Article ๐Ÿ“… 2026-03-11 08:31

[Ubuntu] UFW ๋ฐฉํ™”๋ฒฝ ๋ช…๋ น์–ด ์ •๋ฆฌ

๐Ÿ‘ค ์ž‘์„ฑ์ž: ๋Œ€๋ฆฌ๋‹˜

1๏ธโƒฃ UFW ์ƒํƒœ ํ™•์ธ

ํ˜„์žฌ ๋ฐฉํ™”๋ฒฝ ์ƒํƒœ ํ™•์ธ

BASH
sudo ufw status

์ž์„ธํ•œ ์ •๋ณด ํ™•์ธ

BASH
sudo ufw status verbose

๋ฒˆํ˜ธ ํฌํ•จ ๊ทœ์น™ ํ™•์ธ

BASH
sudo ufw status numbered

์˜ˆ์‹œ ์ถœ๋ ฅ

TEXT
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere


2๏ธโƒฃ UFW ํ™œ์„ฑํ™” / ๋น„ํ™œ์„ฑํ™”

๋ฐฉํ™”๋ฒฝ ํ™œ์„ฑํ™”

BASH
sudo ufw enable

๋ฐฉํ™”๋ฒฝ ๋น„ํ™œ์„ฑํ™”

BASH
sudo ufw disable


3๏ธโƒฃ ๊ธฐ๋ณธ ์ •์ฑ… ์„ค์ •

๋ชจ๋“  inbound ์ฐจ๋‹จ

BASH
sudo ufw default deny incoming

๋ชจ๋“  outbound ํ—ˆ์šฉ

BASH
sudo ufw default allow outgoing


4๏ธโƒฃ ํ—ˆ์šฉ ์ •์ฑ…

SSH ํ—ˆ์šฉ

BASH
sudo ufw allow 22/tcp

HTTP ํ—ˆ์šฉ

BASH
sudo ufw allow 80/tcp

DNS ํ—ˆ์šฉ(TCP/UDP ๋‘˜๋‹ค ํ—ˆ์šฉ)

BASH
sudo ufw allow 53

ํฌํŠธ ๋ฒ”์œ„ ํ—ˆ์šฉ

BASH
sudo ufw allow 8000:9000/tcp

ํŠน์ • IP์—์„œ SSH ํ—ˆ์šฉ

BASH
sudo ufw allow from 192.168.1.10 to any port 22 proto tcp

ํŠน์ • ๋„คํŠธ์›Œํฌ ํ—ˆ์šฉ

BASH
sudo ufw allow from 192.168.1.0/24

ํŠน์ • ๋„คํŠธ์›Œํฌ์—์„œ Port ํ—ˆ์šฉ

BASH
sudo ufw allow from 192.168.1.0/24 to any port 22 proto tcp

ํŠน์ • ์ธํ„ฐํŽ˜์ด์Šค ํ—ˆ์šฉ

BASH
sudo ufw allow in on eth0 to any port 80


5๏ธโƒฃ ์ฐจ๋‹จ ์ •์ฑ…

DNS ์ฐจ๋‹จ

BASH
sudo ufw deny 53

IP ์ฐจ๋‹จ

BASH
sudo ufw deny from 192.168.1.50

ํŠน์ • IP ํฌํŠธ ์ฐจ๋‹จ

BASH
sudo ufw deny from 192.168.1.50 to any port 22 proto tcp

ํŠน์ • ์ธํ„ฐํŽ˜์ด์Šค ์ฐจ๋‹จ

BASH
sudo ufw deny in on eth0


6๏ธโƒฃ ๊ทœ์น™ ์‚ญ์ œ

ํ—ˆ์šฉ ๊ทœ์น™ ์‚ญ์ œ

BASH
sudo ufw delete allow 80/tcp

IP ํ—ˆ์šฉ ๊ทœ์น™ ์‚ญ์ œ

BASH
sudo ufw delete allow from 192.168.1.10 to any port 22 proto tcp

๋ฒˆํ˜ธ๋กœ ์‚ญ์ œ - ๋ฒˆํ˜ธ ๋จผ์ € ํ™•์ธ

BASH
sudo ufw status numbered

ํ™•์ธ ํ›„ ์‚ญ์ œ

BASH
sudo ufw delete 2


7๏ธโƒฃ ์„œ๋น„์Šค ์ด๋ฆ„์œผ๋กœ ํ—ˆ์šฉ

์„œ๋น„์Šค ๋ชฉ๋ก ํ™•์ธ

BASH
sudo ufw app list

์˜ˆ์‹œ

TEXT
Available applications:
  OpenSSH

SSH ํ—ˆ์šฉ

BASH
sudo ufw allow OpenSSH


8๏ธโƒฃ ๋กœ๊ทธ ์„ค์ •

๋กœ๊ทธ ํ™œ์„ฑํ™”

BASH
sudo ufw logging on

๋กœ๊ทธ ๋น„ํ™œ์„ฑํ™”

BASH
sudo ufw logging off

๋กœ๊ทธ ๋ ˆ๋ฒจ ์„ค์ •

BASH
sudo ufw logging medium


9๏ธโƒฃ ๊ทœ์น™ ์ดˆ๊ธฐํ™”

๋ชจ๋“  ์„ค์ • ์ดˆ๊ธฐํ™”

BASH
sudo ufw reset

์ฃผ์˜

๊ธฐ์กด ๊ทœ์น™์ด ๋ชจ๋‘ ์‚ญ์ œ๋ฉ๋‹ˆ๋‹ค.


๐Ÿ”Ÿ ๋ผ์šฐํŒ… ํ—ˆ์šฉ (forward)

ํฌ์›Œ๋”ฉ ํ—ˆ์šฉ

BASH
sudo ufw route allow in on eth0 out on eth1


๐Ÿ’ก ๊ด€๋ จ ์นดํ…Œ๊ณ ๋ฆฌ ์ตœ์‹ ๊ธ€

โ† ๋ชฉ๋ก์œผ๋กœ ๋Œ์•„๊ฐ€๊ธฐ