{"id":38310,"date":"2026-01-22T09:27:15","date_gmt":"2026-01-22T02:27:15","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=38310"},"modified":"2026-01-22T09:27:15","modified_gmt":"2026-01-22T02:27:15","slug":"ufw-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/ufw-la-gi\/","title":{"rendered":"UFW l\u00e0 g\u00ec? To\u00e0n t\u1eadp v\u1ec1 Ubuntu Firewall v\u00e0 c\u00e1c l\u1ec7nh, c\u00e1ch c\u00e0i \u0111\u1eb7t"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#UFW-la-gi\" >UFW l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Vi-sao-UFW-pho-bien-tren-Ubuntu-Server\" >V\u00ec sao UFW ph\u1ed5 bi\u1ebfn tr\u00ean Ubuntu Server?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Don-gian-hoa-quy-trinh-Firewall\" >\u0110\u01a1n gi\u1ea3n h\u00f3a quy tr\u00ecnh Firewall<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Giam-rui-ro-cau-hinh-sai-Human-Error\" >Gi\u1ea3m r\u1ee7i ro c\u1ea5u h\u00ecnh sai (Human Error)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Duoc-cai-dat-mac-dinh-va-khuyen-nghi\" >\u0110\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh v\u00e0 khuy\u1ebfn ngh\u1ecb<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Uu-diem-va-nhuoc-diem-khi-su-dung-cong-cu-UFW\" >\u01afu \u0111i\u1ec3m v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m khi s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 UFW<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Uu-diem-cua-UFW\" >\u01afu \u0111i\u1ec3m c\u1ee7a UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Nhuoc-diem-cua-UFW\" >Nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a UFW<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#So-sanh-UFW-va-Iptables-Nen-dung-cai-nao\" >So s\u00e1nh UFW v\u00e0 Iptables: N\u00ean d\u00f9ng c\u00e1i n\u00e0o?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Truong-hop-nen-dung-UFW\" >Tr\u01b0\u1eddng h\u1ee3p n\u00ean d\u00f9ng UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Truong-hop-nen-dung-Iptables-hoac-Nftables\" >Tr\u01b0\u1eddng h\u1ee3p n\u00ean d\u00f9ng Iptables (ho\u1eb7c Nftables)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Khi-nao-ban-nen-su-dung-UFW\" >Khi n\u00e0o b\u1ea1n n\u00ean s\u1eed d\u1ee5ng UFW?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#VPS-ca-nhan-va-Blog\" >VPS c\u00e1 nh\u00e2n v\u00e0 Blog<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Server-chay-WebApp-pho-bien\" >Server ch\u1ea1y Web\/App ph\u1ed5 bi\u1ebfn<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Moi-truong-khong-yeu-cau-rule-phuc-tap\" >M\u00f4i tr\u01b0\u1eddng kh\u00f4ng y\u00eau c\u1ea7u rule ph\u1ee9c t\u1ea1p<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Dieu-kien-can-co-truoc-khi-cai-dat-UFW\" >\u0110i\u1ec1u ki\u1ec7n c\u1ea7n c\u00f3 tr\u01b0\u1edbc khi c\u00e0i \u0111\u1eb7t UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Huong-dan-cai-dat-UFW-tren-cac-he-dieu-hanh-Linux-pho-bien\" >H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t UFW tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux ph\u1ed5 bi\u1ebfn<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cai-dat-UFW-tren-Ubuntu\" >C\u00e0i \u0111\u1eb7t UFW tr\u00ean Ubuntu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cai-dat-UFW-tren-Debian\" >C\u00e0i \u0111\u1eb7t UFW tr\u00ean Debian<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cai-dat-UFW-tren-CentOS\" >C\u00e0i \u0111\u1eb7t UFW tr\u00ean CentOS<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cac-quy-tac-va-lenh-UFW-thuong-dung-trong-thuc-te\" >C\u00e1c quy t\u1eafc v\u00e0 l\u1ec7nh UFW th\u01b0\u1eddng d\u00f9ng trong th\u1ef1c t\u1ebf<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Kiem-tra-trang-thai-UFW-dang-bat-hay-tat\" >Ki\u1ec3m tra tr\u1ea1ng th\u00e1i UFW \u0111ang b\u1eadt hay t\u1eaft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cach-tat-UFW-khi-can-thiet\" >C\u00e1ch t\u1eaft UFW khi c\u1ea7n thi\u1ebft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Chan-mot-dia-chi-IP-cu-the-bang-UFW\" >Ch\u1eb7n m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u1ee5 th\u1ec3 b\u1eb1ng UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Chan-mot-mang-con-subnet-bang-UFW\" >Ch\u1eb7n m\u1ed9t m\u1ea1ng con (subnet) b\u1eb1ng UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Chan-ket-noi-tu-IP-den-mot-Network-Interface-cu-the\" >Ch\u1eb7n k\u1ebft n\u1ed1i t\u1eeb IP \u0111\u1ebfn m\u1ed9t Network Interface c\u1ee5 th\u1ec3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cho-phep-mot-dia-chi-IP-duoc-ket-noi\" >Cho ph\u00e9p m\u1ed9t \u0111\u1ecba ch\u1ec9 IP \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cho-phep-IP-ket-noi-thong-qua-Network-Interface-cu-the\" >Cho ph\u00e9p IP k\u1ebft n\u1ed1i th\u00f4ng qua Network Interface c\u1ee5 th\u1ec3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cach-xoa-cac-quy-tac-UFW-da-thiet-lap\" >C\u00e1ch x\u00f3a c\u00e1c quy t\u1eafc UFW \u0111\u00e3 thi\u1ebft l\u1eadp<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Xoa-quy-tac-UFW-theo-ID\" >X\u00f3a quy t\u1eafc UFW theo ID<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Liet-ke-cac-ung-dung-co-san-trong-UFW\" >Li\u1ec7t k\u00ea c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 s\u1eb5n trong UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cach-cho-phep-ket-noi-SSH-bang-UFW\" >C\u00e1ch cho ph\u00e9p k\u1ebft n\u1ed1i SSH b\u1eb1ng UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cho-phep-SSH-tu-IP-hoac-mang-con-cu-the\" >Cho ph\u00e9p SSH t\u1eeb IP ho\u1eb7c m\u1ea1ng con c\u1ee5 th\u1ec3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cho-phep-Rsync-tu-IP-hoac-mang-con-cu-the\" >Cho ph\u00e9p Rsync t\u1eeb IP ho\u1eb7c m\u1ea1ng con c\u1ee5 th\u1ec3<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cho-phep-Nginx-HTTP-va-HTTPS-qua-UFW\" >Cho ph\u00e9p Nginx HTTP v\u00e0 HTTPS qua UFW<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Nhung-diem-can-dac-biet-luu-y-khi-lam-viec-voi-UFW-va-iptables\" >Nh\u1eefng \u0111i\u1ec3m c\u1ea7n \u0111\u1eb7c bi\u1ec7t l\u01b0u \u00fd khi l\u00e0m vi\u1ec7c v\u1edbi UFW v\u00e0 iptables<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Luu-y-ve-rule-mac-dinh-khi-bat-hoac-tat-UFW\" >L\u01b0u \u00fd v\u1ec1 rule m\u1eb7c \u0111\u1ecbnh khi b\u1eadt ho\u1eb7c t\u1eaft UFW<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-38\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Can-luu-cau-hinh-truoc-khi-ap-dung-iptables\" >C\u1ea7n l\u01b0u c\u1ea5u h\u00ecnh tr\u01b0\u1edbc khi \u00e1p d\u1ee5ng iptables<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-39\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cach-luu-va-khoi-phuc-cau-hinh-iptables\" >C\u00e1ch l\u01b0u v\u00e0 kh\u00f4i ph\u1ee5c c\u1ea5u h\u00ecnh iptables<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-40\" href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/#Cau-hoi-thuong-gap-FAQs\" >C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p (FAQs)<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong><a href=\"https:\/\/interdata.vn\/blog\/ufw-la-gi\/\">UFW l\u00e0 g\u00ec<\/a>\u00a0<\/strong>v\u00e0 t\u1ea1i sao n\u00f3 l\u1ea1i tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 kh\u00f4ng th\u1ec3 thi\u1ebfu \u0111\u1ed1i v\u1edbi qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng Linux? T\u1ea1i\u00a0InterData, ch\u00fang t\u00f4i nh\u1eadn th\u1ea5y r\u1eb1ng vi\u1ec7c b\u1ea3o m\u1eadt VPS ngay t\u1eeb b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean l\u00e0 y\u1ebfu t\u1ed1 then ch\u1ed1t \u0111\u1ec3 v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng \u1ed5n \u0111\u1ecbnh. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd ph\u00e2n t\u00edch chi ti\u1ebft v\u1ec1 Uncomplicated Firewall \u2013 gi\u1ea3i ph\u00e1p t\u01b0\u1eddng l\u1eeda gi\u00fap b\u1ea1n thi\u1ebft l\u1eadp h\u00e0ng r\u00e0o b\u1ea3o v\u1ec7 m\u00e1y ch\u1ee7 m\u1ea1nh m\u1ebd ch\u1ec9 v\u1edbi v\u00e0i c\u00e2u l\u1ec7nh \u0111\u01a1n gi\u1ea3n, gi\u1ea3i quy\u1ebft n\u1ed7i lo v\u1ec1 s\u1ef1 ph\u1ee9c t\u1ea1p c\u1ee7a c\u00e1c c\u00f4ng c\u1ee5 truy\u1ec1n th\u1ed1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"UFW-la-gi\"><\/span>UFW l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>UFW (Uncomplicated Firewall)<\/strong> l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd firewall tr\u00ean Linux, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf nh\u1eb1m <strong>\u0111\u01a1n gi\u1ea3n h\u00f3a vi\u1ec7c c\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda<\/strong>, \u0111\u1eb7c bi\u1ec7t tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh <strong>Ubuntu v\u00e0 Debian<\/strong>. Thay v\u00ec ph\u1ea3i l\u00e0m vi\u1ec7c tr\u1ef1c ti\u1ebfp v\u1edbi c\u00e1c rule ph\u1ee9c t\u1ea1p c\u1ee7a <strong>iptables<\/strong>, UFW cung c\u1ea5p m\u1ed9t l\u1edbp giao di\u1ec7n (frontend) gi\u00fap ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb thi\u1ebft l\u1eadp firewall th\u00f4ng qua c\u00e1c c\u00e2u l\u1ec7nh <strong>ng\u1eafn g\u1ecdn, d\u1ec5 \u0111\u1ecdc v\u00e0 \u00edt r\u1ee7i ro h\u01a1n<\/strong>.<\/p>\n<p>V\u1ec1 b\u1ea3n ch\u1ea5t, UFW <strong>kh\u00f4ng ph\u1ea3i l\u00e0 m\u1ed9t firewall \u0111\u1ed9c l\u1eadp<\/strong>. C\u00f4ng c\u1ee5 n\u00e0y ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t l\u1edbp tr\u1eebu t\u01b0\u1ee3ng (abstraction layer) ph\u00eda tr\u00ean iptables, tr\u00ean Ubuntu m\u1edbi, backend m\u1eb7c \u0111\u1ecbnh l\u00e0 nftables \u2013 h\u1ec7 th\u1ed1ng firewall c\u1ed1t l\u00f5i c\u1ee7a Linux kernel. Tr\u00ean c\u00e1c phi\u00ean b\u1ea3n Ubuntu hi\u1ec7n \u0111\u1ea1i (20.04+), UFW m\u1eb7c \u0111\u1ecbnh s\u1eed d\u1ee5ng nftables l\u00e0m backend, thay v\u00ec iptables truy\u1ec1n th\u1ed1ng.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38322\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/UFW-la-gi.jpg\" alt=\"UFW l\u00e0 g\u00ec?\" width=\"800\" height=\"425\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/UFW-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/UFW-la-gi-300x159.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/UFW-la-gi-768x408.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>Khi b\u1ea1n t\u1ea1o rule b\u1eb1ng UFW, c\u00e1c rule \u0111\u00f3 s\u1ebd \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng chuy\u1ec3n \u0111\u1ed5i v\u00e0 \u00e1p d\u1ee5ng xu\u1ed1ng iptables \u1edf t\u1ea7ng th\u1ea5p h\u01a1n. Nh\u1edd v\u1eady, ng\u01b0\u1eddi d\u00f9ng v\u1eabn t\u1eadn d\u1ee5ng \u0111\u01b0\u1ee3c s\u1ee9c m\u1ea1nh c\u1ee7a iptables nh\u01b0ng kh\u00f4ng c\u1ea7n n\u1eafm r\u00f5 c\u1ea5u tr\u00fac rule ph\u1ee9c t\u1ea1p c\u1ee7a n\u00f3.<\/p>\n<p>UFW \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n v\u00e0 duy tr\u00ec b\u1edfi <strong>Canonical<\/strong>, c\u00f4ng ty \u0111\u1ee9ng sau Ubuntu, v\u00e0 th\u01b0\u1eddng <strong>\u0111\u01b0\u1ee3c c\u00e0i s\u1eb5n tr\u00ean Ubuntu Server<\/strong>.<\/p>\n<p><strong>V\u00ed d\u1ee5 minh h\u1ecda: <\/strong>\u0110\u1ec3 m\u1edf c\u1ed5ng 80 (HTTP) cho Web Server:<\/p>\n<p><strong>V\u1edbi iptables:<\/strong> B\u1ea1n c\u1ea7n hi\u1ec3u v\u1ec1 chain, protocol v\u00e0 state.<\/p>\n<pre>iptables -A INPUT -p tcp --dport 80 -j ACCEPT<\/pre>\n<p><strong>V\u1edbi UFW:<\/strong> B\u1ea1n ch\u1ec9 c\u1ea7n ra l\u1ec7nh &#8220;cho ph\u00e9p&#8221;.<\/p>\n<pre>ufw allow 80\/tcp<\/pre>\n<p>S\u1ef1 kh\u00e1c bi\u1ec7t n\u00e0y gi\u00fap gi\u1ea3m thi\u1ec3u \u0111\u00e1ng k\u1ec3 th\u1eddi gian thao t\u00e1c v\u00e0 sai s\u00f3t trong qu\u00e1 tr\u00ecnh v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Vi-sao-UFW-pho-bien-tren-Ubuntu-Server\"><\/span>V\u00ec sao UFW ph\u1ed5 bi\u1ebfn tr\u00ean Ubuntu Server?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Theo th\u1ed1ng k\u00ea t\u1eeb W3Techs, Ubuntu hi\u1ec7n l\u00e0 b\u1ea3n ph\u00e2n ph\u1ed1i Linux ph\u1ed5 bi\u1ebfn nh\u1ea5t tr\u00ean c\u00e1c m\u00e1y ch\u1ee7 web, chi\u1ebfm h\u01a1n 30% th\u1ecb ph\u1ea7n Linux server to\u00e0n c\u1ea7u. S\u1ef1 ph\u1ed5 bi\u1ebfn c\u1ee7a Ubuntu k\u00e9o theo vi\u1ec7c c\u00f4ng c\u1ee5 UFW tr\u1edf th\u00e0nh ti\u00eau chu\u1ea9n m\u1eb7c \u0111\u1ecbnh trong vi\u1ec7c c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt c\u01a1 b\u1ea3n.<\/p>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng l\u00fd do khi\u1ebfn <strong>ufw ubuntu<\/strong> tr\u1edf th\u00e0nh t\u1eeb kh\u00f3a \u0111\u01b0\u1ee3c t\u00ecm ki\u1ebfm h\u00e0ng \u0111\u1ea7u:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Don-gian-hoa-quy-trinh-Firewall\"><\/span>\u0110\u01a1n gi\u1ea3n h\u00f3a quy tr\u00ecnh Firewall<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ed1i v\u1edbi c\u00e1c doanh nghi\u1ec7p v\u1eeba v\u00e0 nh\u1ecf ho\u1eb7c c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n c\u00e1 nh\u00e2n thu\u00ea VPS t\u1ea1i <strong>InterData<\/strong>, vi\u1ec7c d\u00e0nh h\u00e0ng gi\u1edd \u0111\u1ec3 h\u1ecdc c\u00fa ph\u00e1p iptables l\u00e0 kh\u00f4ng kh\u1ea3 thi. UFW gi\u00fap h\u1ecd thi\u1ebft l\u1eadp m\u1ed9t b\u1ee9c t\u01b0\u1eddng l\u1eeda c\u01a1 b\u1ea3n (Basic Firewall) ch\u1ec9 trong v\u00f2ng ch\u01b0a \u0111\u1ea7y 5 ph\u00fat.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38323\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Vi-sao-UFW-pho-bien-tren-Ubuntu-Server.jpg\" alt=\"V\u00ec sao UFW ph\u1ed5 bi\u1ebfn tr\u00ean Ubuntu Server\" width=\"585\" height=\"377\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Vi-sao-UFW-pho-bien-tren-Ubuntu-Server.jpg 585w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Vi-sao-UFW-pho-bien-tren-Ubuntu-Server-300x193.jpg 300w\" sizes=\"auto, (max-width: 585px) 100vw, 585px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giam-rui-ro-cau-hinh-sai-Human-Error\"><\/span>Gi\u1ea3m r\u1ee7i ro c\u1ea5u h\u00ecnh sai (Human Error)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong qu\u1ea3n tr\u1ecb m\u1ea1ng, &#8220;c\u1ea5u h\u00ecnh sai&#8221; nguy hi\u1ec3m h\u01a1n &#8220;kh\u00f4ng c\u1ea5u h\u00ecnh&#8221;. Vi\u1ec7c vi\u1ebft sai m\u1ed9t rule trong iptables c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c xung \u0111\u1ed9t quy t\u1eafc ho\u1eb7c v\u00f4 t\u00ecnh m\u1edf c\u1eeda cho hacker. UFW t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c b\u01b0\u1edbc x\u1eed l\u00fd h\u1eadu c\u1ea7n, \u0111\u1ea3m b\u1ea3o c\u00e1c rule \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u00fang logic v\u00e0 th\u1ee9 t\u1ef1 \u01b0u ti\u00ean.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Duoc-cai-dat-mac-dinh-va-khuyen-nghi\"><\/span>\u0110\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh v\u00e0 khuy\u1ebfn ngh\u1ecb<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>H\u1ea7u h\u1ebft c\u00e1c h\u01b0\u1edbng d\u1eabn Hardening (t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt) cho Ubuntu server \u0111\u1ec1u b\u1eaft \u0111\u1ea7u b\u1eb1ng vi\u1ec7c k\u00edch ho\u1ea1t UFW. N\u00f3 c\u00f3 s\u1eb5n tr\u00ean h\u1ec7 th\u1ed1ng (d\u00f9 m\u1eb7c \u0111\u1ecbnh \u0111ang t\u1eaft), gi\u00fap ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u1ea7n c\u00e0i \u0111\u1eb7t th\u00eam ph\u1ea7n m\u1ec1m t\u1eeb b\u00ean th\u1ee9 ba, gi\u1ea3m thi\u1ec3u r\u1ee7i ro v\u1ec1 \u0111\u1ed9 tin c\u1eady c\u1ee7a ph\u1ea7n m\u1ec1m.<\/p>\n<blockquote><p><strong>S\u1ed1 li\u1ec7u th\u1ef1c t\u1ebf:<\/strong> Trong c\u00e1c b\u00e0i ki\u1ec3m tra b\u1ea3o m\u1eadt CIS Benchmark (Center for Internet Security) d\u00e0nh cho Ubuntu Linux, vi\u1ec7c c\u00e0i \u0111\u1eb7t v\u00e0 k\u00edch ho\u1ea1t UFW\/iptables l\u00e0 m\u1ed9t trong nh\u1eefng y\u00eau c\u1ea7u b\u1eaft bu\u1ed9c \u0111\u1ec3 \u0111\u1ea1t \u0111i\u1ec3m chu\u1ea9n an to\u00e0n th\u00f4ng tin.<\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Uu-diem-va-nhuoc-diem-khi-su-dung-cong-cu-UFW\"><\/span>\u01afu \u0111i\u1ec3m v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m khi s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 UFW<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c hi\u1ec3u r\u00f5 hai m\u1eb7t c\u1ee7a c\u00f4ng c\u1ee5 UFW gi\u00fap ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb ra quy\u1ebft \u0111\u1ecbnh ch\u00ednh x\u00e1c khi tri\u1ec3n khai tr\u00ean h\u1ec7 th\u1ed1ng Production.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uu-diem-cua-UFW\"><\/span>\u01afu \u0111i\u1ec3m c\u1ee7a UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>C\u00fa ph\u00e1p d\u1ec5 nh\u1edb (User-friendly syntax):<\/strong> C\u00e1c l\u1ec7nh s\u1eed d\u1ee5ng t\u1eeb kh\u00f3a ti\u1ebfng Anh \u0111\u01a1n gi\u1ea3n nh\u01b0 allow (cho ph\u00e9p), deny (ch\u1eb7n), limit (gi\u1edbi h\u1ea1n).<\/li>\n<li><strong>Thi\u1ebft l\u1eadp nhanh:<\/strong> H\u1ed7 tr\u1ee3 t\u00ednh n\u0103ng &#8220;Application Profiles&#8221;. V\u00ed d\u1ee5: khi b\u1ea1n c\u00e0i \u0111\u1eb7t Nginx, UFW t\u1ef1 \u0111\u1ed9ng nh\u1eadn di\u1ec7n profile &#8220;Nginx Full&#8221;, b\u1ea1n ch\u1ec9 c\u1ea7n k\u00edch ho\u1ea1t profile n\u00e0y thay v\u00ec m\u1edf t\u1eebng c\u1ed5ng th\u1ee7 c\u00f4ng.<\/li>\n<li><strong>T\u00edch h\u1ee3p Logging:<\/strong> C\u00f4ng c\u1ee5 UFW cung c\u1ea5p kh\u1ea3 n\u0103ng ghi nh\u1eadt k\u00fd (logging) d\u1ec5 d\u00e0ng b\u1eadt\/t\u1eaft, gi\u00fap qu\u1ea3n tr\u1ecb vi\u00ean theo d\u00f5i c\u00e1c k\u1ebft n\u1ed1i b\u1ecb ch\u1eb7n ho\u1eb7c \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn.<\/li>\n<li><strong>Kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng:<\/strong> D\u00f9 \u0111\u01a1n gi\u1ea3n, UFW v\u1eabn cho ph\u00e9p c\u1ea5u h\u00ecnh c\u00e1c file text th\u1ee7 c\u00f4ng (\/etc\/ufw\/before.rules) \u0111\u1ec3 can thi\u1ec7p s\u00e2u h\u01a1n n\u1ebfu c\u1ea7n.<\/li>\n<\/ul>\n<h3><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38324\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Uu-diem-va-nhuoc-diem-khi-su-dung-UFW.jpg\" alt=\"\u01afu \u0111i\u1ec3m v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m khi s\u1eed d\u1ee5ng UFW\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Uu-diem-va-nhuoc-diem-khi-su-dung-UFW.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Uu-diem-va-nhuoc-diem-khi-su-dung-UFW-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Uu-diem-va-nhuoc-diem-khi-su-dung-UFW-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Nhuoc-diem-cua-UFW\"><\/span>Nh\u01b0\u1ee3c \u0111i\u1ec3m c\u1ee7a UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>\u00cdt linh ho\u1ea1t h\u01a1n iptables thu\u1ea7n:<\/strong> UFW \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf cho c\u00e1c t\u00e1c v\u1ee5 ph\u1ed5 bi\u1ebfn. \u0110\u1ed1i v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng m\u1ea1ng ph\u1ee9c t\u1ea1p y\u00eau c\u1ea7u NAT (Network Address Translation) n\u00e2ng cao, mangle packet ho\u1eb7c \u0111\u1ecbnh tuy\u1ebfn g\u00f3i tin d\u1ef1a tr\u00ean n\u1ed9i dung (packet content), UFW s\u1ebd b\u1ed9c l\u1ed9 h\u1ea1n ch\u1ebf.<\/li>\n<li><strong>Kh\u00f3 kh\u0103n trong vi\u1ec7c Debug chi ti\u1ebft:<\/strong> Do l\u00e0 l\u1edbp v\u1ecf b\u1ecdc, \u0111\u00f4i khi l\u1ed7i ph\u00e1t sinh t\u1eeb t\u1ea7ng d\u01b0\u1edbi (iptables) nh\u01b0ng UFW ch\u1ec9 b\u00e1o l\u1ed7i chung chung, g\u00e2y kh\u00f3 kh\u0103n cho vi\u1ec7c ch\u1ea9n \u0111o\u00e1n chuy\u00ean s\u00e2u.<\/li>\n<li><strong>Kh\u00f4ng ph\u00f9 h\u1ee3p cho Gateway Router ph\u1ee9c t\u1ea1p:<\/strong> N\u1ebfu b\u1ea1n \u0111ang x\u00e2y d\u1ef1ng m\u1ed9t server \u0111\u00f3ng vai tr\u00f2 l\u00e0 Router ch\u00ednh cho c\u1ea3 m\u1ed9t h\u1ec7 th\u1ed1ng m\u1ea1ng l\u1edbn v\u1edbi h\u00e0ng tr\u0103m rule \u0111i\u1ec1u h\u01b0\u1edbng, UFW c\u00f3 th\u1ec3 kh\u00f4ng ph\u1ea3i l\u00e0 l\u1ef1a ch\u1ecdn t\u1ed1i \u01b0u v\u1ec1 m\u1eb7t qu\u1ea3n l\u00fd.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"So-sanh-UFW-va-Iptables-Nen-dung-cai-nao\"><\/span>So s\u00e1nh UFW v\u00e0 Iptables: N\u00ean d\u00f9ng c\u00e1i n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00e2u h\u1ecfi &#8220;UFW vs Iptables&#8221; lu\u00f4n l\u00e0 ch\u1ee7 \u0111\u1ec1 tranh lu\u1eadn s\u00f4i n\u1ed5i. Th\u1ef1c t\u1ebf, ch\u00fang kh\u00f4ng \u0111\u1ed1i \u0111\u1ea7u nhau m\u00e0 l\u00e0 m\u1ed1i quan h\u1ec7 h\u1ed7 tr\u1ee3. Tuy nhi\u00ean, \u1edf g\u00f3c \u0111\u1ed9 ng\u01b0\u1eddi d\u00f9ng (User Experience), ch\u00fang ta c\u00f3 th\u1ec3 so s\u00e1nh nh\u01b0 sau:<\/p>\n<p>B\u1ea3ng so s\u00e1nh chi ti\u1ebft UFW vs Iptables:<\/p>\n<table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif; font-size: 14px; line-height: 1.6; box-shadow: 0 4px 12px rgba(0,0,0,0.08);\">\n<thead>\n<tr style=\"background: linear-gradient(90deg, #0C40F4, #077FFA, #0497FC); color: #ffffff;\">\n<th style=\"padding: 14px; border: 1px solid #e5e7eb; text-align: left;\">Ti\u00eau ch\u00ed<\/th>\n<th style=\"padding: 14px; border: 1px solid #e5e7eb; text-align: left;\">UFW (Uncomplicated Firewall)<\/th>\n<th style=\"padding: 14px; border: 1px solid #e5e7eb; text-align: left;\">Iptables (Netfilter tool)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"background-color: #f8faff;\">\n<td style=\"padding: 12px; border: 1px solid #e5e7eb; font-weight: 600;\">\u0110\u1ed9 kh\u00f3<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Th\u1ea5p &#8211; D\u00e0nh cho ng\u01b0\u1eddi m\u1edbi v\u00e0 Admin mu\u1ed1n s\u1ef1 nhanh g\u1ecdn.<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Cao &#8211; D\u00e0nh cho chuy\u00ean gia m\u1ea1ng.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb; font-weight: 600;\">C\u00fa ph\u00e1p<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Ng\u00f4n ng\u1eef t\u1ef1 nhi\u00ean (allow, deny).<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">C\u00fa ph\u00e1p k\u1ef9 thu\u1eadt, nhi\u1ec1u flags (-A, -p, -j).<\/td>\n<\/tr>\n<tr style=\"background-color: #f8faff;\">\n<td style=\"padding: 12px; border: 1px solid #e5e7eb; font-weight: 600;\">M\u1ee9c \u0111\u1ed9 ki\u1ec3m so\u00e1t<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Trung b\u00ecnh &#8211; \u0110\u1ee7 d\u00f9ng cho host-based firewall.<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">R\u1ea5t cao &#8211; Ki\u1ec3m so\u00e1t t\u1eebng bit trong g\u00f3i tin.<\/td>\n<\/tr>\n<tr>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb; font-weight: 600;\">R\u1ee7i ro l\u1ed7i<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Th\u1ea5p &#8211; \u00cdt kh\u1ea3 n\u0103ng c\u1ea5u h\u00ecnh sai nghi\u00eam tr\u1ecdng.<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Cao &#8211; D\u1ec5 g\u00e2y m\u1ea5t k\u1ebft n\u1ed1i n\u1ebfu thi\u1ebfu kinh nghi\u1ec7m.<\/td>\n<\/tr>\n<tr style=\"background-color: #f8faff;\">\n<td style=\"padding: 12px; border: 1px solid #e5e7eb; font-weight: 600;\">C\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Ch\u1eb7n t\u1ea5t c\u1ea3 chi\u1ec1u v\u00e0o, m\u1edf t\u1ea5t c\u1ea3 chi\u1ec1u ra (Safe default).<\/td>\n<td style=\"padding: 12px; border: 1px solid #e5e7eb;\">Ch\u1ea5p nh\u1eadn t\u1ea5t c\u1ea3 (Accept all) cho \u0111\u1ebfn khi c\u00f3 rule.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38325\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/So-sanh-UFW-va-Iptables.jpg\" alt=\"So s\u00e1nh UFW v\u00e0 Iptables\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/So-sanh-UFW-va-Iptables.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/So-sanh-UFW-va-Iptables-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/So-sanh-UFW-va-Iptables-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Truong-hop-nen-dung-UFW\"><\/span>Tr\u01b0\u1eddng h\u1ee3p n\u00ean d\u00f9ng UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Qu\u1ea3n tr\u1ecb vi\u00ean c\u1ea5u h\u00ecnh VPS \u0111\u01a1n l\u1ebb (Web Server, Database Server).<\/li>\n<li>Ng\u01b0\u1eddi m\u1edbi l\u00e0m quen v\u1edbi Linux ho\u1eb7c Ubuntu.<\/li>\n<li>C\u00e1c m\u00f4i tr\u01b0\u1eddng Dev\/Test c\u1ea7n tri\u1ec3n khai nhanh.<\/li>\n<li>H\u1ec7 th\u1ed1ng kh\u00f4ng y\u00eau c\u1ea7u \u0111\u1ecbnh tuy\u1ebfn g\u00f3i tin ph\u1ee9c t\u1ea1p.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Truong-hop-nen-dung-Iptables-hoac-Nftables\"><\/span>Tr\u01b0\u1eddng h\u1ee3p n\u00ean d\u00f9ng Iptables (ho\u1eb7c Nftables)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Qu\u1ea3n tr\u1ecb vi\u00ean m\u1ea1ng (Network Engineer) c\u1ea7n x\u00e2y d\u1ef1ng Gateway, Router m\u1ec1m.<\/li>\n<li>H\u1ec7 th\u1ed1ng y\u00eau c\u1ea7u c\u00e1c rule l\u1ecdc g\u00f3i tin d\u1ef1a tr\u00ean tr\u1ea1ng th\u00e1i ph\u1ee9c t\u1ea1p ho\u1eb7c s\u1eeda \u0111\u1ed5i g\u00f3i tin (packet mangling).<\/li>\n<li>Khi c\u1ea7n t\u1ed1i \u01b0u h\u00f3a hi\u1ec7u su\u1ea5t c\u1ef1c cao cho c\u00e1c h\u1ec7 th\u1ed1ng ch\u1ecbu t\u1ea3i l\u1edbn (High Load), vi\u1ec7c vi\u1ebft rule tr\u1ef1c ti\u1ebfp \u0111\u00f4i khi gi\u00fap gi\u1ea3m thi\u1ec3u \u0111\u1ed9 tr\u1ec5 d\u00f9 r\u1ea5t nh\u1ecf.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Khi-nao-ban-nen-su-dung-UFW\"><\/span>Khi n\u00e0o b\u1ea1n n\u00ean s\u1eed d\u1ee5ng UFW?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>D\u1ef1a tr\u00ean kinh nghi\u1ec7m tri\u1ec3n khai h\u1ea1 t\u1ea7ng t\u1ea1i <strong>InterData<\/strong>, ch\u00fang t\u00f4i khuy\u1ebfn ngh\u1ecb s\u1eed d\u1ee5ng UFW trong c\u00e1c ng\u1eef c\u1ea3nh sau:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"VPS-ca-nhan-va-Blog\"><\/span>VPS c\u00e1 nh\u00e2n v\u00e0 Blog<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n \u0111ang v\u1eadn h\u00e0nh m\u1ed9t blog WordPress, m\u1ed9t trang web c\u00e1 nh\u00e2n ho\u1eb7c m\u1ed9t server ch\u1ea1y Docker \u0111\u01a1n gi\u1ea3n, <strong>ufw cho vps<\/strong> l\u00e0 l\u1ef1a ch\u1ecdn s\u1ed1 1. N\u00f3 \u0111\u1ee7 m\u1ea1nh \u0111\u1ec3 ch\u1eb7n c\u00e1c cu\u1ed9c d\u00f2 qu\u00e9t c\u1ed5ng (port scanning) v\u00e0 ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p m\u00e0 kh\u00f4ng t\u1ed1n t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Server-chay-WebApp-pho-bien\"><\/span>Server ch\u1ea1y Web\/App ph\u1ed5 bi\u1ebfn<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng ti\u00eau chu\u1ea9n nh\u01b0 Nginx, Apache, Node.js, MySQL,&#8230; C\u00f4ng c\u1ee5 UFW \u0111\u00e1p \u1ee9ng ho\u00e0n h\u1ea3o nhu c\u1ea7u m\u1edf\/\u0111\u00f3ng port. Kh\u1ea3 n\u0103ng rate limiting (gi\u1edbi h\u1ea1n t\u1ed1c \u0111\u1ed9 k\u1ebft n\u1ed1i) c\u1ee7a UFW c\u0169ng h\u1ed7 tr\u1ee3 t\u1ed1t vi\u1ec7c ng\u0103n ch\u1eb7n Bruteforce attack v\u00e0o c\u1ed5ng SSH (Port 22).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Moi-truong-khong-yeu-cau-rule-phuc-tap\"><\/span>M\u00f4i tr\u01b0\u1eddng kh\u00f4ng y\u00eau c\u1ea7u rule ph\u1ee9c t\u1ea1p<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong c\u00e1c m\u00f4 h\u00ecnh ki\u1ebfn tr\u00fac Microservices hi\u1ec7n \u0111\u1ea1i, t\u01b0\u1eddng l\u1eeda th\u01b0\u1eddng \u0111\u01b0\u1ee3c x\u1eed l\u00fd \u1edf l\u1edbp ngo\u00e0i (Cloud Firewall c\u1ee7a nh\u00e0 cung c\u1ea5p) ho\u1eb7c l\u1edbp c\u00e2n b\u1eb1ng t\u1ea3i (Load Balancer). Khi \u0111\u00f3, firewall tr\u00ean t\u1eebng node server (Host-based firewall) ch\u1ec9 c\u1ea7n l\u00e0m nhi\u1ec7m v\u1ee5 c\u01a1 b\u1ea3n l\u00e0 whitelist IP n\u1ed9i b\u1ed9. UFW th\u1ef1c hi\u1ec7n vi\u1ec7c n\u00e0y r\u1ea5t g\u1ecdn g\u00e0ng v\u00e0 hi\u1ec7u qu\u1ea3.<\/p>\n<div class=\"highlight-cta-box\">\n<p>N\u1ebfu b\u1ea1n \u0111ang t\u00ecm m\u1ed9t<strong> d\u1ecbch v\u1ee5 VPS Linux<\/strong> \u1ed5n \u0111\u1ecbnh, d\u1ec5 qu\u1ea3n tr\u1ecb v\u00e0 t\u1ed1i \u01b0u chi ph\u00ed, VPS Linux c\u1ee7a InterData l\u00e0 l\u1ef1a ch\u1ecdn \u0111\u00e1ng c\u00e2n nh\u1eafc. H\u1ea1 t\u1ea7ng VPS s\u1eed d\u1ee5ng ph\u1ea7n c\u1ee9ng hi\u1ec7u n\u0103ng cao, \u1ed5 c\u1ee9ng SSD NVMe t\u1ed1c \u0111\u1ed9 nhanh, gi\u00fap website v\u00e0 \u1ee9ng d\u1ee5ng Linux v\u1eadn h\u00e0nh m\u01b0\u1ee3t m\u00e0, \u0111\u1ed9 tr\u1ec5 th\u1ea5p. Ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c to\u00e0n quy\u1ec1n root, d\u1ec5 d\u00e0ng c\u00e0i \u0111\u1eb7t UFW, iptables hay b\u1ea5t k\u1ef3 stack n\u00e0o theo nhu c\u1ea7u th\u1ef1c t\u1ebf. B\u00ean c\u1ea1nh \u0111\u00f3, InterData c\u00f2n c\u00f3 datacenter t\u1ea1i Vi\u1ec7t Nam, k\u1ebft n\u1ed1i n\u1ed9i \u0111\u1ecba nhanh, h\u1ed7 tr\u1ee3 k\u1ef9 thu\u1eadt 24\/7, ph\u00f9 h\u1ee3p cho c\u1ea3 c\u00e1 nh\u00e2n, doanh nghi\u1ec7p nh\u1ecf l\u1eabn SysAdmin qu\u1ea3n l\u00fd nhi\u1ec1u server.<\/p>\n<div><a href=\"https:\/\/interdata.vn\/vps-linux\" class=\"button primary is-primary is-medium\"  >\n\t\t<span>Tham kh\u1ea3o c\u1ea5u h\u00ecnh VPS Linux t\u1ea1i InterData<\/span>\n\t<\/a>\n<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Dieu-kien-can-co-truoc-khi-cai-dat-UFW\"><\/span>\u0110i\u1ec1u ki\u1ec7n c\u1ea7n c\u00f3 tr\u01b0\u1edbc khi c\u00e0i \u0111\u1eb7t UFW<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Tr\u01b0\u1edbc khi ti\u1ebfn h\u00e0nh c\u00e0i \u0111\u1eb7t UFW, h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n c\u1ea7n \u0111\u00e1p \u1ee9ng m\u1ed9t s\u1ed1 y\u00eau c\u1ea7u c\u01a1 b\u1ea3n sau:<\/p>\n<ul>\n<li><strong>H\u1ec7 \u0111i\u1ec1u h\u00e0nh:<\/strong> B\u1ea5t k\u1ef3 b\u1ea3n ph\u00e2n ph\u1ed1i Linux n\u00e0o \u0111ang \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t v\u00e0 s\u1eed d\u1ee5ng tr\u00ean m\u00e1y<\/li>\n<li><strong>Quy\u1ec1n truy c\u1eadp:<\/strong> C\u00f3 quy\u1ec1n <strong>root<\/strong> ho\u1eb7c s\u1eed d\u1ee5ng \u0111\u01b0\u1ee3c l\u1ec7nh <strong>sudo<\/strong><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Huong-dan-cai-dat-UFW-tren-cac-he-dieu-hanh-Linux-pho-bien\"><\/span>H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t UFW tr\u00ean c\u00e1c h\u1ec7 \u0111i\u1ec1u h\u00e0nh Linux ph\u1ed5 bi\u1ebfn<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 c\u00e1c l\u1ec7nh gi\u00fap c\u1ea5u h\u00ecnh firewall ubuntu nhanh ch\u00f3ng:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-UFW-tren-Ubuntu\"><\/span>C\u00e0i \u0111\u1eb7t UFW tr\u00ean Ubuntu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Theo m\u1eb7c \u0111\u1ecbnh, UFW \u0111\u00e3 \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u1eb5n tr\u00ean h\u1ea7u h\u1ebft c\u00e1c b\u1ea3n ph\u00e2n ph\u1ed1i d\u1ef1a tr\u00ean Ubuntu. Trong tr\u01b0\u1eddng h\u1ee3p UFW \u0111\u00e3 b\u1ecb g\u1ee1 b\u1ecf tr\u01b0\u1edbc \u0111\u00f3, b\u1ea1n c\u00f3 th\u1ec3 c\u00e0i \u0111\u1eb7t l\u1ea1i b\u1eb1ng c\u00e1ch ch\u1ea1y l\u1ec7nh sau:<\/p>\n<div><code># apt-get install ufw -y<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-UFW-tren-Debian\"><\/span>C\u00e0i \u0111\u1eb7t UFW tr\u00ean Debian<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 c\u00e0i \u0111\u1eb7t UFW tr\u00ean Debian, b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<div><code># apt-get install ufw -y<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cai-dat-UFW-tren-CentOS\"><\/span>C\u00e0i \u0111\u1eb7t UFW tr\u00ean CentOS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1eb7c \u0111\u1ecbnh, UFW kh\u00f4ng c\u00f3 s\u1eb5n trong kho ph\u1ea7n m\u1ec1m c\u1ee7a CentOS. Do \u0111\u00f3, tr\u01b0\u1edbc ti\u00ean b\u1ea1n c\u1ea7n c\u00e0i \u0111\u1eb7t kho <strong>EPEL<\/strong> v\u00e0o h\u1ec7 th\u1ed1ng b\u1eb1ng l\u1ec7nh:<\/p>\n<div><code># yum install epel-release -y<br \/>\n<\/code><\/div>\n<p>Sau khi kho EPEL \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t, ti\u1ebfn h\u00e0nh c\u00e0i UFW v\u1edbi l\u1ec7nh:<\/p>\n<div><code># yum install --enablerepo=\"epel\" ufw -y<br \/>\n<\/code><\/div>\n<p>Sau khi c\u00e0i \u0111\u1eb7t xong, b\u1ea1n c\u1ea7n kh\u1edfi \u0111\u1ed9ng UFW v\u00e0 thi\u1ebft l\u1eadp \u0111\u1ec3 firewall t\u1ef1 \u0111\u1ed9ng ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng l\u1ec7nh:<\/p>\n<div><code># ufw enable<br \/>\n<\/code><\/div>\n<p>Ti\u1ebfp theo, ki\u1ec3m tra tr\u1ea1ng th\u00e1i c\u1ee7a UFW \u0111\u1ec3 x\u00e1c nh\u1eadn d\u1ecbch v\u1ee5 \u0111ang ch\u1ea1y:<\/p>\n<div><code># ufw status<br \/>\n<\/code><\/div>\n<p>K\u1ebft qu\u1ea3 hi\u1ec3n th\u1ecb:<\/p>\n<div><code>Status: active<br \/>\n<\/code><\/div>\n<p>Trong tr\u01b0\u1eddng h\u1ee3p b\u1ea1n mu\u1ed1n t\u1eaft UFW, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ec7nh sau:<\/p>\n<div><code># ufw disable<br \/>\n<\/code><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Cac-quy-tac-va-lenh-UFW-thuong-dung-trong-thuc-te\"><\/span>C\u00e1c quy t\u1eafc v\u00e0 l\u1ec7nh UFW th\u01b0\u1eddng d\u00f9ng trong th\u1ef1c t\u1ebf<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Kiem-tra-trang-thai-UFW-dang-bat-hay-tat\"><\/span>Ki\u1ec3m tra tr\u1ea1ng th\u00e1i UFW \u0111ang b\u1eadt hay t\u1eaft<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 ki\u1ec3m tra xem UFW hi\u1ec7n t\u1ea1i c\u00f3 \u0111ang ho\u1ea1t \u0111\u1ed9ng hay kh\u00f4ng, b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh sau:<\/p>\n<pre>sudo ufw status\r\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38327\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Kiem-tra-ufw-co-bat-hay-khong.png\" alt=\"Ki\u1ec3m tra ufw c\u00f3 b\u1eadt hay kh\u00f4ng\" width=\"336\" height=\"32\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Kiem-tra-ufw-co-bat-hay-khong.png 336w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Kiem-tra-ufw-co-bat-hay-khong-300x29.png 300w\" sizes=\"auto, (max-width: 336px) 100vw, 336px\" \/><\/pre>\n<p>Qua k\u1ebft qu\u1ea3 tr\u1ea3 v\u1ec1, ta c\u00f3 th\u1ec3 th\u1ea5y r\u1eb1ng UFW v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c b\u1eadt.<\/p>\n<p><strong>C\u00e1ch b\u1eadt UFW tr\u00ean Ubuntu:<\/strong><\/p>\n<p>\u0110\u1ec3 k\u00edch ho\u1ea1t b\u1eadt UFW, b\u1ea1n ch\u1ea1y l\u1ec7nh:<\/p>\n<div><code>sudo ufw enable<br \/>\n<\/code><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38328\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Bat-UFW.png\" alt=\"B\u1eadt UFW\" width=\"623\" height=\"48\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Bat-UFW.png 623w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Bat-UFW-300x23.png 300w\" sizes=\"auto, (max-width: 623px) 100vw, 623px\" \/><\/div>\n<p>Sau khi th\u1ef1c hi\u1ec7n, h\u1ec7 th\u1ed1ng s\u1ebd b\u1eadt firewall UFW.<\/p>\n<p>B\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra l\u1ea1i tr\u1ea1ng th\u00e1i b\u1eb1ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw status<br \/>\n<\/code><\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38329\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xem-tren-ufw-chan-hoac-cho-phep-nhung-gi.png\" alt=\"xem tr\u00ean ufw ch\u1eb7n ho\u1eb7c cho ph\u00e9p nh\u1eefng g\u00ec\" width=\"296\" height=\"30\" title=\"\"><\/div>\n<p>L\u00fac n\u00e0y, UFW \u0111\u00e3 \u0111\u01b0\u1ee3c b\u1eadt v\u00e0 b\u1eaft \u0111\u1ea7u \u00e1p d\u1ee5ng c\u00e1c quy t\u1eafc firewall.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cach-tat-UFW-khi-can-thiet\"><\/span>C\u00e1ch t\u1eaft UFW khi c\u1ea7n thi\u1ebft<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Trong tr\u01b0\u1eddng h\u1ee3p c\u1ea7n t\u1ea1m th\u1eddi v\u00f4 hi\u1ec7u h\u00f3a UFW, b\u1ea1n d\u00f9ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw disable<br \/>\n<\/code><\/div>\n<p>L\u1ec7nh n\u00e0y s\u1ebd t\u1eaft to\u00e0n b\u1ed9 c\u00e1c quy t\u1eafc firewall \u0111ang \u00e1p d\u1ee5ng.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38330\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/tat-UFW.png\" alt=\"t\u1eaft UFW\" width=\"397\" height=\"31\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/tat-UFW.png 397w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/tat-UFW-300x23.png 300w\" sizes=\"auto, (max-width: 397px) 100vw, 397px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Chan-mot-dia-chi-IP-cu-the-bang-UFW\"><\/span>Ch\u1eb7n m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u1ee5 th\u1ec3 b\u1eb1ng UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u00ed d\u1ee5, \u0111\u1ec3 ch\u1eb7n \u0111\u1ecba ch\u1ec9 IP <strong>172.16.1.222<\/strong>, b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw deny from [ip mu\u1ed1n ch\u1eb7n]\n<\/code><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38331\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Chan-dia-chi-IP.png\" alt=\"Ch\u1eb7n \u0111\u1ecba ch\u1ec9 IP\" width=\"399\" height=\"31\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Chan-dia-chi-IP.png 399w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Chan-dia-chi-IP-300x23.png 300w\" sizes=\"auto, (max-width: 399px) 100vw, 399px\" \/><\/div>\n<p>Sau \u0111\u00f3, b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra l\u1ea1i danh s\u00e1ch c\u00e1c rule \u0111ang \u00e1p d\u1ee5ng b\u1eb1ng:<\/p>\n<div><code>sudo ufw status<br \/>\n<\/code><\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38332\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xem-IP-da-chan.png\" alt=\"xem IP \u0111\u00e3 ch\u1eb7n\" width=\"416\" height=\"100\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xem-IP-da-chan.png 416w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xem-IP-da-chan-300x72.png 300w\" sizes=\"auto, (max-width: 416px) 100vw, 416px\" \/><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Chan-mot-mang-con-subnet-bang-UFW\"><\/span>Ch\u1eb7n m\u1ed9t m\u1ea1ng con (subnet) b\u1eb1ng UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu b\u1ea1n mu\u1ed1n ch\u1eb7n to\u00e0n b\u1ed9 m\u1ea1ng con <strong>172.16.10.0\/24<\/strong>, h\u00e3y d\u00f9ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw deny from [m\u1ea1ng con mu\u1ed1n ch\u1eb7n]\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Chan-ket-noi-tu-IP-den-mot-Network-Interface-cu-the\"><\/span>Ch\u1eb7n k\u1ebft n\u1ed1i t\u1eeb IP \u0111\u1ebfn m\u1ed9t Network Interface c\u1ee5 th\u1ec3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 ch\u1eb7n c\u00e1c k\u1ebft n\u1ed1i t\u1eeb m\u1ed9t IP \u0111\u1ebfn interface <strong>eth0<\/strong>, b\u1ea1n ch\u1ea1y l\u1ec7nh:<\/p>\n<div><code>sudo ufw deny in on eth0 from [ip mu\u1ed1n ch\u1eb7n]\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cho-phep-mot-dia-chi-IP-duoc-ket-noi\"><\/span>Cho ph\u00e9p m\u1ed9t \u0111\u1ecba ch\u1ec9 IP \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u00ed d\u1ee5, \u0111\u1ec3 cho ph\u00e9p IP <strong>172.16.1.30<\/strong> k\u1ebft n\u1ed1i \u0111\u1ebfn server, b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw allow from [IP mu\u1ed1n cho ph\u00e9p]\n<\/code><\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38333\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-cac-IP-ket-noi.png\" alt=\"Cho ph\u00e9p c\u00e1c IP k\u1ebft n\u1ed1i\" width=\"411\" height=\"30\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-cac-IP-ket-noi.png 411w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-cac-IP-ket-noi-300x22.png 300w\" sizes=\"auto, (max-width: 411px) 100vw, 411px\" \/><\/div>\n<p>Sau \u0111\u00f3, ki\u1ec3m tra l\u1ea1i c\u00e1c rule b\u1eb1ng:<\/p>\n<div><code>sudo ufw status<br \/>\n<\/code><\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38334\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Dung-lenh-sau-de-xem-ket-noi-ip.png\" alt=\"D\u00f9ng l\u1ec7nh sau \u0111\u1ec3 xem k\u1ebft n\u1ed1i ip\" width=\"444\" height=\"134\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Dung-lenh-sau-de-xem-ket-noi-ip.png 444w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Dung-lenh-sau-de-xem-ket-noi-ip-300x91.png 300w\" sizes=\"auto, (max-width: 444px) 100vw, 444px\" \/><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cho-phep-IP-ket-noi-thong-qua-Network-Interface-cu-the\"><\/span>Cho ph\u00e9p IP k\u1ebft n\u1ed1i th\u00f4ng qua Network Interface c\u1ee5 th\u1ec3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 cho ph\u00e9p IP <strong>172.16.1.222<\/strong> k\u1ebft n\u1ed1i th\u00f4ng qua interface <strong>eth0<\/strong>, b\u1ea1n d\u00f9ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw allow in on eth0 from [ip]\n<\/code><\/div>\n<p>Ki\u1ec3m tra l\u1ea1i c\u00e1c rule \u0111\u00e3 \u00e1p d\u1ee5ng:<\/p>\n<div><code>sudo ufw status<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cach-xoa-cac-quy-tac-UFW-da-thiet-lap\"><\/span>C\u00e1ch x\u00f3a c\u00e1c quy t\u1eafc UFW \u0111\u00e3 thi\u1ebft l\u1eadp<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 x\u00f3a m\u1ed9t rule \u0111\u00e3 cho ph\u00e9p IP <strong>172.16.1.30<\/strong> k\u1ebft n\u1ed1i tr\u01b0\u1edbc \u0111\u00f3, b\u1ea1n s\u1eed d\u1ee5ng:<\/p>\n<div><code>sudo ufw delete allow from [IP]\n<\/code><\/div>\n<p>Nh\u01b0 v\u1eady, quy t\u1eafc n\u00e0y \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00f3a th\u00e0nh c\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Xoa-quy-tac-UFW-theo-ID\"><\/span>X\u00f3a quy t\u1eafc UFW theo ID<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ngo\u00e0i c\u00e1ch x\u00f3a tr\u1ef1c ti\u1ebfp, b\u1ea1n c\u0169ng c\u00f3 th\u1ec3 x\u00f3a rule d\u1ef1a tr\u00ean <strong>ID<\/strong> c\u1ee7a quy t\u1eafc.<\/p>\n<p>Tr\u01b0\u1edbc ti\u00ean, li\u1ec7t k\u00ea danh s\u00e1ch rule k\u00e8m ID:<\/p>\n<div><code>sudo ufw status numbered<br \/>\n<\/code><\/div>\n<div><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38335\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/dung-ID-cua-cac-quy-tac-de-xoa.png\" alt=\"d\u00f9ng ID c\u1ee7a c\u00e1c quy t\u1eafc \u0111\u1ec3 x\u00f3a\" width=\"532\" height=\"156\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/dung-ID-cua-cac-quy-tac-de-xoa.png 532w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/dung-ID-cua-cac-quy-tac-de-xoa-300x88.png 300w\" sizes=\"auto, (max-width: 532px) 100vw, 532px\" \/><\/div>\n<p>Sau khi xem danh s\u00e1ch, \u0111\u1ec3 x\u00f3a rule c\u00f3 <strong>ID = 1<\/strong>, b\u1ea1n ch\u1ea1y:<\/p>\n<div><code>sudo ufw delete 1<br \/>\n<\/code><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38336\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xoa-quy-tac-theo-ID.png\" alt=\"x\u00f3a quy t\u1eafc theo ID\" width=\"323\" height=\"79\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xoa-quy-tac-theo-ID.png 323w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/xoa-quy-tac-theo-ID-300x73.png 300w\" sizes=\"auto, (max-width: 323px) 100vw, 323px\" \/><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Liet-ke-cac-ung-dung-co-san-trong-UFW\"><\/span>Li\u1ec7t k\u00ea c\u00e1c \u1ee9ng d\u1ee5ng c\u00f3 s\u1eb5n trong UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 xem c\u00e1c c\u1ea5u h\u00ecnh \u1ee9ng d\u1ee5ng m\u00e0 UFW h\u1ed7 tr\u1ee3 s\u1eb5n, s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw app list<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cach-cho-phep-ket-noi-SSH-bang-UFW\"><\/span>C\u00e1ch cho ph\u00e9p k\u1ebft n\u1ed1i SSH b\u1eb1ng UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cho ph\u00e9p t\u1ea5t c\u1ea3 c\u00e1c k\u1ebft n\u1ed1i SSH th\u00f4ng qua c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh:<\/p>\n<div><code>sudo ufw allow OpenSSH<br \/>\n<\/code><\/div>\n<p>Ho\u1eb7c ch\u1ec9 \u0111\u1ecbnh tr\u1ef1c ti\u1ebfp c\u1ed5ng SSH (m\u1eb7c \u0111\u1ecbnh l\u00e0 22):<\/p>\n<div><code>sudo ufw allow 22<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cho-phep-SSH-tu-IP-hoac-mang-con-cu-the\"><\/span>Cho ph\u00e9p SSH t\u1eeb IP ho\u1eb7c m\u1ea1ng con c\u1ee5 th\u1ec3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 ch\u1ec9 cho ph\u00e9p SSH t\u1eeb IP <strong>172.16.1.31<\/strong>, b\u1ea1n d\u00f9ng l\u1ec7nh:<\/p>\n<div><code>sudo ufw allow from 172.16.1.31 proto tcp to any port 22<br \/>\n<\/code><\/div>\n<p>Cho ph\u00e9p to\u00e0n b\u1ed9 m\u1ea1ng con <strong>172.16.1.0\/24<\/strong> k\u1ebft n\u1ed1i SSH:<\/p>\n<div><code>sudo ufw allow from 172.16.1.0\/24 proto tcp to any port 22<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cho-phep-Rsync-tu-IP-hoac-mang-con-cu-the\"><\/span>Cho ph\u00e9p Rsync t\u1eeb IP ho\u1eb7c m\u1ea1ng con c\u1ee5 th\u1ec3<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Rsync l\u00e0 c\u00f4ng c\u1ee5 \u0111\u1ed3ng b\u1ed9 d\u1eef li\u1ec7u, th\u01b0\u1eddng s\u1eed d\u1ee5ng c\u1ed5ng <strong>873<\/strong>.<\/p>\n<p>Cho ph\u00e9p IP <strong>172.16.1.31<\/strong> k\u1ebft n\u1ed1i Rsync:<\/p>\n<div><code>sudo ufw allow from 172.16.1.31 to any port 873<br \/>\n<\/code><\/div>\n<p>Cho ph\u00e9p to\u00e0n b\u1ed9 m\u1ea1ng con <strong>172.16.1.0\/24<\/strong> k\u1ebft n\u1ed1i Rsync:<\/p>\n<div><code>sudo ufw allow from 172.16.1.0\/24 to any port 873<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cho-phep-Nginx-HTTP-va-HTTPS-qua-UFW\"><\/span>Cho ph\u00e9p Nginx HTTP v\u00e0 HTTPS qua UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Tr\u01b0\u1edbc ti\u00ean, ki\u1ec3m tra c\u00e1c profile Nginx c\u00f3 s\u1eb5n:<\/p>\n<div><code>sudo ufw app list | grep Nginx<br \/>\n<\/code><\/div>\n<div><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-38337\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-Nginx-HTTP-HTTPS.png\" alt=\"Cho ph\u00e9p Nginx HTTP, HTTPS\" width=\"438\" height=\"64\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-Nginx-HTTP-HTTPS.png 438w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/01\/Cho-phep-Nginx-HTTP-HTTPS-300x44.png 300w\" sizes=\"auto, (max-width: 438px) 100vw, 438px\" \/><\/div>\n<div><\/div>\n<p>Cho ph\u00e9p c\u1ea3 HTTP v\u00e0 HTTPS (c\u1ed5ng 80 v\u00e0 443):<\/p>\n<div><code>sudo ufw allow \"Nginx Full\"<br \/>\n<\/code><\/div>\n<p>Ch\u1ec9 cho ph\u00e9p HTTP (c\u1ed5ng 80):<\/p>\n<div><code>sudo ufw allow http<br \/>\n<\/code><\/div>\n<p>Ch\u1ec9 cho ph\u00e9p HTTPS (c\u1ed5ng 443):<\/p>\n<div><code>sudo ufw allow https<br \/>\n<\/code><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Nhung-diem-can-dac-biet-luu-y-khi-lam-viec-voi-UFW-va-iptables\"><\/span>Nh\u1eefng \u0111i\u1ec3m c\u1ea7n \u0111\u1eb7c bi\u1ec7t l\u01b0u \u00fd khi l\u00e0m vi\u1ec7c v\u1edbi UFW v\u00e0 iptables<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Luu-y-ve-rule-mac-dinh-khi-bat-hoac-tat-UFW\"><\/span>L\u01b0u \u00fd v\u1ec1 rule m\u1eb7c \u0111\u1ecbnh khi b\u1eadt ho\u1eb7c t\u1eaft UFW<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t \u0111i\u1ec3m quan tr\u1ecdng c\u1ea7n ghi nh\u1edb l\u00e0 <strong>khi b\u1eadt ho\u1eb7c t\u1eaft UFW, c\u00e1c rule m\u1eb7c \u0111\u1ecbnh c\u1ee7a c\u00e1c chain trong iptables s\u1ebd thay \u0111\u1ed5i<\/strong>. V\u00ed d\u1ee5, khi <strong>disable UFW<\/strong>, c\u00e1c chain <strong>INPUT<\/strong> v\u00e0 <strong>OUTPUT<\/strong> s\u1ebd c\u00f3 rule m\u1eb7c \u0111\u1ecbnh l\u00e0 <strong>ACCEPT<\/strong>. Ng\u01b0\u1ee3c l\u1ea1i, khi <strong>UFW \u0111\u01b0\u1ee3c b\u1eadt<\/strong>, c\u00e1c rule m\u1eb7c \u0111\u1ecbnh n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp theo ch\u00ednh s\u00e1ch m\u00e0 UFW \u00e1p d\u1ee5ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Can-luu-cau-hinh-truoc-khi-ap-dung-iptables\"><\/span>C\u1ea7n l\u01b0u c\u1ea5u h\u00ecnh tr\u01b0\u1edbc khi \u00e1p d\u1ee5ng iptables<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Khi thao t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi <strong>iptables<\/strong>, b\u1ea1n kh\u00f4ng n\u00ean \u00e1p d\u1ee5ng c\u1ea5u h\u00ecnh ngay m\u00e0 c\u1ea7n <strong>l\u01b0u l\u1ea1i to\u00e0n b\u1ed9 rule v\u00e0o m\u1ed9t file<\/strong>. Sau \u0111\u00f3, c\u1ea5u h\u00ecnh firewall s\u1ebd \u0111\u01b0\u1ee3c n\u1ea1p l\u1ea1i t\u1eeb file n\u00e0y \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh nh\u1ea5t qu\u00e1n v\u00e0 tr\u00e1nh l\u1ed7i ngo\u00e0i \u00fd mu\u1ed1n.<\/p>\n<p>Tr\u01b0\u1edbc ti\u00ean, t\u1ea1o m\u1ed9t th\u01b0 m\u1ee5c \u0111\u1ec3 l\u01b0u c\u00e1c file c\u1ea5u h\u00ecnh iptables:<\/p>\n<div><code>mkdir \/etc\/iptables<br \/>\n<\/code><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Cach-luu-va-khoi-phuc-cau-hinh-iptables\"><\/span>C\u00e1ch l\u01b0u v\u00e0 kh\u00f4i ph\u1ee5c c\u1ea5u h\u00ecnh iptables<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sau khi ho\u00e0n t\u1ea5t vi\u1ec7c c\u1ea5u h\u00ecnh iptables, b\u1ea1n l\u01b0u to\u00e0n b\u1ed9 rule hi\u1ec7n t\u1ea1i v\u00e0o m\u1ed9t file b\u1eb1ng l\u1ec7nh:<\/p>\n<div><code>iptables-save &gt; \/etc\/iptables\/rules.v4<br \/>\n<\/code><\/div>\n<p>Khi c\u1ea7n \u00e1p d\u1ee5ng l\u1ea1i c\u1ea5u h\u00ecnh \u0111\u00e3 l\u01b0u, b\u1ea1n s\u1eed d\u1ee5ng l\u1ec7nh:<\/p>\n<div><code>iptables-restore &lt; \/etc\/iptables\/rules.v4<br \/>\n<\/code><\/div>\n<p>C\u00e1ch l\u00e0m n\u00e0y gi\u00fap \u0111\u1ea3m b\u1ea3o c\u00e1c rule firewall \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng \u0111\u00fang nh\u01b0 c\u1ea5u h\u00ecnh ban \u0111\u1ea7u.<\/p>\n<p>Theo m\u1eb7c \u0111\u1ecbnh, <strong>iptables<\/strong> ch\u1ec9 c\u00f3 ba chain ch\u00ednh l\u00e0 <strong>INPUT<\/strong>, <strong>OUTPUT<\/strong> v\u00e0 <strong>FORWARD<\/strong>. Tuy nhi\u00ean, khi b\u1ea1n c\u00e0i \u0111\u1eb7t v\u00e0 s\u1eed d\u1ee5ng <strong>UFW<\/strong>, h\u1ec7 th\u1ed1ng s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o th\u00eam nhi\u1ec1u chain kh\u00e1c. C\u00e1c chain n\u00e0y \u0111\u01b0\u1ee3c sinh ra d\u1ef1a tr\u00ean n\u1ed9i dung c\u1ea5u h\u00ecnh n\u1eb1m trong th\u01b0 m\u1ee5c <strong>\/etc\/ufw<\/strong>, v\u00e0 \u0111\u01b0\u1ee3c UFW s\u1eed d\u1ee5ng \u0111\u1ec3 qu\u1ea3n l\u00fd firewall m\u1ed9t c\u00e1ch \u0111\u01a1n gi\u1ea3n h\u01a1n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cau-hoi-thuong-gap-FAQs\"><\/span>C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p (FAQs)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 gi\u1ea3i \u0111\u00e1p cho nh\u1eefng th\u1eafc m\u1eafc ph\u1ed5 bi\u1ebfn c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u1ec1 UFW:<\/p>\n<p><strong>1. UFW c\u00f3 an to\u00e0n kh\u00f4ng?<\/strong><\/p>\n<p>C\u00f3. UFW s\u1eed d\u1ee5ng ch\u00ednh n\u1ec1n t\u1ea3ng Netfilter b\u00ean trong nh\u00e2n Linux \u2013 c\u00f4ng ngh\u1ec7 b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c ki\u1ec3m ch\u1ee9ng qua h\u00e0ng th\u1eadp k\u1ef7. S\u1eed d\u1ee5ng UFW kh\u00f4ng l\u00e0m gi\u1ea3m \u0111i t\u00ednh b\u1ea3o m\u1eadt so v\u1edbi vi\u1ec7c d\u00f9ng iptables tr\u1ef1c ti\u1ebfp, mi\u1ec5n l\u00e0 b\u1ea1n c\u1ea5u h\u00ecnh \u0111\u00fang nguy\u00ean t\u1eafc (ch\u1eb7n m\u1eb7c \u0111\u1ecbnh, ch\u1ec9 m\u1edf nh\u1eefng g\u00ec c\u1ea7n thi\u1ebft).<\/p>\n<p><strong>2. UFW c\u00f3 thay th\u1ebf ho\u00e0n to\u00e0n iptables kh\u00f4ng?<\/strong><\/p>\n<p>Kh\u00f4ng ho\u00e0n to\u00e0n. UFW l\u00e0 giao di\u1ec7n qu\u1ea3n l\u00fd. Tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng Linux hi\u1ec7n \u0111\u1ea1i, iptables \u0111ang d\u1ea7n \u0111\u01b0\u1ee3c thay th\u1ebf b\u1edfi nftables. UFW hi\u1ec7n t\u1ea1i c\u0169ng \u0111\u00e3 h\u1ed7 tr\u1ee3 backend l\u00e0 nftables. V\u00ec v\u1eady, c\u00f3 th\u1ec3 n\u00f3i UFW l\u00e0 c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd thay th\u1ebf cho vi\u1ec7c g\u00f5 l\u1ec7nh iptables, ch\u1ee9 kh\u00f4ng thay th\u1ebf c\u00f4ng ngh\u1ec7 l\u1ecdc g\u00f3i tin b\u00ean d\u01b0\u1edbi.<\/p>\n<p><strong>3. D\u00f9ng UFW c\u00f3 l\u00e0m ch\u1eadm server kh\u00f4ng?<\/strong><\/p>\n<p>Kh\u00f4ng \u0111\u00e1ng k\u1ec3. UFW ch\u1ec9 l\u00e0 c\u00f4ng c\u1ee5 t\u1ea1o rule. Vi\u1ec7c x\u1eed l\u00fd g\u00f3i tin do nh\u00e2n Linux \u0111\u1ea3m nhi\u1ec7m. \u1ea2nh h\u01b0\u1edfng \u0111\u1ebfn hi\u1ec7u su\u1ea5t CPU v\u00e0 RAM l\u00e0 c\u1ef1c k\u1ef3 th\u1ea5p, g\u1ea7n nh\u01b0 b\u1eb1ng kh\u00f4ng \u0111\u1ed1i v\u1edbi c\u00e1c server hi\u1ec7n \u0111\u1ea1i.<\/p>\n<p><strong>4. UFW c\u00f3 ph\u00f9 h\u1ee3p cho production kh\u00f4ng?<\/strong><\/p>\n<p>Ho\u00e0n to\u00e0n ph\u00f9 h\u1ee3p. R\u1ea5t nhi\u1ec1u h\u1ec7 th\u1ed1ng Production l\u1edbn v\u1eabn s\u1eed d\u1ee5ng UFW \u0111\u1ec3 qu\u1ea3n l\u00fd b\u1ea3o m\u1eadt m\u1ee9c Host (Host-level security) nh\u1edd s\u1ef1 \u1ed5n \u0111\u1ecbnh v\u00e0 d\u1ec5 b\u1ea3o tr\u00ec c\u1ee7a n\u00f3.<\/p>\n<p><strong>5. Ng\u01b0\u1eddi m\u1edbi h\u1ecdc Linux c\u00f3 n\u00ean d\u00f9ng UFW?<\/strong><\/p>\n<p>R\u1ea5t n\u00ean. \u0110\u00e2y l\u00e0 b\u01b0\u1edbc \u0111\u1ec7m tuy\u1ec7t v\u1eddi \u0111\u1ec3 hi\u1ec3u v\u1ec1 kh\u00e1i ni\u1ec7m port, protocol, allow\/deny tr\u01b0\u1edbc khi \u0111i s\u00e2u v\u00e0o c\u00e1c ki\u1ebfn th\u1ee9c m\u1ea1ng ph\u1ee9c t\u1ea1p h\u01a1n.<\/p>\n<p><strong>6. T\u00f4i l\u1ee1 tay b\u1eadt UFW m\u00e0 qu\u00ean allow SSH, ph\u1ea3i l\u00e0m sao?<\/strong><\/p>\n<p>\u0110\u00e2y l\u00e0 l\u1ed7i th\u01b0\u1eddng g\u1eb7p. N\u1ebfu b\u1ea1n d\u00f9ng VPS t\u1ea1i <strong>InterData<\/strong> ho\u1eb7c c\u00e1c nh\u00e0 cung c\u1ea5p kh\u00e1c, b\u1ea1n c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o t\u00ednh n\u0103ng <strong>Console\/VNC<\/strong> (m\u00e0n h\u00ecnh \u0111i\u1ec1u khi\u1ec3n tr\u1ef1c ti\u1ebfp qua tr\u00ecnh duy\u1ec7t) \u0111\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0 t\u1eaft UFW b\u1eb1ng l\u1ec7nh sudo ufw disable, sau \u0111\u00f3 c\u1ea5u h\u00ecnh l\u1ea1i rule SSH.<\/p>\n<p>UFW (Uncomplicated Firewall) l\u00e0 minh ch\u1ee9ng cho tri\u1ebft l\u00fd &#8220;\u0110\u01a1n gi\u1ea3n l\u00e0 s\u1ee9c m\u1ea1nh&#8221; c\u1ee7a Linux. N\u00f3 lo\u1ea1i b\u1ecf s\u1ef1 ph\u1ee9c t\u1ea1p kh\u00f4ng c\u1ea7n thi\u1ebft, gi\u00fap qu\u1ea3n tr\u1ecb vi\u00ean t\u1eadp trung v\u00e0o m\u1ee5c ti\u00eau quan tr\u1ecdng nh\u1ea5t: <strong>B\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng<\/strong>.<\/p>\n<p>D\u00f9 b\u1ea1n l\u00e0 m\u1ed9t sinh vi\u00ean \u0111ang t\u1eadp t\u00e0nh qu\u1ea3n tr\u1ecb m\u1ea1ng hay m\u1ed9t SysAdmin qu\u1ea3n l\u00fd h\u00e0ng ch\u1ee5c server, vi\u1ec7c n\u1eafm v\u1eefng <strong>UFW l\u00e0 g\u00ec<\/strong> v\u00e0 c\u00e1ch s\u1eed d\u1ee5ng n\u00f3 l\u00e0 k\u1ef9 n\u0103ng b\u1eaft bu\u1ed9c. Tuy nhi\u00ean, h\u00e3y lu\u00f4n nh\u1edb nguy\u00ean t\u1eafc v\u00e0ng: <strong>Lu\u00f4n cho ph\u00e9p k\u1ebft n\u1ed1i SSH tr\u01b0\u1edbc khi b\u1eadt t\u01b0\u1eddng l\u1eeda<\/strong> \u0111\u1ec3 tr\u00e1nh t\u1ef1 nh\u1ed1t m\u00ecnh \u1edf ngo\u00e0i.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>UFW l\u00e0 g\u00ec\u00a0v\u00e0 t\u1ea1i sao n\u00f3 l\u1ea1i tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 kh\u00f4ng th\u1ec3 thi\u1ebfu \u0111\u1ed1i v\u1edbi qu\u1ea3n tr\u1ecb vi\u00ean h\u1ec7 th\u1ed1ng Linux? T\u1ea1i\u00a0InterData, ch\u00fang t\u00f4i nh\u1eadn th\u1ea5y r\u1eb1ng vi\u1ec7c b\u1ea3o m\u1eadt VPS ngay t\u1eeb b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean l\u00e0 y\u1ebfu t\u1ed1 then ch\u1ed1t \u0111\u1ec3 v\u1eadn h\u00e0nh h\u1ec7 th\u1ed1ng \u1ed5n \u0111\u1ecbnh. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd ph\u00e2n t\u00edch<\/p>\n","protected":false},"author":11,"featured_media":38326,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[84],"tags":[],"class_list":["post-38310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cong-cu-phan-mem"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/38310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=38310"}],"version-history":[{"count":3,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/38310\/revisions"}],"predecessor-version":[{"id":38344,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/38310\/revisions\/38344"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/38326"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=38310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=38310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=38310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}