๐ŸŒ IT Inform

ํ™ˆ ํ…Œํฌ ๋ณด์•ˆ ์ธํ”„๋ผ ๋ฆฌ๋ˆ…์Šค

[Ubuntu] ๋ฐฉํ™”๋ฒฝ(UFW) ์„ค์ • ๊ฐ€์ด๋“œ

๐Ÿ“… 2026-03-09 06:03:07.664153 | ๐Ÿ‘€ 32

Linux ์„œ๋ฒ„๋ฅผ ์šด์˜ํ•  ๋•Œ ๊ฐ€์žฅ ์ค‘์š”ํ•œ ์š”์†Œ ์ค‘ ํ•˜๋‚˜๋Š” ๋ฐฉํ™”๋ฒฝ ์„ค์ •์ž…๋‹ˆ๋‹ค.

Ubuntu์—์„œ๋Š” Uncomplicated Firewall(UFW) ๋ผ๋Š” ๋ฐฉํ™”๋ฒฝ ๊ด€๋ฆฌ ๋„๊ตฌ๋ฅผ ์ œ๊ณตํ•˜๋ฉฐ, ๋ณต์žกํ•œ iptables ๊ทœ์น™์„ ์‰ฝ๊ฒŒ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“ค์–ด์กŒ์Šต๋‹ˆ๋‹ค.


์ด๋ฒˆ ๊ธ€์—์„œ๋Š” Ubuntu์—์„œ UFW ์„ค์น˜๋ถ€ํ„ฐ ๊ธฐ๋ณธ ๋ฐฉํ™”๋ฒฝ ์„ค์ •๊นŒ์ง€ ๋‹จ๊ณ„๋ณ„๋กœ ์„ค๋ช…ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.


1. UFW๋ž€ ๋ฌด์—‡์ธ๊ฐ€

UFW๋Š” Ubuntu์—์„œ ๊ธฐ๋ณธ ์ œ๊ณต๋˜๋Š” ๋ฐฉํ™”๋ฒฝ ๊ด€๋ฆฌ ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

๋ฆฌ๋ˆ…์Šค์˜ ๋ฐฉํ™”๋ฒฝ์€ ์›๋ž˜ iptables๋ฅผ ์‚ฌ์šฉํ•˜์ง€๋งŒ ์„ค์ •์ด ๋ณต์žกํ•˜๊ธฐ ๋•Œ๋ฌธ์—, UFW๋Š” ์ด๋ฅผ ๊ฐ„๋‹จํ•œ ๋ช…๋ น์–ด๋กœ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“  ์ธํ„ฐํŽ˜์ด์Šค์ž…๋‹ˆ๋‹ค.

UFW์˜ ํŠน์ง•

- iptables ๊ธฐ๋ฐ˜ ๋ฐฉํ™”๋ฒฝ ๊ด€๋ฆฌ

- ๊ฐ„๋‹จํ•œ ๋ช…๋ น์–ด ์‚ฌ์šฉ

- Ubuntu ๊ธฐ๋ณธ ์ง€์›


2. UFW ์„ค์น˜ ํ™•์ธ

Ubuntu์—์„œ๋Š” ๋Œ€๋ถ€๋ถ„ ๊ธฐ๋ณธ์ ์œผ๋กœ ์„ค์น˜๋˜์–ด ์žˆ์œผ๋ฉฐ, ๋‹ค์Œ ๋ช…๋ น์–ด๋กœ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
ufw status


์„ค์น˜๋˜์–ด ์žˆ์ง€ ์•Š๋‹ค๋ฉด ์•„๋ž˜ ๋ช…๋ น์–ด๋กœ ์„ค์น˜ํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
sudo apt update
sudo apt install ufw


3. UFW ๊ธฐ๋ณธ ์ •์ฑ… ์„ค์ •

๋ฐฉํ™”๋ฒฝ์˜ ๊ธฐ๋ณธ ์ •์ฑ…์€ ๋“ค์–ด์˜ค๋Š” ํŠธ๋ž˜ํ”ฝ ์ฐจ๋‹จ / ๋‚˜๊ฐ€๋Š” ํŠธ๋ž˜ํ”ฝ ํ—ˆ์šฉ์œผ๋กœ ์„ค์ •ํ•˜๋Š” ๊ฒƒ์ด ์ผ๋ฐ˜์ ์ž…๋‹ˆ๋‹ค.

CODE
bash
sudo ufw default deny incoming
sudo ufw default allow outgoing


deny incoming - ์™ธ๋ถ€์—์„œ ๋“ค์–ด์˜ค๋Š” ๋ชจ๋“  ์ ‘์†์„ ๊ธฐ๋ณธ์ ์œผ๋กœ ์ฐจ๋‹จ

allow outgoing - ์„œ๋ฒ„์—์„œ ์™ธ๋ถ€๋กœ ๋‚˜๊ฐ€๋Š” ํ†ต์‹ ์€ ํ—ˆ์šฉ

์ด ์„ค์ •์€ ์„œ๋ฒ„ ๋ณด์•ˆ์˜ ๊ธฐ๋ณธ์ ์ธ ์ •์ฑ…์ž…๋‹ˆ๋‹ค.


4. ํŠน์ • Port ๋ฐ ์„œ๋น„์Šค ์ ‘์† ํ—ˆ์šฉ

์„œ๋ฒ„๋ฅผ ์›๊ฒฉ์œผ๋กœ ๊ด€๋ฆฌํ•˜๋Š” ๊ฒฝ์šฐ SSH ์ ‘์†์„ ๋จผ์ € ํ—ˆ์šฉํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

SSH๋ฅผ ํ—ˆ์šฉํ•˜์ง€ ์•Š๊ณ  ๋ฐฉํ™”๋ฒฝ์„ ํ™œ์„ฑํ™”ํ•˜๋ฉด ์„œ๋ฒ„ ์ ‘์†์ด ์ฐจ๋‹จ๋  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.


ํŠน์ • ์„œ๋น„์Šค ์ ‘๊ทผ ํ—ˆ์šฉ ๋ช…๋ น์–ด

CODE
bash
sudo ufw allow http


ํŠน์ • ํฌํŠธ ์ ‘๊ทผ ํ—ˆ์šฉ ๋ช…๋ น์–ด

CODE
bash
sudo ufw allow 443/tcp


ํŠน์ • IP + ํฌํŠธ ํ—ˆ์šฉ

CODE
bash
sudo ufw allow from 192.168.1.10 to any port 22 proto tcp


5. UFW ํ™œ์„ฑํ™”

์„ค์ •์ด ์™„๋ฃŒ๋˜๋ฉด ๋ฐฉํ™”๋ฒฝ์„ ํ™œ์„ฑํ™”ํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
sudo ufw enable


ํ™œ์„ฑํ™” ์‹œ ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๋ฉ”์‹œ์ง€๊ฐ€ ์ถœ๋ ฅ๋ฉ๋‹ˆ๋‹ค.

Firewall is active and enabled on system startup


6. UFW ์ƒํƒœ ํ™•์ธ

ํ˜„์žฌ ์„ค์ •๋œ ๋ฐฉํ™”๋ฒฝ ๊ทœ์น™์„ ํ™•์ธํ•˜๋ ค๋ฉด ๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
sudo ufw status


์ž์„ธํ•œ ์ •๋ณด๋ฅผ ๋ณด๋ ค๋ฉด

CODE
bash
sudo ufw status verbose


์˜ˆ์‹œ ์ถœ๋ ฅ

Status: active

Logging: on (low)

Default: deny (incoming), allow (outgoing), deny (routed)

New profiles: skip


To             Action   From

--             ------   ----

22/tcp           ALLOW IN  192.168.1.10

80/tcp          ALLOW IN  Anywhere

443/tcp          ALLOW IN  Anywhere


7. UFW ๊ทœ์น™ ์‚ญ์ œ

ํ—ˆ์šฉํ•œ ํฌํŠธ๋ฅผ ์ œ๊ฑฐํ•˜๋ ค๋ฉด ๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
sudo ufw delete allow 80/tcp


๋ฒˆํ˜ธ๋กœ ์‚ญ์ œํ•˜๋Š” ๋ฐฉ๋ฒ•

๋จผ์ € ๊ทœ์น™ ๋ชฉ๋ก ํ™•์ธ

CODE
bash
sudo ufw status numbered


์˜ˆ์‹œ

[ 1] 22/tcp ALLOW IN Anywhere

[ 2] 80/tcp ALLOW IN Anywhere


์‚ญ์ œ

CODE
bash
sudo ufw delete 2


8. UFW ๋น„ํ™œ์„ฑํ™”

๋ฐฉํ™”๋ฒฝ์„ ๋น„ํ™œ์„ฑํ™”ํ•˜๋ ค๋ฉด ๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

CODE
bash
sudo ufw disable


9. UFW ๋กœ๊ทธ ํ™•์ธ

UFW ๋กœ๊ทธ๋Š” ๋‹ค์Œ ์œ„์น˜์— ์ €์žฅ๋ฉ๋‹ˆ๋‹ค.

/var/log/ufw.log


Ubuntu ์„œ๋ฒ„๋ฅผ ์šด์˜ํ•  ๋•Œ UFW๋Š” ๊ฐ€์žฅ ๊ธฐ๋ณธ์ ์ธ ๋ณด์•ˆ ์„ค์ • ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

๋ณต์žกํ•œ iptables ์„ค์ • ์—†์ด๋„ ๊ฐ„๋‹จํ•œ ๋ช…๋ น์–ด๋กœ ๋ฐฉํ™”๋ฒฝ ์ •์ฑ…์„ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๊ธฐ๋ณธ์ ์œผ๋กœ ๋‹ค์Œ ์„ค์ •์„ ์ ์šฉํ•˜๋Š” ๊ฒƒ์ด ์ข‹์Šต๋‹ˆ๋‹ค.

incoming ์ฐจ๋‹จ

SSH ํ—ˆ์šฉ

ํ•„์š”ํ•œ ํฌํŠธ๋งŒ ํ—ˆ์šฉ

UFW ํ™œ์„ฑํ™”


์ด๋Ÿฌํ•œ ์„ค์ •์„ ํ†ตํ•ด ์„œ๋ฒ„ ๋ณด์•ˆ์„ ํฌ๊ฒŒ ํ–ฅ์ƒ์‹œํ‚ฌ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

โ† ๋ชฉ๋ก์œผ๋กœ ๋Œ์•„๊ฐ€๊ธฐ