--- title: description: date: 2023-04-21 lang: zh-tw tags: - 樹莓派 - Linux - docker --- # 樹莓派筆記-ufw&ufw-docker防火牆設置 安裝防火牆阻擋惡意連線 且處理ufw對docker不起作用這檔事 docker開port是根本不鳥你原始ufw的設置的 因此需要特別設定 ## 安裝防火牆ufw ```zsh= sudo apt-get install ufw -y ``` ## 開啟防火牆ufw ```zsh= sudo ufw enable ``` ## 查看防火牆狀態 ```zsh= ❯ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), allow (routed) New profiles: skip ``` ## 開啟防火牆日誌 ```zsh= sudo ufw logging on ``` ## 設定防火牆 允許私有IP 192.168.0.0 ~ 192.168.255.254 (Class C)能夠連線所有port ```zsh= sudo ufw allow from 192.168.0.0/16 ``` 或是，只先對全部開放port:22 :::danger SSH最好是用金鑰登入 ::: ```zsh= sudo ufw allow 22 ``` ## 配置docker-ufw 下載 `ufw-docker` 腳本 ```zsh= sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker chmod +x /usr/local/bin/ufw-docker ``` 安裝 `ufw-docker` 腳本 ```zsh= ufw-docker install ``` 重啟ufw ```zsh= sudo systemctl restart ufw ``` 使用方法 https://github.com/chaifeng/ufw-docker#%E4%BD%BF%E7%94%A8%E6%96%B9%E6%B3%95 ## Ref * https://xenby.com/b/258-%E6%95%99%E5%AD%B8-ufw-%E9%98%B2%E7%81%AB%E7%89%86%E8%A8%AD%E5%AE%9A%E8%BB%9F%E9%AB%94%E6%93%8D%E4%BD%9C%E6%8C%87%E5%8D%97 * https://chusiang.gitbooks.io/working-on-gnu-linux/content/07.ufw.html * https://man.archlinux.org/man/ufw.8 * https://github.com/chaifeng/ufw-docker#%E8%A7%A3%E5%86%B3-ufw-%E5%92%8C-docker-%E7%9A%84%E9%97%AE%E9%A2%98