{"id":34869,"date":"2024-08-13T16:31:43","date_gmt":"2024-08-13T09:31:43","guid":{"rendered":"http:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/13\/tutorial-config-cloud-firewall-in-linode\/"},"modified":"2026-05-14T10:28:39","modified_gmt":"2026-05-14T09:28:39","slug":"tutorial-config-cloud-firewall-in-linode","status":"publish","type":"post","link":"https:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/13\/tutorial-config-cloud-firewall-in-linode\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn c\u1ea5u h\u00ecnh Cloud Firewall tr\u00ean Linode"},"content":{"rendered":"

Hi\u1ec7n nay b\u1ea3o m\u1eadt l\u00e0 m\u1ed9t v\u1ea5n \u0111\u1ec1 r\u1ea5t quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n tr\u00ean m\u00f4i tr\u01b0\u1eddng internet n\u00f3i chung v\u00e0 cloud n\u00f3i ri\u00eang. Firewall Cloud l\u00e0 m\u1ed9t t\u00ednh n\u0103ng quan tr\u1ecdng cho ph\u00e9p b\u1ea1n c\u00f3 th\u1ec3 c\u1ea5u h\u00ecnh c\u00e1c Rule tu\u1ef3 ch\u1ec9nh \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh b\u1ea3o m\u1eadt cho c\u00e1c m\u00e1y compute linode c\u1ee7a b\u1ea1n.<\/p>\n

B\u00e0i vi\u1ebft n\u00e0y s\u1ebd h\u01b0\u1edbng d\u1eabn c\u00e1c b\u1ea1n s\u1eed d\u1ee5ng Cloud Firewall tr\u00ean Linode<\/p>\n

\u0110\u1ec3 t\u1ea1o m\u1ed9t firewall cloud c\u00e1c b\u1ea1n s\u1ebd c\u1ea7n ph\u1ea3i th\u1ef1c hi\u1ec7n c\u00e1c b\u01b0\u1edbc nh\u01b0 sau:<\/p>\n

B\u01b0\u1edbc 1: Truy c\u1eadp v\u00e0o account Linode<\/strong> –> ch\u1ecdn firewalls<\/strong> –> Create firewalls<\/strong><\/p>\n

\"\"<\/figure>\n

B\u01b0\u1edbc 2: Tu\u1ef3 ch\u1ec9nh c\u00e1c c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh ban \u0111\u1ea7u cho firewall c\u1ee7a b\u1ea1n <\/p>\n

\"\"<\/figure>\n

\u00dd ngh\u0129a c\u00e1c th\u00f4ng s\u1ed1:<\/p>\n

    \n
  • Label: t\u00ean firewall<\/li>\n
  • Default outbound Policy: ch\u00ednh s\u00e1ch cho b\u1ea1n kh\u1ea3 n\u0103ng ch\u1eb7n (drop<\/strong>) ho\u1eb7c cho ph\u00e9p (access<\/strong>) c\u00e1c traffic \u0111i v\u00e0o <\/li>\n
  • Default inbound Policy: ch\u00ednh s\u00e1ch cho b\u1ea1n kh\u1ea3 n\u0103ng ch\u1eb7n (drop<\/strong>) ho\u1eb7c cho ph\u00e9p (access<\/strong>) c\u00e1c traffic \u0111i ra<\/li>\n
  • Linodes: l\u1ef1a ch\u1ecdn c\u00e1c linodes c\u1ee7a b\u1ea1n mu\u1ed1n \u00e1p d\u1ee5ng c\u00e1c ch\u00ednh s\u00e1ch firewall<\/li>\n
  • Node Balancers: l\u1ef1a ch\u1ecdn c\u00e1c node balancers \u0111\u1ec3 \u00e1p d\u1ee5ng c\u00e1c ch\u00ednh s\u00e1ch firewall<\/li>\n<\/ul>\n

    –> sau khi ch\u1ecdn h\u1ebft c\u00e1c th\u00f4ng s\u1ed1 b\u1ea1n nh\u1ea5n Create Firewall \u0111\u1ec3 kh\u1edfi t\u1ea1o <\/p>\n

    B\u01b0\u1edbc 3: truy c\u1eadp Firewall \u0111\u1ec3 c\u1ea5u h\u00ecnh chi ti\u1ebft c\u00e1c ch\u00ednh s\u00e1ch b\u00ean trong:<\/p>\n

    \"\"
    M\u00f4 t\u1ea3 c\u00e1c t\u00ednh n\u0103ng trong firewall cloud<\/figcaption><\/figure>\n

    chi ti\u1ebft c\u1ea5u h\u00ecnh c\u00e1c ch\u00ednh s\u00e1ch Inbound v\u00e0 Outbound nh\u01b0 sau:<\/p>\n

    \"\"<\/figure>\n
      \n
    • Preset: ch\u1ecdn c\u00e1c quy t\u1eafc t\u01b0\u1eddng l\u1eeda \u00e1p d\u1ee5ng cho c\u00e1c service \u0111c m\u1eb7c \u0111\u1ecbnh s\u1eb5n: (kh\u00f4ng b\u1eaft bu\u1ed9c)<\/li>\n
    • label: T\u00ean tu\u1ef3 ch\u1ecdn<\/li>\n
    • Description: m\u00f4 t\u1ea3<\/li>\n
    • Protocol: giao th\u1ee9c truy\u1ec1n th\u00f4ng th\u01b0\u1eddng s\u1eed d\u1ee5ng TCP ho\u1eb7c UDP<\/li>\n
    • Ports: x\u00e1c \u0111\u1ecbnh port m\u00e0 b\u1ea1n mu\u1ed1n c\u1ea5u h\u00ecnh cho t\u01b0\u1eddng l\u1eeda<\/li>\n
    • Source: x\u00e1c \u0111\u1ecbnh IP ho\u1eb7c d\u1ea3i IP \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh v\u00e0o rule n\u00e0y. \u0110\u1ed1i v\u1edbi Rule cho Outbound th\u00ec ta s\u1ebd c\u1ea5u h\u00ecnh Destination s\u1ebd l\u00e0 \u0111\u1ecba ch\u1ec9 IP \u0111\u00edch m\u00e0 ta g\u1eedi b\u1ea3n tin traffic \u0111i ra b\u00ean ngo\u00e0i<\/li>\n<\/ul>\n
      \n
      \n

      Ch\u00fa \u00fd:<\/p>\n

      Khi \u00e1p d\u1ee5ng c\u00e1c \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c d\u1ea3i IP ri\u00eang l\u1ebb cho tr\u01b0\u1eddng ngu\u1ed3n ho\u1eb7c tr\u01b0\u1eddng \u0111\u00edch, c\u00e1c \u0111\u1ecba ch\u1ec9 n\u00e0y ph\u1ea3i lu\u00f4n h\u1ee3p l\u1ec7 v\u00e0 \u0111\u01b0\u1ee3c \u0111\u1ecbnh d\u1ea1ng ch\u00ednh x\u00e1c b\u1eb1ng k\u00fd hi\u1ec7u CIDR. Sau \u0111\u00e2y l\u00e0 v\u00ed d\u1ee5 v\u1ec1 ph\u1ea1m vi IPv4 v\u00e0 IPv6 h\u1ee3p l\u1ec7: 192.0.2.0\/24. Trong v\u00ed d\u1ee5 n\u00e0y, vi\u1ec7c s\u1eed d\u1ee5ng ph\u1ea1m vi 192.0.2.0\/24 s\u1ebd \u00e1p d\u1ee5ng quy t\u1eafc cho t\u1ea5t c\u1ea3 c\u00e1c \u0111\u1ecba ch\u1ec9 IP t\u1eeb 192.0.2.1 \u0111\u1ebfn 192.0.2.254. N\u1ebfu mu\u1ed1n \u00e1p d\u1ee5ng rule cho 1 IP ri\u00eang l\u1ebb ta s\u1ebd \u0111\u00e1nh IP \u0111\u00f3 v\u00e0o v\u00e0 th\u00eam \/32 v\u00e0o cu\u1ed1i, v\u00ed d\u1ee5: 192.168.1.1\/32 <\/p>\n

      C\u00e1c quy t\u1eafc t\u01b0\u1eddng l\u1eeda \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng theo th\u1ee9 t\u1ef1 t\u1eeb tr\u00ean xu\u1ed1ng d\u01b0\u1edbi khi ch\u00fang xu\u1ea5t hi\u1ec7n tr\u00ean trang n\u00e0y. N\u1ebfu b\u1ea1n mu\u1ed1n s\u1eafp x\u1ebfp l\u1ea1i c\u00e1c quy t\u1eafc n\u00e0y, h\u00e3y k\u00e9o v\u00e0 th\u1ea3 b\u1ea5t k\u1ef3 h\u00e0ng n\u00e0o v\u00e0o v\u1ecb tr\u00ed mong mu\u1ed1n.<\/p>\n<\/div>\n<\/div>\n

      \"\"
      Giao di\u1ec7n rule \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o sau khi c\u1ea5u h\u00ecnh xong<\/figcaption><\/figure><\/p>\n","protected":false},"excerpt":{"rendered":"

      Hi\u1ec7n nay b\u1ea3o m\u1eadt l\u00e0 m\u1ed9t v\u1ea5n \u0111\u1ec1 r\u1ea5t quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n tr\u00ean m\u00f4i tr\u01b0\u1eddng internet n\u00f3i chung v\u00e0 cloud n\u00f3i ri\u00eang. Firewall Cloud l\u00e0 m\u1ed9t t\u00ednh n\u0103ng quan tr\u1ecdng cho ph\u00e9p b\u1ea1n c\u00f3 th\u1ec3 c\u1ea5u h\u00ecnh c\u00e1c Rule tu\u1ef3 ch\u1ec9nh \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh b\u1ea3o m\u1eadt cho<\/p>\n","protected":false},"author":1,"featured_media":35489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[104],"tags":[],"class_list":["post-34869","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-firewall"],"_links":{"self":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/comments?post=34869"}],"version-history":[{"count":1,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34869\/revisions"}],"predecessor-version":[{"id":35490,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34869\/revisions\/35490"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media\/35489"}],"wp:attachment":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media?parent=34869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/categories?post=34869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/tags?post=34869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}