{"id":1967,"date":"2019-08-31T14:45:15","date_gmt":"2019-08-31T07:45:15","guid":{"rendered":"https:\/\/tino.vn\/?post_type=ht_kb&#038;p=1967"},"modified":"2019-09-15T10:34:46","modified_gmt":"2019-09-15T03:34:46","slug":"co-ban-ve-iptables","status":"publish","type":"ht_kb","link":"https:\/\/tino.vn\/blog\/docs\/co-ban-ve-iptables\/","title":{"rendered":"C\u1edf b\u1ea3n v\u1ec1 iptables"},"content":{"rendered":"<p><strong>Iptables<\/strong>\u00a0l\u00e0 m\u1ed9t h\u1ec7 th\u1ed1ng t\u01b0\u1eddng l\u1eeda (Firewall) ti\u00eau chu\u1ea9n \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh, t\u00edch h\u1ee3p m\u1eb7c \u0111\u1ecbnh trong h\u1ea7u h\u1ebft c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux (CentOS, Ubuntu\u2026). Iptables ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean vi\u1ec7c ph\u00e2n lo\u1ea1i v\u00e0 th\u1ef1c thi c\u00e1c package ra\/v\u00e0o theo c\u00e1c quy t\u1eafc \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp t\u1eeb tr\u01b0\u1edbc.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-2012\" src=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/Iptables.jpg\" sizes=\"(max-width: 705px) 100vw, 705px\" srcset=\"https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/Iptables.jpg 705w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/1_Iptables-300x146.jpg 300w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/Iptables-665x324.jpg 665w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/Iptables-60x29.jpg 60w, https:\/\/tino.vn\/blog\/wp-content\/uploads\/2019\/08\/Iptables-150x73.jpg 150w\" alt=\"iptables\" width=\"705\" height=\"344\" title=\"\"><\/p>\n<p>Trong b\u00e0i vi\u1ebft n\u00e0y, m\u00ecnh s\u1ebd h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng Iptables m\u1ed9t c\u00e1ch \u0111\u01a1n gi\u1ea3n v\u00e0 d\u1ec5 d\u00e0ng nh\u1ea5t \u0111\u1ec3 c\u00e1c b\u1ea1n c\u00f3 th\u1ec3 t\u1ef1 thi\u1ebft l\u1eadp VPS firewall cho ri\u00eang m\u00ecnh, c\u0169ng nh\u01b0 m\u1edf port theo nhu c\u1ea7u.<\/p>\n<p>&nbsp;<\/p>\n<h2 id=\"1._C\u00e0i_\u0111\u1eb7t_Iptables\">1. C\u00e0i \u0111\u1eb7t Iptables<\/h2>\n<p>\u2013 Iptables th\u01b0\u1eddng \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh trong h\u1ec7 th\u1ed1ng. N\u1ebfu ch\u01b0a \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t:<\/p>\n<ul>\n<li>CentOS:\u00a0<code># yum install iptables<\/code><\/li>\n<li>Ubuntu:\u00a0<code># apt-get install iptables<\/code><\/li>\n<\/ul>\n<p>CentOS 7 s\u1eed d\u1ee5ng FirewallD l\u00e0m t\u01b0\u1eddng l\u1eeda m\u1eb7c \u0111\u1ecbnh thay v\u00ec Iptables. N\u1ebfu b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng Iptables th\u1ef1c hi\u1ec7n:<\/p>\n<pre># systemctl mask firewalld\r\n# systemctl enable iptables\r\n# systemctl enable ip6tables\r\n# systemctl stop firewalld\r\n# systemctl start iptables\r\n# systemctl start ip6tables\r\n<\/pre>\n<p>\u2013 Ki\u1ec3m tra Iptables \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t trong h\u1ec7 th\u1ed1ng:<br \/>\nTr\u00ean\u00a0CentOS:<\/p>\n<pre># rpm -q iptables\r\niptables-1.4.21-28.el7.x86_64\r\n# iptables --version\r\niptables v1.4.12<\/pre>\n<p>Tr\u00ean Ubuntu:<\/p>\n<pre># iptables --version\r\niptables v1.6.0<\/pre>\n<p><strong>L\u01b0u \u00fd<\/strong>: Tr\u01b0\u1edbc khi c\u00e0i \u0111\u1eb7t tr\u00ean Ubuntu, b\u1ea1n c\u1ea7n v\u00f4 hi\u1ec7u ufw \u0111\u1ec3 tr\u00e1nh xung \u0111\u1ed9t do ufw v\u00e0 iptables \u0111\u1ec1u l\u00e0 t\u01b0\u1eddng l\u1eeda m\u1eb7c \u0111\u1ecbnh.<\/p>\n<pre># ufw disable<\/pre>\n<p>\u2013 Check t\u00ecnh tr\u1ea1ng c\u1ee7a Iptables, c\u0169ng nh\u01b0 c\u00e1ch b\u1eadt t\u1eaft services tr\u00ean CentOS<\/p>\n<pre># service iptables status\r\n# service iptables start\r\n# service iptables stop\r\n# service iptables restart<\/pre>\n<p>\u2013 Kh\u1edfi \u0111\u1ed9ng Iptables c\u00f9ng h\u1ec7 th\u1ed1ng<\/p>\n<pre># chkconfig iptables on<\/pre>\n<p>Tr\u00ean Ubuntu, Iptables l\u00e0 chu\u1ed7i l\u1ec7nh kh\u00f4ng ph\u1ea3i l\u00e0 1 services n\u00ean b\u1ea1n kh\u00f4ng th\u1ec3 start, stop hay restart. M\u1ed9t c\u00e1ch \u0111\u01a1n gi\u1ea3n \u0111\u1ec3 v\u00f4 hi\u1ec7u h\u00f3a l\u00e0 b\u1ea1n x\u00f3a h\u1ebft to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc \u0111\u00e3 thi\u1ebft l\u1eadp b\u1eb1ng l\u1ec7nh flush:<\/p>\n<pre># iptables -F<\/pre>\n<h2 id=\"2._C\u00e1c_nguy\u00ean_t\u1eafc_\u00e1p_d\u1ee5ng_trong_Iptables\">2. C\u00e1c nguy\u00ean t\u1eafc \u00e1p d\u1ee5ng trong Iptables<\/h2>\n<p>\u0110\u1ec3 b\u1eaft \u0111\u1ea7u, b\u1ea1n c\u1ea7n x\u00e1c \u0111\u1ecbnh c\u00e1c services mu\u1ed1n \u0111\u00f3ng\/m\u1edf v\u00e0 c\u00e1c port t\u01b0\u01a1ng \u1ee9ng.<\/p>\n<p>V\u00ed d\u1ee5, v\u1edbi m\u1ed9t website v\u00e0 mail server th\u00f4ng th\u01b0\u1eddng<\/p>\n<ul>\n<li>\u0110\u1ec3 truy c\u1eadp VPS b\u1eb1ng SSH, b\u1ea1n c\u1ea7n m\u1edf port SSH \u2013 22.<\/li>\n<li>\u0110\u1ec3 truy c\u1eadp website, b\u1ea1n c\u1ea7n m\u1edf port HTTP \u2013 80 v\u00e0 HTTPS \u2013 443.<\/li>\n<li>\u0110\u1ec3 g\u1eedi mail, b\u1ea1n s\u1ebd c\u1ea7n m\u1edf port SMTP\u00a0\u2013 22 v\u00e0 SMTPS \u2013 465\/587<\/li>\n<li>\u0110\u1ec3 ng\u01b0\u1eddi d\u00f9ng nh\u1eadn \u0111\u01b0\u1ee3c email, b\u1ea1n c\u1ea7n m\u1edf port POP3 \u2013 110, POP3s \u2013 995, IMAP \u2013 143 v\u00e0 IMAPs \u2013 993<\/li>\n<\/ul>\n<p>Sau khi \u0111\u00e3 x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c c\u00e1c port c\u1ea7n m\u1edf, b\u1ea1n c\u1ea7n thi\u1ebft l\u1eadp c\u00e1c quy t\u1eafc t\u01b0\u1eddng l\u1eeda t\u01b0\u01a1ng \u1ee9ng \u0111\u1ec3 cho ph\u00e9p.<\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 x\u00f3a to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc firewall m\u1eb7c \u0111\u1ecbnh \u0111\u1ec3 b\u1eaft \u0111\u1ea7u t\u1eeb \u0111\u1ea7u:\u00a0<code># iptables -F<\/code><\/p>\n<p>M\u00ecnh s\u1ebd h\u01b0\u1edbng d\u1eabn c\u00e1c b\u1ea1n xem v\u00e0 hi\u1ec3u c\u00e1c quy t\u1eafc c\u1ee7a iptables. Li\u1ec7t k\u00ea c\u00e1c quy t\u1eafc hi\u1ec7n t\u1ea1i:<\/p>\n<pre># iptables -L<\/pre>\n<pre>Chain INPUT (policy ACCEPT)\r\ntarget     prot opt source               destination\r\nACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED\r\nACCEPT     icmp --  anywhere             anywhere\r\nACCEPT     all  --  anywhere             anywhere\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh\r\nREJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps\r\nChain FORWARD (policy ACCEPT)\r\ntarget     prot opt source               destination\r\nREJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget     prot opt source               destination\r\n<\/pre>\n<p>C\u1ed9t 1: TARGET h\u00e0nh \u0111\u1ed9ng s\u1ebd \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng cho m\u1ed7i quy t\u1eafc<\/p>\n<ul>\n<li>Accept: g\u00f3i d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c chuy\u1ec3n ti\u1ebfp \u0111\u1ec3 x\u1eed l\u00fd t\u1ea1i \u1ee9ng d\u1ee5ng cu\u1ed1i ho\u1eb7c h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/li>\n<li>Drop: g\u00f3i d\u1eef li\u1ec7u b\u1ecb ch\u1eb7n, lo\u1ea1i b\u1ecf<\/li>\n<li>Reject: g\u00f3i d\u1eef li\u1ec7u b\u1ecb ch\u1eb7n, lo\u1ea1i b\u1ecf \u0111\u1ed3ng th\u1eddi g\u1eedi m\u1ed9t th\u00f4ng b\u00e1o l\u1ed7i t\u1edbi ng\u01b0\u1eddi g\u1eedi<\/li>\n<\/ul>\n<p>C\u1ed9t 2: PROT (protocol \u2013 giao th\u1ee9c) quy \u0111\u1ecbnh c\u00e1c giao th\u1ee9c s\u1ebd \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u1ec3 th\u1ef1c thi quy t\u1eafc, bao g\u1ed3m all, TCP hay UDP. C\u00e1c \u1ee9ng d\u1ee5ng SSH, FTP, sFTP\u2026 \u0111\u1ec1u s\u1eed d\u1ee5ng giao th\u1ee9c TCP.<\/p>\n<p>C\u1ed9t 4, 5: SOURCE v\u00e0 DESTINATION \u0111\u1ecba ch\u1ec9 c\u1ee7a l\u01b0\u1ee3t truy c\u1eadp \u0111\u01b0\u1ee3c ph\u00e9p \u00e1p d\u1ee5ng quy t\u1eafc.<\/p>\n<h2 id=\"3.\u00a0C\u00e1ch_s\u1eed_d\u1ee5ng_Iptables_\u0111\u1ec3_m\u1edf_port_VPS\">3.\u00a0C\u00e1ch s\u1eed d\u1ee5ng Iptables \u0111\u1ec3 m\u1edf port VPS<\/h2>\n<p>\u0110\u1ec3 m\u1edf port trong Iptables, b\u1ea1n c\u1ea7n ch\u00e8n chu\u1ed7i ACCEPT PORT. C\u1ea5u tr\u00fac l\u1ec7nh \u0111\u1ec3 m\u1edf port xxx nh\u01b0 sau:<\/p>\n<pre># iptables -A INPUT\u00a0-p tcp -m tcp\u00a0--dport xxx -j ACCEPT<\/pre>\n<p>A t\u1ee9c Append \u2013 ch\u00e8n v\u00e0o chu\u1ed7i INPUT (ch\u00e8n xu\u1ed1ng cu\u1ed1i)<br \/>\nho\u1eb7c<\/p>\n<pre># iptables -I INPUT -p tcp -m tcp\u00a0--dport xxx -j ACCEPT<\/pre>\n<p>I t\u1ee9c Insert- ch\u00e8n v\u00e0o chu\u1ed7i INPUT (ch\u00e8n v\u00e0o d\u00f2ng ch\u1ec9 \u0111\u1ecbnh rulenum)<br \/>\n\u0110\u1ec3 tr\u00e1nh xung \u0111\u1ed9t v\u1edbi rule g\u1ed1c, c\u00e1c b\u1ea1n n\u00ean ch\u00e8n rule v\u00e0o \u0111\u1ea7u, s\u1eed d\u1ee5ng\u00a0<code>-I<\/code><\/p>\n<h3 id=\"3.1._M\u1edf_port_SSH\">3.1. M\u1edf port SSH<\/h3>\n<p>\u0110\u1ec3 truy c\u1eadp VPS qua SSH, b\u1ea1n c\u1ea7n m\u1edf port SSH 22. B\u1ea1n c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebft n\u1ed1i SSH \u1edf b\u1ea5t c\u1ee9 thi\u1ebft b\u1ecb n\u00e0o, b\u1edfi b\u1ea5t c\u1ee9 ai v\u00e0 b\u1ea5t c\u1ee9 d\u00e2u.<\/p>\n<pre># iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT<\/pre>\n<p>M\u1eb7c \u0111\u1ecbnh s\u1ebd hi\u1ec3n th\u1ecb ssh cho c\u1ed5ng 22, n\u1ebfu b\u1ea1n \u0111\u1ed5i ssh th\u00e0nh c\u1ed5ng kh\u00e1c th\u00ec iptables s\u1ebd hi\u1ec3n th\u1ecb s\u1ed1 c\u1ed5ng<\/p>\n<pre>ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh<\/pre>\n<p>B\u1ea1n c\u00f3 th\u1ec3 ch\u1ec9 cho ph\u00e9p k\u1ebft n\u1ed1i VPS qua SSH duy nh\u1ea5t t\u1eeb 1 \u0111\u1ecba ch\u1ec9 IP nh\u1ea5t \u0111\u1ecbnh (x\u00e1c \u0111\u1ecbnh d\u1ec5 d\u00e0ng b\u1eb1ng c\u00e1ch truy c\u1eadp c\u00e1c website check ip ho\u1eb7c l\u1ec7nh\u00a0<code># w<\/code>)<\/p>\n<pre># iptables -I INPUT -p tcp -s xxx.xxx.xxx.xxx -m tcp --dport 22 -j ACCEPT<\/pre>\n<p>Khi \u0111\u00f3, trong iptables s\u1ebd th\u00eam rule<\/p>\n<pre>ACCEPT     tcp  --  xxx.xxx.xxx.xxx       anywhere            tcp dpt:ssh<\/pre>\n<h3 id=\"3.2._M\u1edf_port_Web_Server\">3.2. M\u1edf port Web Server<\/h3>\n<p>\u0110\u1ec3 cho ph\u00e9p truy c\u1eadp v\u00e0o webserver qua port m\u1eb7c \u0111\u1ecbnh 80 v\u00e0 443:<\/p>\n<pre># iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT\r\n# iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT<\/pre>\n<p>M\u1eb7c \u0111\u1ecbnh Iptables s\u1ebd hi\u1ec3n th\u1ecb HTTP v\u00e0 HTTPS<\/p>\n<pre>ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https<\/pre>\n<h3 id=\"3.3._M\u1edf_port_Mail\">3.3. M\u1edf port Mail<\/h3>\n<p>\u2013 \u0110\u1ec3 cho ph\u00e9p user s\u1eed d\u1ee5ng SMTP servers qua port m\u1eb7c \u0111\u1ecbnh 25 v\u00e0 465:<\/p>\n<pre># iptables -I INPUT -p tcp -m tcp --dport 25 -j ACCEPT\r\n# iptables -I INPUT -p tcp -m tcp --dport 465 -j ACCEPT<\/pre>\n<p>M\u1eb7c \u0111\u1ecbnh Iptables s\u1ebd hi\u1ec3n th\u1ecb SMTP v\u00e0 URD<\/p>\n<pre>ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd<\/pre>\n<p>\u2013 \u0110\u1ec3 user \u0111\u1ecdc email tr\u00ean server, b\u1ea1n c\u1ea7n m\u1edf port POP3 (port m\u1eb7c \u0111\u1ecbnh 110 v\u00e0 995)<\/p>\n<pre># iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT\r\n# iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT<\/pre>\n<p>M\u1eb7c \u0111\u1ecbnh Iptables s\u1ebd hi\u1ec3n th\u1ecb POP3 v\u00e0 POP3S<\/p>\n<pre>ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s<\/pre>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, b\u1ea1n c\u0169ng c\u1ea7n cho ph\u00e9p giao th\u1ee9c IMAP mail protocol (port m\u1eb7c \u0111\u1ecbnh 143 v\u00e0 993)<\/p>\n<pre># iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT\r\n# iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT<\/pre>\n<p>M\u1eb7c \u0111\u1ecbnh Iptables s\u1ebd hi\u1ec3n th\u1ecb IMAP v\u00e0 IMAPS<\/p>\n<pre>ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap\r\nACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps<\/pre>\n<h3 id=\"3.4._Ch\u1eb7n_1_IP_truy_c\u1eadp\">3.4. Ch\u1eb7n 1 IP truy c\u1eadp<\/h3>\n<pre># iptables -A INPUT -s IP_ADDRESS -j DROP<\/pre>\n<p>\u2013 Ch\u1eb7n 1 IP truy c\u1eadp 1 port c\u1ee5 th\u1ec3:<\/p>\n<pre>#iptables -A INPUT -p tcp -s IP_ADDRESS \u2013dport PORT -j DROP<\/pre>\n<p>Sau khi \u0111\u00e3 thi\u1ebft l\u1eadp \u0111\u1ea7y \u0111\u1ee7, bao g\u1ed3m m\u1edf c\u00e1c port c\u1ea7n thi\u1ebft hay h\u1ea1n ch\u1ebf c\u00e1c k\u1ebft n\u1ed1i, b\u1ea1n c\u1ea7n block to\u00e0n b\u1ed9 c\u00e1c k\u1ebft n\u1ed1i c\u00f2n l\u1ea1i v\u00e0 cho ph\u00e9p to\u00e0n b\u1ed9 c\u00e1c k\u1ebft n\u1ed1i ra ngo\u00e0i t\u1eeb VPS<\/p>\n<pre># iptables -P OUTPUT ACCEPT\r\n# iptables -P INPUT DROP<\/pre>\n<p>Sau khi \u0111\u00e3 thi\u1ebft l\u1eadp xong, b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra l\u1ea1i c\u00e1c quy t\u1eafc<\/p>\n<pre># service iptables status<\/pre>\n<p>Ho\u1eb7c<\/p>\n<pre># iptables -L \u2013n<\/pre>\n<p><code>-n<\/code> ngh\u0129a l\u00e0 ch\u00fang ta ch\u1ec9 quan t\u00e2m m\u1ed7i \u0111\u1ecba ch\u1ec9 IP . V\u00ed d\u1ee5, n\u1ebfu ch\u1eb7n k\u1ebft n\u1ed1i t\u1eeb tino th\u00ec iptables s\u1ebd hi\u1ec3n th\u1ecb l\u00e0 xxx.xxx.xxx.xxx v\u1edbi tham s\u1ed1 -n<br \/>\nCu\u1ed1i c\u00f9ng, b\u1ea1n c\u1ea7n l\u01b0u l\u1ea1i c\u00e1c thi\u1ebft l\u1eadp t\u01b0\u1eddng l\u1eeda Iptables n\u1ebfu kh\u00f4ng c\u00e1c thi\u1ebft l\u1eadp s\u1ebd m\u1ea5t khi b\u1ea1n reboot h\u1ec7 th\u1ed1ng. T\u1ea1i CentOS, c\u1ea5u h\u00ecnh \u0111\u01b0\u1ee3c l\u01b0u t\u1ea1i \/etc\/sysconfig\/iptables.<\/p>\n<pre># iptables-save | sudo tee \/etc\/sysconfig\/iptables<\/pre>\n<p>Ho\u1eb7c<\/p>\n<pre># service iptables save\r\niptables: Saving firewall rules to \/etc\/sysconfig\/iptables:[ OK ]<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iptables\u00a0l\u00e0 m\u1ed9t h\u1ec7 th\u1ed1ng t\u01b0\u1eddng l\u1eeda (Firewall) ti\u00eau chu\u1ea9n \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh, t\u00edch h\u1ee3p m\u1eb7c \u0111\u1ecbnh trong h\u1ea7u h\u1ebft c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux (CentOS, Ubuntu\u2026). Iptables ho\u1ea1t \u0111\u1ed9ng d\u1ef1a tr\u00ean vi\u1ec7c ph\u00e2n lo\u1ea1i v\u00e0 th\u1ef1c thi c\u00e1c package ra\/v\u00e0o theo c\u00e1c quy t\u1eafc \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp t\u1eeb tr\u01b0\u1edbc. Trong b\u00e0i [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":1968,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"tags":[],"ht_kb_category":[17],"class_list":["post-1967","ht_kb","type-ht_kb","status-publish","format-standard","has-post-thumbnail","hentry","ht_kb_category-huong-dan-ve-cloud-vps"],"_links":{"self":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/1967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb"}],"about":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/comments?post=1967"}],"version-history":[{"count":0,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb\/1967\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media\/1968"}],"wp:attachment":[{"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/media?parent=1967"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/tags?post=1967"},{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/tino.vn\/blog\/wp-json\/wp\/v2\/ht_kb_category?post=1967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}