudo ufw allow 22\/tcp<\/pre>\n\n\n\n<p>4.&nbsp;<strong>Cho ph\u00e9p c\u00e1c c\u1ed5ng kh\u00e1c n\u1ebfu c\u1ea7n thi\u1ebft<\/strong>: N\u1ebfu b\u1ea1n \u0111ang s\u1eed d\u1ee5ng c\u00e1c d\u1ecbch v\u1ee5 nh\u01b0 FTP (c\u1ed5ng 21) ho\u1eb7c HTTPS (c\u1ed5ng 443), h\u00e3y cho ph\u00e9p ch\u00fang nh\u01b0 sau:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw allow 21\/tcp   # Cho ph\u00e9p FTP\nsudo ufw allow 443\/tcp  # Cho ph\u00e9p HTTPS<\/pre>\n\n\n\n<p>5.&nbsp;<strong>Ki\u1ec3m tra l\u1ea1i c\u00e1c quy t\u1eafc \u0111\u00e3 c\u1ea5u h\u00ecnh<\/strong>: \u0110\u1ec3 ki\u1ec3m tra l\u1ea1i c\u00e1c quy t\u1eafc b\u1ea1n \u0111\u00e3 c\u1ea5u h\u00ecnh, nh\u1eadp l\u1ec7nh:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ufw status<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"k\u1ebft-lu\u1eadn\"><span class=\"ez-toc-section\" id=\"Ket_luan\"><\/span>K\u1ebft lu\u1eadn<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>\u0110\u00f3 l\u00e0 h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng Firewall tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh Ubuntu \u0111\u1ec3 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng kh\u00f4ng mong mu\u1ed1n. Firewall l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 c\u1ef1c k\u1ef3 quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 an to\u00e0n th\u00f4ng tin v\u00e0 d\u1eef li\u1ec7u quan tr\u1ecdng c\u1ee7a b\u1ea1n tr\u00ean m\u1ea1ng internet.<\/p>\n\n\n\n<p>H\u00e3y s\u1eed d\u1ee5ng UFW m\u1ed9t c\u00e1ch c\u1ea9n th\u1eadn v\u00e0 ch\u1ec9 cho ph\u00e9p k\u1ebft n\u1ed1i \u0111\u1ebfn c\u00e1c d\u1ecbch v\u1ee5 c\u1ea7n thi\u1ebft \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n ho\u1ea1t \u0111\u1ed9ng an to\u00e0n v\u00e0 hi\u1ec7u qu\u1ea3.<\/p>\n\n\n\n<p>N\u1ebfu b\u1ea1n c\u00f3 b\u1ea5t k\u1ef3 th\u1eafc m\u1eafc hay y\u00eau c\u1ea7u h\u1ed7 tr\u1ee3 kh\u00e1c, \u0111\u1eebng ng\u1ea7n ng\u1ea1i \u0111\u1ec3 l\u1ea1i b\u00ecnh lu\u1eadn d\u01b0\u1edbi \u0111\u00e2y. Ch\u00fang t\u00f4i r\u1ea5t vui l\u00f2ng \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 b\u1ea1n!<\/p>\n\n\n\n<p>Ch\u00fac b\u1ea1n th\u00e0nh c\u00f4ng trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng v\u00e0 t\u1eadn h\u01b0\u1edfng tr\u1ea3i nghi\u1ec7m s\u1eed d\u1ee5ng Ubuntu!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gi\u1edbi thi\u1ec7u v\u1ec1 Firewall v\u00e0 t\u1ea1i sao b\u1ea1n c\u1ea7n n\u00f3 Tr\u01b0\u1edbc khi ch\u00fang ta \u0111i v\u00e0o h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng Firewall tr\u00ean Ubuntu, h\u00e3y t\u00ecm hi\u1ec3u v\u1ec1 kh\u00e1i ni\u1ec7m Firewall v\u00e0 vai tr\u00f2 quan tr\u1ecdng c\u1ee7a n\u00f3 trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng. Firewall l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 ph\u1ea7n m\u1ec1m ho\u1eb7c ph\u1ea7n c\u1ee9ng ch\u1ecbu tr\u00e1ch [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":310,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false},"categories":[15,16,1],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/posts\/339"}],"collection":[{"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/comments?post=339"}],"version-history":[{"count":0,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/posts\/339\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/media\/310"}],"wp:attachment":[{"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/media?parent=339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/categories?post=339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hypercore.monamedia.net\/en\/wp-json\/wp\/v2\/tags?post=339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}