{"id":40304,"date":"2026-03-16T15:35:07","date_gmt":"2026-03-16T08:35:07","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=40304"},"modified":"2026-03-16T15:35:07","modified_gmt":"2026-03-16T08:35:07","slug":"huong-dan-cau-hinh-iptables-cho-vps","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/","title":{"rendered":"H\u01b0\u1edbng D\u1eabn C\u1ea5u H\u00ecnh Iptables Cho VPS: M\u1edf Port &#038; Ch\u1eb7n IP (2026)"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Hieu-cac-thanh-phan-cot-loi-cua-Iptables-truoc-khi-go-lenh\" >Hi\u1ec3u c\u00e1c th\u00e0nh ph\u1ea7n c\u1ed1t l\u00f5i c\u1ee7a Iptables tr\u01b0\u1edbc khi g\u00f5 l\u1ec7nh<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Huong-dan-cau-hinh-iptables-cho-VPS-6-buoc-thiet-lap-an-toan\" >H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh iptables cho VPS: 6 b\u01b0\u1edbc thi\u1ebft l\u1eadp an to\u00e0n<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-1-Lam-sao-de-kiem-tra-backup-va-xoa-rules-iptables-cu\" >B\u01b0\u1edbc 1: L\u00e0m sao \u0111\u1ec3 ki\u1ec3m tra, backup v\u00e0 x\u00f3a rules iptables c\u0169?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-2-Thiet-lap-rule-giu-ket-noi-SSH-Port-22-%E2%80%94-Lam-truoc-khong-co-ngoai-le\" >B\u01b0\u1edbc 2: Thi\u1ebft l\u1eadp rule gi\u1eef k\u1ebft n\u1ed1i SSH (Port 22) \u2014 L\u00e0m tr\u01b0\u1edbc, kh\u00f4ng c\u00f3 ngo\u1ea1i l\u1ec7<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-3-Cau-hinh-quy-tac-nen-tang-Loopback-va-ESTABLISHED\" >B\u01b0\u1edbc 3: C\u1ea5u h\u00ecnh quy t\u1eafc n\u1ec1n t\u1ea3ng (Loopback v\u00e0 ESTABLISHED)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-4-Cach-mo-cac-port-dich-vu-thiet-yeu-Web-Database-bang-iptables\" >B\u01b0\u1edbc 4: C\u00e1ch m\u1edf c\u00e1c port d\u1ecbch v\u1ee5 thi\u1ebft y\u1ebfu (Web, Database) b\u1eb1ng iptables?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-5-Chuyen-chinh-sach-mac-dinh-Default-Policy-sang-DROP\" >B\u01b0\u1edbc 5: Chuy\u1ec3n ch\u00ednh s\u00e1ch m\u1eb7c \u0111\u1ecbnh (Default Policy) sang DROP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Buoc-6-Lam-the-nao-de-luu-rules-iptables-vinh-vien-khong-bi-mat-khi-Reboot\" >B\u01b0\u1edbc 6: L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 l\u01b0u rules iptables v\u0129nh vi\u1ec5n kh\u00f4ng b\u1ecb m\u1ea5t khi Reboot?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Cac-lenh-iptables-nang-cao-cho-viec-xu-ly-su-co-mang\" >C\u00e1c l\u1ec7nh iptables n\u00e2ng cao cho vi\u1ec7c x\u1eed l\u00fd s\u1ef1 c\u1ed1 m\u1ea1ng<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Cach-chan-1-dia-chi-IP-hoac-dai-IP-xau-bang-iptables\" >C\u00e1ch ch\u1eb7n 1 \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c d\u1ea3i IP x\u1ea5u b\u1eb1ng iptables?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Cach-xoa-mot-rule-iptables-cu-the-khi-go-sai-cau-hinh\" >C\u00e1ch x\u00f3a m\u1ed9t rule iptables c\u1ee5 th\u1ec3 khi g\u00f5 sai c\u1ea5u h\u00ecnh?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#VPS-InterData-%E2%80%94-Moi-truong-thuc-hanh-iptables-ly-tuong\" >VPS InterData \u2014 M\u00f4i tr\u01b0\u1eddng th\u1ef1c h\u00e0nh iptables l\u00fd t\u01b0\u1edfng<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#FAQs-%E2%80%94-Cau-hoi-thuong-gap-ve-cau-hinh-iptables-VPS\" >FAQs \u2014 C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 c\u1ea5u h\u00ecnh iptables VPS<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Tai-sao-iptables-khong-chan-duoc-port-cua-Docker-container\" >T\u1ea1i sao iptables kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c port c\u1ee7a Docker container?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Iptables-co-gay-giam-toc-do-mang-cua-VPS-khong\" >Iptables c\u00f3 g\u00e2y gi\u1ea3m t\u1ed1c \u0111\u1ed9 m\u1ea1ng c\u1ee7a VPS kh\u00f4ng?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Co-nen-dung-UFW-hoac-Firewalld-thay-cho-iptables-khong\" >C\u00f3 n\u00ean d\u00f9ng UFW ho\u1eb7c Firewalld thay cho iptables kh\u00f4ng?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/huong-dan-cau-hinh-iptables-cho-vps\/#Lam-sao-de-phuc-hoi-iptables-tu-file-backup\" >L\u00e0m sao \u0111\u1ec3 ph\u1ee5c h\u1ed3i iptables t\u1eeb file backup?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><!-- OVERVIEW BLOCK (tr\u01b0\u1edbc H1) --><\/p>\n<div class=\"summary\">\n<p><strong>T\u00f3m t\u1eaft nhanh:<\/strong> C\u1ea5u h\u00ecnh iptables cho VPS l\u00e0 qu\u00e1 tr\u00ecnh thi\u1ebft l\u1eadp b\u1ed9 quy t\u1eafc (rules) ki\u1ec3m so\u00e1t lu\u1ed3ng d\u1eef li\u1ec7u ra v\u00e0o m\u00e1y ch\u1ee7 Linux th\u00f4ng qua c\u00f4ng c\u1ee5 t\u01b0\u1eddng l\u1eeda netfilter t\u00edch h\u1ee3p s\u1eb5n trong kernel. M\u1ed7i g\u00f3i tin \u0111i qua VPS s\u1ebd \u0111\u01b0\u1ee3c \u0111\u1ed1i chi\u1ebfu v\u1edbi c\u00e1c chain INPUT, OUTPUT, FORWARD theo th\u1ee9 t\u1ef1 t\u1eeb tr\u00ean xu\u1ed1ng \u2014 n\u1ebfu kh\u1edbp rule n\u00e0o th\u00ec th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng t\u01b0\u01a1ng \u1ee9ng (ACCEPT ho\u1eb7c DROP). Qu\u1ea3n tr\u1ecb vi\u00ean n\u1eafm \u0111\u01b0\u1ee3c quy tr\u00ecnh n\u00e0y s\u1ebd b\u1ea3o v\u1ec7 \u0111\u01b0\u1ee3c VPS kh\u1ecfi brute-force, port scan v\u00e0 c\u00e1c k\u1ebft n\u1ed1i kh\u00f4ng mong mu\u1ed1n.<\/p>\n<ul>\n<li>Lu\u00f4n m\u1edf port SSH (22) <em>tr\u01b0\u1edbc<\/em> khi \u00e1p d\u1ee5ng default policy DROP \u2014 sai th\u1ee9 t\u1ef1 n\u00e0y l\u00e0 nguy\u00ean nh\u00e2n s\u1ed1 m\u1ed9t g\u00e2y lockout.<\/li>\n<li>Ba chain c\u1ea7n n\u1eafm: INPUT (ki\u1ec3m so\u00e1t k\u1ebft n\u1ed1i \u0111\u1ebfn VPS), OUTPUT (k\u1ebft n\u1ed1i ra), FORWARD (chuy\u1ec3n ti\u1ebfp gi\u1eefa c\u00e1c interface).<\/li>\n<li>Rules iptables kh\u00f4ng t\u1ef1 l\u01b0u khi reboot \u2014 ph\u1ea3i d\u00f9ng <code>iptables-persistent<\/code> (Ubuntu\/Debian) ho\u1eb7c <code>iptables-save<\/code> (CentOS\/AlmaLinux) \u0111\u1ec3 gi\u1eef c\u1ea5u h\u00ecnh.<\/li>\n<li>D\u00f9ng <code>iptables -I<\/code> (Insert) thay v\u00ec <code>-A<\/code> (Append) khi ch\u1eb7n IP kh\u1ea9n c\u1ea5p \u2014 \u0111\u1ec3 rule ch\u1eb7n n\u1eb1m tr\u00ean c\u00f9ng v\u00e0 c\u00f3 hi\u1ec7u l\u1ef1c ngay.<\/li>\n<li>IPv6 kh\u00f4ng ch\u1ecbu s\u1ef1 qu\u1ea3n l\u00fd c\u1ee7a iptables \u2014 c\u1ea7n c\u1ea5u h\u00ecnh song song b\u1eb1ng <code>ip6tables<\/code> v\u1edbi c\u00fa ph\u00e1p t\u01b0\u01a1ng \u0111\u01b0\u01a1ng.<\/li>\n<\/ul>\n<p><strong>L\u01b0u \u00fd quan tr\u1ecdng:<\/strong> To\u00e0n b\u1ed9 h\u01b0\u1edbng d\u1eabn trong b\u00e0i \u00e1p d\u1ee5ng cho IPv4. N\u1ebfu VPS s\u1eed d\u1ee5ng \u0111\u1ecba ch\u1ec9 IPv6, h\u00e3y th\u1ef1c hi\u1ec7n song song v\u1edbi c\u00f4ng c\u1ee5 <code>ip6tables<\/code>.<\/p>\n<\/div>\n<p><!-- INTRODUCTION HOOK (kh\u00f4ng heading) --><\/p>\n<p>M\u1ed9t VPS m\u1edbi thu\u00ea \u2014 ch\u01b0a \u0111\u1ed9ng tay v\u00e0o b\u1ea5t c\u1ee9 c\u1ea5u h\u00ecnh t\u01b0\u1eddng l\u1eeda n\u00e0o \u2014 m\u1eb7c \u0111\u1ecbnh ph\u01a1i h\u00e0ng ng\u00e0n port ra ngo\u00e0i internet. C\u00e1c bot scan t\u1ef1 \u0111\u1ed9ng ph\u00e1t hi\u1ec7n ra \u0111i\u1ec1u \u0111\u00f3 trong v\u00f2ng v\u00e0i ph\u00fat. Kh\u00f4ng ph\u1ea3i v\u00e0i gi\u1edd, kh\u00f4ng ph\u1ea3i v\u00e0i ng\u00e0y \u2014 v\u00e0i ph\u00fat. \u0110\u00e2y kh\u00f4ng ph\u1ea3i \u01b0\u1edbc t\u00ednh: honeypot server \u0111\u1eb7t t\u1ea1i c\u00e1c datacenter ch\u00e2u \u00c1 th\u01b0\u1eddng ghi nh\u1eadn SSH brute-force \u0111\u1ea7u ti\u00ean trong v\u00f2ng 15 ph\u00fat sau khi \u0111\u1ecba ch\u1ec9 IP xu\u1ea5t hi\u1ec7n tr\u00ean internet.<\/p>\n<p>Ng\u01b0\u1eddi d\u00f9ng bi\u1ebft c\u1ea7n c\u1ea5u h\u00ecnh iptables cho VPS, nh\u01b0ng c\u00fa ph\u00e1p d\u00f2ng l\u1ec7nh kh\u00f4ng tr\u1ef1c quan v\u00e0 c\u00e1i gi\u00e1 c\u1ee7a vi\u1ec7c g\u00f5 sai \u2014 b\u1ecb kh\u00f3a ho\u00e0n to\u00e0n kh\u1ecfi SSH ch\u00ednh VPS c\u1ee7a m\u00ecnh \u2014 \u0111\u1ee7 \u0111\u1ec3 l\u00e0m ng\u01b0\u1eddi m\u1edbi e ng\u1ea1i. B\u00e0i vi\u1ebft n\u00e0y t\u1eeb InterData \u0111i th\u1eb3ng v\u00e0o quy tr\u00ecnh 6 b\u01b0\u1edbc an to\u00e0n: m\u1edf port c\u1ea7n thi\u1ebft tr\u01b0\u1edbc, \u0111\u00f3ng m\u1ecdi th\u1ee9 c\u00f2n l\u1ea1i sau. T\u1ea5t c\u1ea3 l\u1ec7nh \u0111\u1ec1u c\u00f3 gi\u1ea3i th\u00edch t\u1eebng tham s\u1ed1, s\u1eb5n s\u00e0ng copy-paste.<\/p>\n<p><!-- H2: TH\u00c0NH PH\u1ea6N C\u1ed0T L\u00d5I --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Hieu-cac-thanh-phan-cot-loi-cua-Iptables-truoc-khi-go-lenh\"><\/span>Hi\u1ec3u c\u00e1c th\u00e0nh ph\u1ea7n c\u1ed1t l\u00f5i c\u1ee7a Iptables tr\u01b0\u1edbc khi g\u00f5 l\u1ec7nh<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Iptables ho\u1ea1t \u0111\u1ed9ng theo m\u00f4 h\u00ecnh chain \u2014 t\u1eebng g\u00f3i tin m\u1ea1ng \u0111i v\u00e0o VPS s\u1ebd b\u1ecb &#8220;ch\u1eb7n l\u1ea1i&#8221; t\u1ea1i m\u1ed9t chain t\u01b0\u01a1ng \u1ee9ng v\u00e0 \u0111\u01b0\u1ee3c \u0111\u1ed1i chi\u1ebfu v\u1edbi danh s\u00e1ch rules t\u1eeb tr\u00ean xu\u1ed1ng d\u01b0\u1edbi. Rule \u0111\u1ea7u ti\u00ean kh\u1edbp s\u1ebd quy\u1ebft \u0111\u1ecbnh s\u1ed1 ph\u1eadn g\u00f3i tin \u0111\u00f3. Kh\u00f4ng c\u00f3 rule n\u00e0o kh\u1edbp th\u00ec m\u1edbi \u00e1p d\u1ee5ng <em>default policy<\/em> c\u1ee7a chain.<\/p>\n<p>Ba chain c\u1ea7n bi\u1ebft ngay:<\/p>\n<ul>\n<li><strong>INPUT<\/strong> \u2014 Ki\u1ec3m so\u00e1t t\u1ea5t c\u1ea3 k\u1ebft n\u1ed1i <em>\u0111\u1ebfn<\/em> VPS. \u0110\u00e2y l\u00e0 chain quan tr\u1ecdng nh\u1ea5t khi c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt, v\u00ec n\u00f3 quy\u1ebft \u0111\u1ecbnh ai \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i v\u00e0o SSH, web server, database.<\/li>\n<li><strong>OUTPUT<\/strong> \u2014 Ki\u1ec3m so\u00e1t k\u1ebft n\u1ed1i <em>ra<\/em> t\u1eeb VPS. Th\u01b0\u1eddng \u0111\u01b0\u1ee3c \u0111\u1ec3 ACCEPT m\u1eb7c \u0111\u1ecbnh \u0111\u1ec3 VPS c\u00f3 th\u1ec3 t\u1ea3i update, k\u1ebft n\u1ed1i API b\u00ean ngo\u00e0i.<\/li>\n<li><strong>FORWARD<\/strong> \u2014 X\u1eed l\u00fd g\u00f3i tin \u0111i qua VPS m\u00e0 kh\u00f4ng c\u00f3 \u0111\u00edch \u0111\u1ebfn t\u1ea1i ch\u00ednh VPS \u0111\u00f3. Tr\u01b0\u1eddng h\u1ee3p ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0 VPS l\u00e0m gateway ho\u1eb7c VPN server.<\/li>\n<\/ul>\n<p>Sau khi chain x\u1eed l\u00fd, m\u1ed7i rule s\u1ebd k\u1ebft th\u00fac b\u1eb1ng m\u1ed9t <em>target<\/em> \u2014 h\u00e0nh \u0111\u1ed9ng th\u1ef1c hi\u1ec7n v\u1edbi g\u00f3i tin:<\/p>\n<table>\n<thead>\n<tr>\n<th>Target<\/th>\n<th>H\u00e0nh vi v\u1edbi g\u00f3i tin<\/th>\n<th>Ph\u00eda attacker nh\u00ecn th\u1ea5y g\u00ec<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>ACCEPT<\/strong><\/td>\n<td>Cho ph\u00e9p \u0111i qua<\/td>\n<td>K\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng<\/td>\n<\/tr>\n<tr>\n<td><strong>DROP<\/strong><\/td>\n<td>V\u1ee9t b\u1ecf \u00e2m th\u1ea7m, kh\u00f4ng ph\u1ea3n h\u1ed3i<\/td>\n<td>Timeout \u2014 kh\u00f4ng bi\u1ebft port m\u1edf hay \u0111\u00f3ng<\/td>\n<\/tr>\n<tr>\n<td><strong>REJECT<\/strong><\/td>\n<td>T\u1eeb ch\u1ed1i v\u00e0 g\u1eedi th\u00f4ng b\u00e1o l\u1ed7i<\/td>\n<td>Nh\u1eadn \u0111\u01b0\u1ee3c &#8220;Connection refused&#8221; \u2014 x\u00e1c nh\u1eadn port \u0111ang t\u1ed3n t\u1ea1i<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>V\u1ec1 m\u1eb7t b\u1ea3o m\u1eadt, <strong>DROP lu\u00f4n \u0111\u01b0\u1ee3c \u01b0u ti\u00ean h\u01a1n REJECT<\/strong> cho chain INPUT. L\u00fd do th\u1ef1c d\u1ee5ng: REJECT th\u00f4ng b\u00e1o cho scanner bi\u1ebft ch\u00ednh x\u00e1c port n\u00e0o t\u1ed3n t\u1ea1i tr\u00ean VPS \u2014 th\u00f4ng tin \u0111\u00f3 c\u00f3 gi\u00e1 tr\u1ecb trong vi\u1ec7c l\u1eadp b\u1ea3n \u0111\u1ed3 t\u1ea5n c\u00f4ng. DROP im l\u1eb7ng ho\u00e0n to\u00e0n, t\u1ed1n th\u00eam th\u1eddi gian v\u00e0 t\u00e0i nguy\u00ean ph\u00eda attacker khi qu\u00e9t.<\/p>\n<figure id=\"attachment_40312\" aria-describedby=\"caption-attachment-40312\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40312\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/So-do-luong-xu-ly-packet-INPUT-\u2192-chain-\u2192-rule-\u2192-target.webp\" alt=\"S\u01a1 \u0111\u1ed3 lu\u1ed3ng x\u1eed l\u00fd packet (INPUT \u2192 chain \u2192 rule \u2192 target)\" width=\"800\" height=\"537\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/So-do-luong-xu-ly-packet-INPUT-\u2192-chain-\u2192-rule-\u2192-target.webp 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/So-do-luong-xu-ly-packet-INPUT-\u2192-chain-\u2192-rule-\u2192-target-300x201.webp 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/So-do-luong-xu-ly-packet-INPUT-\u2192-chain-\u2192-rule-\u2192-target-768x516.webp 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-40312\" class=\"wp-caption-text\">S\u01a1 \u0111\u1ed3 lu\u1ed3ng x\u1eed l\u00fd packet (INPUT \u2192 chain \u2192 rule \u2192 target)<\/figcaption><\/figure>\n<p><!-- H2: 6 B\u01af\u1edaC THI\u1ebeT L\u1eacP --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Huong-dan-cau-hinh-iptables-cho-VPS-6-buoc-thiet-lap-an-toan\"><\/span>H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh iptables cho VPS: 6 b\u01b0\u1edbc thi\u1ebft l\u1eadp an to\u00e0n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Th\u1ef1c hi\u1ec7n \u0111\u00fang th\u1ee9 t\u1ef1 d\u01b0\u1edbi \u0111\u00e2y \u2014 kh\u00f4ng nh\u1ea3y b\u01b0\u1edbc. C\u1ea5u tr\u00fac c\u1ee7a quy tr\u00ecnh n\u00e0y c\u00f3 ch\u1ee7 \u00fd: b\u01b0\u1edbc n\u00e0o c\u0169ng l\u00e0 n\u1ec1n t\u1ea3ng c\u1ee7a b\u01b0\u1edbc ti\u1ebfp theo. N\u1ebfu mu\u1ed1n th\u1ef1c h\u00e0nh l\u1ea7n \u0111\u1ea7u m\u00e0 kh\u00f4ng mu\u1ed1n r\u1ee7i ro, h\u00e3y d\u00f9ng m\u1ed9t VPS InterData m\u1edbi \u2014 sai th\u00ec rebuild l\u1ea1i ch\u1ec9 m\u1ea5t v\u00e0i ph\u00fat, kh\u00f4ng \u1ea3nh h\u01b0\u1edfng g\u00ec \u0111\u1ebfn m\u00f4i tr\u01b0\u1eddng production.<\/p>\n<p><!-- H3: B\u01af\u1edaC 1 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-1-Lam-sao-de-kiem-tra-backup-va-xoa-rules-iptables-cu\"><\/span>B\u01b0\u1edbc 1: L\u00e0m sao \u0111\u1ec3 ki\u1ec3m tra, backup v\u00e0 x\u00f3a rules iptables c\u0169?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 xem to\u00e0n b\u1ed9 rules \u0111ang t\u1ed3n t\u1ea1i tr\u00ean VPS, d\u00f9ng l\u1ec7nh sau \u2014 \u0111\u00e2y l\u00e0 \u0111i\u1ec3m xu\u1ea5t ph\u00e1t b\u1eaft bu\u1ed9c tr\u01b0\u1edbc khi thay \u0111\u1ed5i b\u1ea5t c\u1ee9 th\u1ee9 g\u00ec:<\/p>\n<pre><code>sudo iptables -L -v -n<\/code><\/pre>\n<p>Tham s\u1ed1 gi\u1ea3i th\u00edch: <code>-L<\/code> (List) li\u1ec7t k\u00ea t\u1ea5t c\u1ea3 rules, <code>-v<\/code> (verbose) hi\u1ec3n th\u1ecb th\u00eam th\u00f4ng tin nh\u01b0 s\u1ed1 g\u00f3i tin \u0111\u00e3 match, <code>-n<\/code> (numeric) hi\u1ec3n th\u1ecb \u0111\u1ecba ch\u1ec9 IP v\u00e0 port d\u01b0\u1edbi d\u1ea1ng s\u1ed1 thay v\u00ec c\u1ed1 resolve th\u00e0nh hostname \u2014 gi\u00fap output nhanh h\u01a1n v\u00e0 d\u1ec5 \u0111\u1ecdc h\u01a1n nhi\u1ec1u.<\/p>\n<figure id=\"attachment_40309\" aria-describedby=\"caption-attachment-40309\" style=\"width: 673px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40309\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-khi-chua-cau-hinh-iptables.png\" alt=\"Output l\u1ec7nh iptables -L -v -n khi ch\u01b0a c\u1ea5u h\u00ecnh iptables\" width=\"673\" height=\"148\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-khi-chua-cau-hinh-iptables.png 673w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-khi-chua-cau-hinh-iptables-300x66.png 300w\" sizes=\"auto, (max-width: 673px) 100vw, 673px\" \/><figcaption id=\"caption-attachment-40309\" class=\"wp-caption-text\">Output l\u1ec7nh iptables -L -v -n khi ch\u01b0a c\u1ea5u h\u00ecnh iptables<\/figcaption><\/figure>\n<p>Tr\u01b0\u1edbc khi x\u00f3a ho\u1eb7c thay \u0111\u1ed5i b\u1ea5t c\u1ee9 rule n\u00e0o, backup to\u00e0n b\u1ed9 c\u1ea5u h\u00ecnh hi\u1ec7n t\u1ea1i:<\/p>\n<pre><code>sudo iptables-save &gt; \/root\/iptables.bak<\/code><\/pre>\n<p>File <code>\/root\/iptables.bak<\/code> n\u00e0y l\u00e0 c\u1ee9u c\u00e1nh n\u1ebfu c\u1ea5u h\u00ecnh m\u1edbi l\u00e0m h\u1ecfng k\u1ebft n\u1ed1i. Sau \u0111\u00f3, x\u00f3a tr\u1eafng to\u00e0n b\u1ed9 rules c\u0169 b\u1eb1ng l\u1ec7nh Flush:<\/p>\n<pre><code>sudo iptables -F<\/code><\/pre>\n<p>L\u1ec7nh <code>-F<\/code> (Flush) x\u00f3a h\u1ebft rules trong t\u1ea5t c\u1ea3 chain nh\u01b0ng kh\u00f4ng thay \u0111\u1ed5i default policy. N\u1ebfu default policy hi\u1ec7n t\u1ea1i \u0111ang l\u00e0 DROP, vi\u1ec7c Flush m\u00e0 kh\u00f4ng thi\u1ebft l\u1eadp rule m\u1edbi ngay s\u1ebd c\u1eaft \u0111\u1ee9t SSH ngay l\u1eadp t\u1ee9c. \u0110\u00f3 l\u00e0 l\u00fd do c\u1ea7n l\u00e0m B\u01b0\u1edbc 2 ngay sau.<\/p>\n<p><!-- H3: B\u01af\u1edaC 2 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-2-Thiet-lap-rule-giu-ket-noi-SSH-Port-22-%E2%80%94-Lam-truoc-khong-co-ngoai-le\"><\/span>B\u01b0\u1edbc 2: Thi\u1ebft l\u1eadp rule gi\u1eef k\u1ebft n\u1ed1i SSH (Port 22) \u2014 L\u00e0m tr\u01b0\u1edbc, kh\u00f4ng c\u00f3 ngo\u1ea1i l\u1ec7<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>C\u1ea3nh b\u00e1o:<\/strong> \u0110\u00e2y l\u00e0 b\u01b0\u1edbc duy nh\u1ea5t trong to\u00e0n b\u1ed9 quy tr\u00ecnh c\u00f3 th\u1ec3 khi\u1ebfn b\u1ea1n m\u1ea5t quy\u1ec1n truy c\u1eadp VPS v\u0129nh vi\u1ec5n n\u1ebfu b\u1ecf qua. Ch\u1ea1y l\u1ec7nh n\u00e0y <em>tr\u01b0\u1edbc khi<\/em> l\u00e0m b\u1ea5t k\u1ef3 \u0111i\u1ec1u g\u00ec kh\u00e1c:<\/p>\n<pre><code>sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT<\/code><\/pre>\n<p>Gi\u1ea3i th\u00edch t\u1eebng tham s\u1ed1: <code>-A INPUT<\/code> (Append to INPUT chain) th\u00eam rule v\u00e0o cu\u1ed1i chain INPUT; <code>-p tcp<\/code> ch\u1ec9 \u00e1p d\u1ee5ng cho giao th\u1ee9c TCP; <code>--dport 22<\/code> (destination port) nh\u1eafm v\u00e0o c\u1ed5ng SSH m\u1eb7c \u0111\u1ecbnh; <code>-j ACCEPT<\/code> (jump to ACCEPT) cho ph\u00e9p g\u00f3i tin \u0111i qua.<\/p>\n<p>N\u1ebfu SSH server c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ed5i sang port kh\u00e1c (v\u00ed d\u1ee5 2222), h\u00e3y thay s\u1ed1 port t\u01b0\u01a1ng \u1ee9ng. Ch\u1ea1y l\u1ec7nh <code>ss -tlnp | grep sshd<\/code> \u0111\u1ec3 x\u00e1c nh\u1eadn port SSH \u0111ang ch\u1ea1y tr\u01b0\u1edbc khi ti\u1ebfn h\u00e0nh.<\/p>\n<p><!-- H3: B\u01af\u1edaC 3 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-3-Cau-hinh-quy-tac-nen-tang-Loopback-va-ESTABLISHED\"><\/span>B\u01b0\u1edbc 3: C\u1ea5u h\u00ecnh quy t\u1eafc n\u1ec1n t\u1ea3ng (Loopback v\u00e0 ESTABLISHED)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Hai rule ti\u1ebfp theo th\u01b0\u1eddng b\u1ecb ng\u01b0\u1eddi m\u1edbi b\u1ecf qua \u2014 v\u00e0 \u0111\u00f3 l\u00e0 nguy\u00ean nh\u00e2n khi\u1ebfn web server ch\u1ea1y \u0111\u01b0\u1ee3c nh\u01b0ng database kh\u00f4ng k\u1ebft n\u1ed1i \u0111\u01b0\u1ee3c, ho\u1eb7c VPS kh\u00f4ng t\u1ea3i \u0111\u01b0\u1ee3c update d\u00f9 \u0111\u00e3 m\u1edf port 80\/443.<\/p>\n<p>Rule th\u1ee9 nh\u1ea5t: cho ph\u00e9p loopback interface (lo) ho\u1ea1t \u0111\u1ed9ng t\u1ef1 do. Loopback l\u00e0 k\u00eanh giao ti\u1ebfp n\u1ed9i b\u1ed9 trong c\u00f9ng m\u1ed9t server \u2014 Nginx n\u00f3i chuy\u1ec7n v\u1edbi PHP-FPM qua \u0111\u00e2y, PHP-FPM k\u1ebft n\u1ed1i MySQL qua <code>127.0.0.1<\/code> c\u0169ng qua \u0111\u00e2y:<\/p>\n<pre><code>sudo iptables -A INPUT -i lo -j ACCEPT<\/code><\/pre>\n<p>Rule th\u1ee9 hai: cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i \u0111\u00e3 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp (ESTABLISHED) v\u00e0 k\u1ebft n\u1ed1i li\u00ean quan (RELATED) \u0111i v\u00e0o. Kh\u00f4ng c\u00f3 rule n\u00e0y, VPS c\u00f3 th\u1ec3 g\u1eedi request ra ngo\u00e0i nh\u01b0ng khi server t\u1eeb xa g\u1eedi d\u1eef li\u1ec7u tr\u1ea3 v\u1ec1 s\u1ebd b\u1ecb DROP \u2014 ngh\u0129a l\u00e0 <code>apt update<\/code>, <code>curl<\/code>, v\u00e0 h\u1ea7u h\u1ebft l\u1ec7nh m\u1ea1ng s\u1ebd b\u1ecb treo:<\/p>\n<pre><code>sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<\/code><\/pre>\n<p>Tham s\u1ed1 <code>-m state<\/code> g\u1ecdi module theo d\u00f5i tr\u1ea1ng th\u00e1i k\u1ebft n\u1ed1i c\u1ee7a netfilter; <code>--state ESTABLISHED,RELATED<\/code> ch\u1ec9 \u0111\u1ecbnh hai tr\u1ea1ng th\u00e1i \u0111\u01b0\u1ee3c ph\u00e9p.<\/p>\n<p><!-- H3: B\u01af\u1edaC 4 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-4-Cach-mo-cac-port-dich-vu-thiet-yeu-Web-Database-bang-iptables\"><\/span>B\u01b0\u1edbc 4: C\u00e1ch m\u1edf c\u00e1c port d\u1ecbch v\u1ee5 thi\u1ebft y\u1ebfu (Web, Database) b\u1eb1ng iptables?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 m\u1edf c\u00e1c port d\u1ecbch v\u1ee5 b\u1eb1ng iptables, d\u00f9ng l\u1ec7nh v\u1edbi tham s\u1ed1 <code>--dport<\/code> ch\u1ec9 \u0111\u1ecbnh port \u0111\u00edch t\u01b0\u01a1ng \u1ee9ng v\u1edbi t\u1eebng d\u1ecbch v\u1ee5. Sau khi \u0111\u00e3 c\u00f3 n\u1ec1n t\u1ea3ng an to\u00e0n t\u1eeb ba b\u01b0\u1edbc tr\u00ean, \u0111\u00e2y l\u00e0 c\u00e1c port c\u1ea7n m\u1edf cho web server:<\/p>\n<pre><code># M\u1edf port 80 (HTTP)\r\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\r\n\r\n# M\u1edf port 443 (HTTPS)\r\nsudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT<\/code><\/pre>\n<p>Hai l\u1ec7nh n\u00e0y \u00e1p d\u1ee5ng cho c\u1ea3 Nginx l\u1eabn Apache \u2014 kh\u00f4ng ph\u00e2n bi\u1ec7t web server \u0111ang ch\u1ea1y. N\u1ebfu VPS ch\u1ea1y MySQL v\u00e0 c\u1ea7n k\u1ebft n\u1ed1i t\u1eeb m\u00e1y ch\u1ee7 \u1ee9ng d\u1ee5ng kh\u00e1c trong c\u00f9ng m\u1ea1ng n\u1ed9i b\u1ed9, m\u1edf port 3306 nh\u01b0ng gi\u1edbi h\u1ea1n ch\u1ec9 cho IP n\u1ed9i b\u1ed9 c\u1ee5 th\u1ec3:<\/p>\n<pre><code># Ch\u1ec9 cho ph\u00e9p IP n\u1ed9i b\u1ed9 k\u1ebft n\u1ed1i MySQL\r\nsudo iptables -A INPUT -p tcp --dport 3306 -s 10.0.0.5 -j ACCEPT<\/code><\/pre>\n<p>Tham s\u1ed1 <code>-s 10.0.0.5<\/code> (source) gi\u1edbi h\u1ea1n rule ch\u1ec9 \u00e1p d\u1ee5ng cho g\u00f3i tin xu\u1ea5t ph\u00e1t t\u1eeb IP \u0111\u00f3. Kh\u00f4ng bao gi\u1edd m\u1edf port 3306 ra to\u00e0n b\u1ed9 internet n\u1ebfu kh\u00f4ng c\u00f3 l\u00fd do c\u1ef1c k\u1ef3 \u0111\u1eb7c bi\u1ec7t \u2014 \u0111\u00e2y l\u00e0 ngu\u1ed3n g\u1ed1c c\u1ee7a ph\u1ea7n l\u1edbn v\u1ee5 r\u00f2 r\u1ec9 database.<\/p>\n<p><!-- H3: B\u01af\u1edaC 5 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-5-Chuyen-chinh-sach-mac-dinh-Default-Policy-sang-DROP\"><\/span>B\u01b0\u1edbc 5: Chuy\u1ec3n ch\u00ednh s\u00e1ch m\u1eb7c \u0111\u1ecbnh (Default Policy) sang DROP<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 b\u01b0\u1edbc &#8220;\u0111\u00f3ng s\u1eadp&#8221; m\u1ecdi c\u1eeda c\u00f2n l\u1ea1i. Sau khi \u0111\u00e3 m\u1edf \u0111\u1ee7 c\u00e1c port c\u1ea7n thi\u1ebft \u1edf b\u1ed1n b\u01b0\u1edbc tr\u01b0\u1edbc, l\u00fac n\u00e0y m\u1edbi an to\u00e0n \u0111\u1ec3 chuy\u1ec3n default policy c\u1ee7a chain INPUT th\u00e0nh DROP:<\/p>\n<pre><code>sudo iptables -P INPUT DROP\r\nsudo iptables -P FORWARD DROP<\/code><\/pre>\n<p>Tham s\u1ed1 <code>-P<\/code> (Policy) \u0111\u1eb7t ch\u00ednh s\u00e1ch m\u1eb7c \u0111\u1ecbnh cho chain. Hai l\u1ec7nh tr\u00ean \u00e1p d\u1ee5ng cho c\u1ea3 INPUT l\u1eabn FORWARD \u2014 OUTPUT th\u01b0\u1eddng gi\u1eef nguy\u00ean ACCEPT \u0111\u1ec3 VPS c\u00f3 th\u1ec3 t\u1ef1 do k\u1ebft n\u1ed1i ra ngo\u00e0i.<\/p>\n<p><strong>C\u1ea3nh b\u00e1o m\u1ed9t l\u1ea7n n\u1eefa:<\/strong> N\u1ebfu b\u1ea1n ch\u01b0a l\u00e0m B\u01b0\u1edbc 2 (m\u1edf port 22), ho\u1eb7c SSH \u0111ang ch\u1ea1y tr\u00ean port kh\u00e1c nh\u01b0ng b\u1ea1n m\u1edf nh\u1ea7m port 22, l\u1ec7nh <code>-P INPUT DROP<\/code> s\u1ebd k\u1ebft th\u00fac phi\u00ean SSH hi\u1ec7n t\u1ea1i v\u00e0 kh\u00f3a b\u1ea1n ra ngo\u00e0i ngay l\u1eadp t\u1ee9c. Kh\u00f4ng c\u00f3 c\u00e1ch l\u1ea5y l\u1ea1i quy\u1ec1n truy c\u1eadp ngo\u1ea1i tr\u1eeb d\u00f9ng KVM console ho\u1eb7c li\u00ean h\u1ec7 nh\u00e0 cung c\u1ea5p VPS.<\/p>\n<p><!-- H3: B\u01af\u1edaC 6 --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-6-Lam-the-nao-de-luu-rules-iptables-vinh-vien-khong-bi-mat-khi-Reboot\"><\/span>B\u01b0\u1edbc 6: L\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 l\u01b0u rules iptables v\u0129nh vi\u1ec5n kh\u00f4ng b\u1ecb m\u1ea5t khi Reboot?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>L\u01b0u rules iptables sau reboot l\u00e0 v\u1ea5n \u0111\u1ec1 m\u00e0 9 trong 10 ng\u01b0\u1eddi m\u1edbi \u0111\u1ec1u g\u1eb7p ph\u1ea3i. M\u1eb7c \u0111\u1ecbnh, to\u00e0n b\u1ed9 rules s\u1ebd bi\u1ebfn m\u1ea5t khi VPS kh\u1edfi \u0111\u1ed9ng l\u1ea1i \u2014 v\u00ec iptables ch\u1ec9 t\u1ed3n t\u1ea1i trong RAM, kh\u00f4ng t\u1ef1 ghi v\u00e0o \u1ed5 \u0111\u0129a. Gi\u1ea3i ph\u00e1p kh\u00e1c nhau t\u00f9y h\u1ec7 \u0111i\u1ec1u h\u00e0nh.<\/p>\n<p><strong>V\u1edbi Ubuntu \/ Debian:<\/strong><\/p>\n<p>C\u00e0i package <code>iptables-persistent<\/code> \u2014 package n\u00e0y t\u1ef1 \u0111\u1ed9ng load rules t\u1eeb file khi boot:<\/p>\n<pre><code>sudo apt install iptables-persistent -y<\/code><\/pre>\n<p>Trong qu\u00e1 tr\u00ecnh c\u00e0i, tr\u00ecnh c\u00e0i \u0111\u1eb7t s\u1ebd h\u1ecfi c\u00f3 mu\u1ed1n l\u01b0u rules IPv4 v\u00e0 IPv6 hi\u1ec7n t\u1ea1i kh\u00f4ng \u2014 ch\u1ecdn <strong>Yes<\/strong> c\u1ea3 hai. Rules \u0111\u01b0\u1ee3c l\u01b0u v\u00e0o <code>\/etc\/iptables\/rules.v4<\/code> v\u00e0 <code>\/etc\/iptables\/rules.v6<\/code>.<\/p>\n<p>Sau n\u00e0y, m\u1ed7i l\u1ea7n thay \u0111\u1ed5i rules v\u00e0 mu\u1ed1n l\u01b0u l\u1ea1i:<\/p>\n<pre><code>sudo netfilter-persistent save<\/code><\/pre>\n<p><strong>V\u1edbi CentOS \/ AlmaLinux \/ Rocky Linux:<\/strong><\/p>\n<p>D\u00f9ng l\u1ec7nh <code>iptables-save<\/code> \u0111\u1ec3 ghi rules ra file c\u1ea5u h\u00ecnh \u0111\u1ecdc l\u00fac boot:<\/p>\n<pre><code>sudo iptables-save &gt; \/etc\/sysconfig\/iptables<\/code><\/pre>\n<p>Service <code>iptables<\/code> tr\u00ean CentOS s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111\u1ecdc file n\u00e0y khi kh\u1edfi \u0111\u1ed9ng. Ki\u1ec3m tra service \u0111ang b\u1eadt ch\u01b0a:<\/p>\n<pre><code>sudo systemctl enable iptables\r\nsudo systemctl start iptables<\/code><\/pre>\n<p>\u0110\u1ec3 x\u00e1c nh\u1eadn rules \u0111\u00e3 \u0111\u01b0\u1ee3c l\u01b0u v\u00e0 s\u1ebd t\u1ed3n t\u1ea1i sau reboot, reboot VPS v\u00e0 ki\u1ec3m tra l\u1ea1i b\u1eb1ng <code>sudo iptables -L -v -n<\/code> \u2014 n\u1ebfu danh s\u00e1ch rules v\u1eabn \u0111\u1ea7y \u0111\u1ee7, c\u1ea5u h\u00ecnh \u0111\u00e3 th\u00e0nh c\u00f4ng.<\/p>\n<figure id=\"attachment_40310\" aria-describedby=\"caption-attachment-40310\" style=\"width: 944px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-40310\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-sau-khi-cau-hinh-iptables.png\" alt=\"Output l\u1ec7nh iptables -L -v -n sau khi c\u1ea7u h\u00ecnh iptables\" width=\"944\" height=\"245\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-sau-khi-cau-hinh-iptables.png 944w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-sau-khi-cau-hinh-iptables-300x78.png 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2026\/03\/Output-lenh-iptables-L-v-n-sau-khi-cau-hinh-iptables-768x199.png 768w\" sizes=\"auto, (max-width: 944px) 100vw, 944px\" \/><figcaption id=\"caption-attachment-40310\" class=\"wp-caption-text\">Output l\u1ec7nh iptables -L -v -n sau khi c\u1ea7u h\u00ecnh iptables<\/figcaption><\/figure>\n<p><!-- H2: L\u1ec6NH N\u00c2NG CAO --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-lenh-iptables-nang-cao-cho-viec-xu-ly-su-co-mang\"><\/span>C\u00e1c l\u1ec7nh iptables n\u00e2ng cao cho vi\u1ec7c x\u1eed l\u00fd s\u1ef1 c\u1ed1 m\u1ea1ng<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><!-- H3: CH\u1eb6N IP --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cach-chan-1-dia-chi-IP-hoac-dai-IP-xau-bang-iptables\"><\/span>C\u00e1ch ch\u1eb7n 1 \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c d\u1ea3i IP x\u1ea5u b\u1eb1ng iptables?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 ch\u1eb7n m\u1ed9t \u0111\u1ecba ch\u1ec9 IP c\u1ee5 th\u1ec3 b\u1eb1ng iptables, d\u00f9ng l\u1ec7nh <code>-I<\/code> (Insert) thay v\u00ec <code>-A<\/code> (Append) \u0111\u1ec3 rule ch\u1eb7n \u0111\u01b0\u1ee3c \u0111\u1eb7t \u1edf v\u1ecb tr\u00ed \u0111\u1ea7u ti\u00ean trong chain v\u00e0 c\u00f3 hi\u1ec7u l\u1ef1c ngay, kh\u00f4ng b\u1ecb &#8220;ch\u1eb7n sau&#8221; b\u1edfi c\u00e1c ACCEPT rules \u0111\u00e3 c\u00f3 tr\u01b0\u1edbc:<\/p>\n<pre><code>sudo iptables -I INPUT -s 203.0.113.45 -j DROP<\/code><\/pre>\n<p>Tham s\u1ed1 <code>-s<\/code> (source) ch\u1ec9 \u0111\u1ecbnh \u0111\u1ecba ch\u1ec9 IP ngu\u1ed3n c\u1ea7n ch\u1eb7n. \u0110\u1ec3 ch\u1eb7n c\u1ea3 m\u1ed9t d\u1ea3i IP (subnet), d\u00f9ng k\u00fd hi\u1ec7u CIDR:<\/p>\n<pre><code># Ch\u1eb7n to\u00e0n b\u1ed9 d\u1ea3i 203.0.113.0\/24 (256 \u0111\u1ecba ch\u1ec9)\r\nsudo iptables -I INPUT -s 203.0.113.0\/24 -j DROP<\/code><\/pre>\n<p>T\u00ecnh hu\u1ed1ng th\u1ef1c t\u1ebf: ph\u00e1t hi\u1ec7n m\u1ed9t IP \u0111ang brute-force SSH li\u00ean t\u1ee5c qua log <code>\/var\/log\/auth.log<\/code> (Ubuntu) ho\u1eb7c <code>\/var\/log\/secure<\/code> (CentOS). Ch\u1eb7n ngay b\u1eb1ng l\u1ec7nh tr\u00ean \u2014 thay <code>203.0.113.45<\/code> b\u1eb1ng IP th\u1ef1c. Hi\u1ec7u l\u1ef1c t\u1ee9c th\u00ec, kh\u00f4ng c\u1ea7n restart service n\u00e0o. Tuy nhi\u00ean, \u0111\u1ec3 x\u1eed l\u00fd brute-force t\u1ef1 \u0111\u1ed9ng v\u00e0 c\u00f3 h\u1ec7 th\u1ed1ng h\u01a1n, n\u00ean k\u1ebft h\u1ee3p v\u1edbi c\u00f4ng c\u1ee5 nh\u01b0 Fail2ban \u2014 iptables ch\u1ec9 l\u00e0 l\u1edbp ch\u1eb7n th\u1ee7 c\u00f4ng khi c\u1ea7n can thi\u1ec7p nhanh.<\/p>\n<p><!-- H3: X\u00d3A RULE --><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cach-xoa-mot-rule-iptables-cu-the-khi-go-sai-cau-hinh\"><\/span>C\u00e1ch x\u00f3a m\u1ed9t rule iptables c\u1ee5 th\u1ec3 khi g\u00f5 sai c\u1ea5u h\u00ecnh?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 x\u00f3a m\u1ed9t rule iptables b\u1ecb sai, d\u00f9ng l\u1ec7nh <code>iptables -D<\/code> k\u1ebft h\u1ee3p v\u1edbi s\u1ed1 th\u1ee9 t\u1ef1 c\u1ee7a rule \u0111\u00f3. C\u1ee5 th\u1ec3, tr\u01b0\u1edbc ti\u00ean li\u1ec7t k\u00ea rules k\u00e8m s\u1ed1 th\u1ee9 t\u1ef1:<\/p>\n<pre><code>sudo iptables -L INPUT --line-numbers<\/code><\/pre>\n<p>Output s\u1ebd hi\u1ec3n th\u1ecb m\u1ed7i rule k\u00e8m s\u1ed1 th\u1ee9 t\u1ef1 \u1edf c\u1ed9t \u0111\u1ea7u. V\u00ed d\u1ee5, n\u1ebfu rule sai n\u1eb1m \u1edf d\u00f2ng s\u1ed1 4 trong chain INPUT:<\/p>\n<pre><code>sudo iptables -D INPUT 4<\/code><\/pre>\n<p>Tham s\u1ed1 <code>-D INPUT 4<\/code> (Delete) x\u00f3a rule t\u1ea1i v\u1ecb tr\u00ed s\u1ed1 4 c\u1ee7a chain INPUT. Sau khi x\u00f3a, c\u00e1c rule b\u00ean d\u01b0\u1edbi s\u1ebd t\u1ef1 \u0111\u1ed9ng \u0111\u01b0\u1ee3c \u0111\u00e1nh s\u1ed1 l\u1ea1i t\u1eeb \u0111\u1ea7u \u2014 v\u00ec v\u1eady n\u1ebfu c\u1ea7n x\u00f3a nhi\u1ec1u rule, h\u00e3y x\u00f3a t\u1eeb s\u1ed1 l\u1edbn xu\u1ed1ng nh\u1ecf \u0111\u1ec3 tr\u00e1nh x\u00f3a nh\u1ea7m v\u1ecb tr\u00ed.<\/p>\n<p>Ngo\u00e0i c\u00e1ch x\u00f3a theo s\u1ed1 th\u1ee9 t\u1ef1, c\u00f3 th\u1ec3 x\u00f3a theo n\u1ed9i dung rule b\u1eb1ng c\u00e1ch thay <code>-A<\/code> b\u1eb1ng <code>-D<\/code> trong l\u1ec7nh g\u1ed1c. V\u00ed d\u1ee5 \u0111\u00e3 th\u00eam rule m\u1edf nh\u1ea7m port 8080:<\/p>\n<pre><code>sudo iptables -D INPUT -p tcp --dport 8080 -j ACCEPT<\/code><\/pre>\n<p><!-- CTA BOX (M\u1eabu 1 - xanh gradient, VPS InterData) --><\/p>\n<div style=\"background: linear-gradient(135deg, #1a3c6e 0%, #0f6cbf 100%); border-radius: 12px; padding: 28px 32px; margin: 40px 0; max-width: 100%; box-shadow: 0 4px 20px rgba(15,108,191,0.25);\">\n<div style=\"display: inline-block; background: rgba(255,255,255,0.15); border: 1px solid rgba(255,255,255,0.3); border-radius: 20px; padding: 4px 14px; margin-bottom: 16px;\"><span style=\"color: #ffffff; font-size: 12px; font-weight: 600; letter-spacing: 0.5px; text-transform: uppercase;\">InterData<\/span><\/div>\n<h3 style=\"color: #ffffff; font-size: 22px; font-weight: bold; margin: 0 0 8px 0; line-height: 1.3;\"><span class=\"ez-toc-section\" id=\"VPS-InterData-%E2%80%94-Moi-truong-thuc-hanh-iptables-ly-tuong\"><\/span>VPS InterData \u2014 M\u00f4i tr\u01b0\u1eddng th\u1ef1c h\u00e0nh iptables l\u00fd t\u01b0\u1edfng<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"color: rgba(255,255,255,0.85); font-size: 15px; margin: 0 0 20px 0; line-height: 1.6;\">Tri\u1ec3n khai c\u1ea5u h\u00ecnh iptables tr\u00ean VPS Linux unmanaged c\u1ee7a InterData \u2014 to\u00e0n quy\u1ec1n root, kh\u00f4ng b\u1ecb gi\u1edbi h\u1ea1n b\u1edfi firewall t\u1ea7ng ngo\u00e0i c\u1ee7a nh\u00e0 cung c\u1ea5p.<\/p>\n<ul style=\"list-style: none; padding: 0; margin: 0 0 24px 0;\">\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>\u1ed4 SSD NVMe U.2 Gen 4 \u2014 I\/O nhanh, ph\u00f9 h\u1ee3p m\u00f4i tr\u01b0\u1eddng dev v\u00e0 production<\/li>\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>Datacenter H\u00e0 N\u1ed9i &amp; HCM \u2014 latency th\u1ea5p v\u1edbi ng\u01b0\u1eddi d\u00f9ng trong n\u01b0\u1edbc<\/li>\n<li style=\"color: rgba(255,255,255,0.9); font-size: 14px; padding: 5px 0; display: flex; align-items: flex-start;\"><span style=\"color: #4fc3f7; font-size: 16px; margin-right: 8px; flex-shrink: 0;\">\u2713<\/span>H\u1ed7 tr\u1ee3 k\u1ef9 thu\u1eadt 24\/7 \u2014 c\u00f3 th\u1ec3 nh\u1edd restore n\u1ebfu c\u1ea5u h\u00ecnh sai<\/li>\n<\/ul>\n<p><a style=\"display: inline-block; background: #ffffff; color: #1a3c6e; font-size: 15px; font-weight: bold; text-decoration: none; padding: 12px 28px; border-radius: 8px; transition: opacity 0.2s;\" href=\"https:\/\/interdata.vn\/thue-vps\/\" target=\"_blank\" rel=\"noopener\">Xem B\u1ea3ng Gi\u00e1 Thu\u00ea VPS R\u1ebb \u2192<\/a><\/p>\n<\/div>\n<p><!-- H2: FAQs --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"FAQs-%E2%80%94-Cau-hoi-thuong-gap-ve-cau-hinh-iptables-VPS\"><\/span>FAQs \u2014 C\u00e2u h\u1ecfi th\u01b0\u1eddng g\u1eb7p v\u1ec1 c\u1ea5u h\u00ecnh iptables VPS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Tai-sao-iptables-khong-chan-duoc-port-cua-Docker-container\"><\/span>T\u1ea1i sao iptables kh\u00f4ng ch\u1eb7n \u0111\u01b0\u1ee3c port c\u1ee7a Docker container?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Docker can thi\u1ec7p tr\u1ef1c ti\u1ebfp v\u00e0o netfilter b\u1eb1ng c\u00e1ch t\u1ea1o chain ri\u00eang t\u00ean <code>DOCKER<\/code> v\u00e0 <code>DOCKER-USER<\/code>, \u0111\u1ed3ng th\u1eddi th\u00eam rules v\u00e0o chain FORWARD \u2014 kh\u00f4ng ph\u1ea3i INPUT. Khi b\u1ea1n th\u00eam rule DROP v\u00e0o INPUT chain, g\u00f3i tin \u0111\u1ebfn Docker container \u0111i theo lu\u1ed3ng FORWARD, ho\u00e0n to\u00e0n b\u1ecf qua chain INPUT. \u0110\u1ec3 ch\u1eb7n traffic v\u00e0o container, c\u1ea7n th\u00eam rule v\u00e0o chain <code>DOCKER-USER<\/code> (\u0111\u01b0\u1ee3c Docker thi\u1ebft k\u1ebf \u0111\u1ec3 ng\u01b0\u1eddi d\u00f9ng t\u00f9y ch\u1ec9nh, kh\u00f4ng b\u1ecb ghi \u0111\u00e8 khi Docker restart) ho\u1eb7c d\u00f9ng t\u00f9y ch\u1ecdn <code>--iptables=false<\/code> trong Docker daemon k\u1ebft h\u1ee3p qu\u1ea3n l\u00fd t\u01b0\u1eddng l\u1eeda th\u1ee7 c\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Iptables-co-gay-giam-toc-do-mang-cua-VPS-khong\"><\/span>Iptables c\u00f3 g\u00e2y gi\u1ea3m t\u1ed1c \u0111\u1ed9 m\u1ea1ng c\u1ee7a VPS kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1edbi c\u1ea5u h\u00ecnh th\u00f4ng th\u01b0\u1eddng, overhead c\u1ee7a iptables g\u1ea7n nh\u01b0 kh\u00f4ng \u0111o \u0111\u01b0\u1ee3c \u2014 th\u01b0\u1eddng d\u01b0\u1edbi 1% throughput ngay c\u1ea3 \u1edf t\u1ea3i cao. T\u00ecnh hu\u1ed1ng g\u00e2y gi\u1ea3m hi\u1ec7u n\u0103ng th\u1ef1c s\u1ef1 l\u00e0 khi ruleset qu\u00e1 l\u1edbn (h\u00e0ng ngh\u00ecn rules) v\u00ec kernel ph\u1ea3i duy\u1ec7t tu\u1ea7n t\u1ef1 t\u1eebng rule. N\u1ebfu c\u1ea7n qu\u1ea3n l\u00fd danh s\u00e1ch IP ch\u1eb7n l\u1edbn (v\u00ed d\u1ee5 block list h\u00e0ng ch\u1ee5c ngh\u00ecn \u0111\u1ecba ch\u1ec9), c\u00f4ng c\u1ee5 <code>ipset<\/code> k\u1ebft h\u1ee3p iptables l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u00fang \u2014 cho ph\u00e9p tra c\u1ee9u O(1) thay v\u00ec O(n).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Co-nen-dung-UFW-hoac-Firewalld-thay-cho-iptables-khong\"><\/span>C\u00f3 n\u00ean d\u00f9ng UFW ho\u1eb7c Firewalld thay cho iptables kh\u00f4ng?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>UFW v\u00e0 Firewalld kh\u00f4ng ph\u1ea3i thay th\u1ebf iptables \u2014 c\u1ea3 hai \u0111\u1ec1u l\u00e0 <em>giao di\u1ec7n qu\u1ea3n l\u00fd<\/em> (frontend) vi\u1ebft tr\u00ean n\u1ec1n iptables ho\u1eb7c nftables. UFW (Ubuntu) \u0111\u01a1n gi\u1ea3n h\u00f3a c\u00fa ph\u00e1p, ph\u00f9 h\u1ee3p ng\u01b0\u1eddi m\u1edbi ho\u1eb7c server kh\u00f4ng c\u1ea7n ruleset ph\u1ee9c t\u1ea1p. Firewalld (CentOS\/RHEL) c\u00f3 th\u00eam kh\u00e1i ni\u1ec7m zone, ph\u00f9 h\u1ee3p m\u00f4i tr\u01b0\u1eddng enterprise. N\u1ebfu \u0111\u00e3 hi\u1ec3u c\u00fa ph\u00e1p iptables thu\u1ea7n th\u00ec d\u00f9ng tr\u1ef1c ti\u1ebfp cho ph\u00e9p ki\u1ec3m so\u00e1t chi ti\u1ebft h\u01a1n \u2014 kh\u00f4ng b\u1ecb \u1ea9n \u0111i b\u1edfi l\u1edbp abstraction. Kh\u00f4ng n\u00ean ch\u1ea1y song song UFW v\u00e0 iptables tr\u1ef1c ti\u1ebfp tr\u00ean c\u00f9ng m\u1ed9t server v\u00ec hai b\u00ean s\u1ebd can thi\u1ec7p l\u1eabn nhau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Lam-sao-de-phuc-hoi-iptables-tu-file-backup\"><\/span>L\u00e0m sao \u0111\u1ec3 ph\u1ee5c h\u1ed3i iptables t\u1eeb file backup?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ec3 restore t\u1eeb file backup \u0111\u00e3 t\u1ea1o \u1edf B\u01b0\u1edbc 1, d\u00f9ng l\u1ec7nh <code>iptables-restore<\/code>:<\/p>\n<pre><code>sudo iptables-restore &lt; \/root\/iptables.bak<\/code><\/pre>\n<p>L\u1ec7nh n\u00e0y \u0111\u1ecdc file backup v\u00e0 \u00e1p d\u1ee5ng to\u00e0n b\u1ed9 rules trong \u0111\u00f3 v\u00e0o kernel, thay th\u1ebf ho\u00e0n to\u00e0n ruleset hi\u1ec7n t\u1ea1i. Restore kh\u00f4ng c\u1ea7n restart service \u2014 c\u00f3 hi\u1ec7u l\u1ef1c t\u1ee9c th\u00ec. Th\u00f3i quen t\u1ed1t l\u00e0 t\u1ea1o backup tr\u01b0\u1edbc m\u1ed7i l\u1ea7n thay \u0111\u1ed5i c\u1ea5u h\u00ecnh \u0111\u00e1ng k\u1ec3, \u0111\u1eb7t t\u00ean file k\u00e8m timestamp: <code>iptables-save &gt; \/root\/iptables-$(date +%Y%m%d-%H%M).bak<\/code>.<\/p>\n<p><!-- CONCLUSION --><\/p>\n<p>C\u1ea5u h\u00ecnh iptables cho VPS kh\u00f4ng ph\u1ee9c t\u1ea1p v\u1ec1 m\u1eb7t k\u1ef9 thu\u1eadt \u2014 nh\u01b0ng \u0111\u00f2i h\u1ecfi th\u1ef1c hi\u1ec7n \u0111\u00fang th\u1ee9 t\u1ef1. M\u1edf SSH tr\u01b0\u1edbc, thi\u1ebft l\u1eadp loopback v\u00e0 ESTABLISHED, m\u1edf port d\u1ecbch v\u1ee5, r\u1ed3i m\u1edbi DROP m\u1eb7c \u0111\u1ecbnh. \u0110\u1ea3o l\u1ed9n th\u1ee9 t\u1ef1 n\u00e0y l\u00e0 ngu\u1ed3n g\u1ed1c c\u1ee7a h\u1ea7u h\u1ebft s\u1ef1 c\u1ed1 lockout. V\u1edbi ruleset \u0111\u00fang, iptables ch\u1eb7n \u0111\u01b0\u1ee3c ph\u1ea7n l\u1edbn c\u00e1c \u0111\u1ee3t scan t\u1ef1 \u0111\u1ed9ng v\u00e0 brute-force SSH m\u00e0 kh\u00f4ng \u1ea3nh h\u01b0\u1edfng g\u00ec \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng b\u00ecnh th\u01b0\u1eddng c\u1ee7a server.<\/p>\n<p>Tuy nhi\u00ean, iptables ch\u1ec9 l\u00e0 m\u1ed9t l\u1edbp trong chi\u1ebfn l\u01b0\u1ee3c b\u1ea3o m\u1eadt VPS to\u00e0n di\u1ec7n. Ngo\u00e0i t\u01b0\u1eddng l\u1eeda, c\u00f2n c\u1ea7n c\u1ee9ng h\u00f3a c\u1ea5u h\u00ecnh SSH, qu\u1ea3n l\u00fd user, theo d\u00f5i log v\u00e0 nhi\u1ec1u l\u1edbp kh\u00e1c. \u0110\u1ecdc th\u00eam <a href=\"https:\/\/interdata.vn\/blog\/bao-mat-vps-linux\/\" target=\"_blank\" rel=\"noopener\">h\u01b0\u1edbng d\u1eabn b\u1ea3o m\u1eadt VPS Linux to\u00e0n di\u1ec7n<\/a> \u0111\u1ec3 x\u00e2y d\u1ef1ng h\u1ec7 th\u1ed1ng ph\u00f2ng th\u1ee7 nhi\u1ec1u l\u1edbp cho m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>T\u00f3m t\u1eaft nhanh: C\u1ea5u h\u00ecnh iptables cho VPS l\u00e0 qu\u00e1 tr\u00ecnh thi\u1ebft l\u1eadp b\u1ed9 quy t\u1eafc (rules) ki\u1ec3m so\u00e1t lu\u1ed3ng d\u1eef li\u1ec7u ra v\u00e0o m\u00e1y ch\u1ee7 Linux th\u00f4ng qua c\u00f4ng c\u1ee5 t\u01b0\u1eddng l\u1eeda netfilter t\u00edch h\u1ee3p s\u1eb5n trong kernel. M\u1ed7i g\u00f3i tin \u0111i qua VPS s\u1ebd \u0111\u01b0\u1ee3c \u0111\u1ed1i chi\u1ebfu v\u1edbi c\u00e1c chain INPUT, OUTPUT, FORWARD<\/p>\n","protected":false},"author":2,"featured_media":40311,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-40304","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=40304"}],"version-history":[{"count":2,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40304\/revisions"}],"predecessor-version":[{"id":40313,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/40304\/revisions\/40313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/40311"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=40304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=40304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=40304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}