{"id":11065,"date":"2026-04-17T20:32:23","date_gmt":"2026-04-17T20:32:23","guid":{"rendered":"https:\/\/bitep.net\/blog\/2026\/04\/17\/ufw-nedir-ubuntu-serverde-firewall-nece-qurulur\/"},"modified":"2026-04-17T20:32:36","modified_gmt":"2026-04-17T20:32:36","slug":"ufw-nedir-ubuntu-serverde-firewall-nece-qurulur","status":"publish","type":"post","link":"https:\/\/bitep.net\/blog\/2026\/04\/17\/ufw-nedir-ubuntu-serverde-firewall-nece-qurulur\/","title":{"rendered":"UFW n\u0259dir? Ubuntu serverd\u0259 firewall nec\u0259 qurulur, portlar nec\u0259 a\u00e7\u0131l\u0131r v\u0259 t\u0259hl\u00fck\u0259siz qaydalar nec\u0259 yaz\u0131l\u0131r?"},"content":{"rendered":"<p>Ubuntu server qurduqdan sonra \u0259n vacib ilk add\u0131mlardan biri \u015f\u0259b\u0259k\u0259 giri\u015fini n\u0259zar\u0259t alt\u0131na almaqd\u0131r. Server internet\u0259 a\u00e7\u0131q olduqda laz\u0131m olmayan portlar\u0131n bo\u015f qalmas\u0131, test xidm\u0259tl\u0259rinin unudulmas\u0131 v\u0259 ya h\u0259r \u015fey\u0259 icaz\u0259 verilm\u0259si t\u0259hl\u00fck\u0259sizlik riskini art\u0131r\u0131r. M\u0259hz burada UFW, y\u0259ni <strong>Uncomplicated Firewall<\/strong>, sad\u0259 amma \u00e7ox praktik bir h\u0259ll kimi i\u015f\u0259 yaray\u0131r.<\/p>\n<p>UFW, Linux n\u00fcv\u0259sind\u0259 i\u015fl\u0259y\u0259n firewall mexanizmini daha rahat idar\u0259 etm\u0259k \u00fc\u00e7\u00fcn haz\u0131rlanm\u0131\u015f al\u0259tdir. Y\u0259ni arxada daha g\u00fccl\u00fc paket filtrl\u0259m\u0259 qaydalar\u0131 i\u015fl\u0259yir, amma siz onlar\u0131 daha oxunaql\u0131 \u0259mrl\u0259rl\u0259 idar\u0259 edirsiniz. Bu s\u0259b\u0259bd\u0259n UFW h\u0259m yeni ba\u015flayan sistem administratorlar\u0131, h\u0259m d\u0259 g\u00fcnd\u0259lik server \u0259m\u0259liyyatlar\u0131nda s\u00fcr\u0259tli v\u0259 ayd\u0131n qayda yazmaq ist\u0259y\u0259nl\u0259r \u00fc\u00e7\u00fcn \u00e7ox uy\u011fundur.<\/p>\n<p>Bu yaz\u0131da UFW-nin n\u0259 oldu\u011funu sad\u0259 dill\u0259 izah ed\u0259c\u0259yik, Ubuntu serverd\u0259 nec\u0259 quruldu\u011funu add\u0131m-add\u0131m g\u00f6st\u0259r\u0259c\u0259yik, SSH giri\u015fini k\u0259sm\u0259d\u0259n firewall aktiv etm\u0259 qaydas\u0131n\u0131 dan\u0131\u015faca\u011f\u0131q, port a\u00e7ma v\u0259 ba\u011flama n\u00fcmun\u0259l\u0259ri ver\u0259c\u0259yik, h\u0259m\u00e7inin t\u0259hl\u00fck\u0259siz konfiqurasiya \u00fc\u00e7\u00fcn praktik t\u00f6vsiy\u0259l\u0259ri payla\u015faca\u011f\u0131q.<\/p>\n<h2>UFW n\u0259dir?<\/h2>\n<p>UFW, Ubuntu v\u0259 Debian tipli sisteml\u0259rd\u0259 firewall qaydalar\u0131n\u0131 sad\u0259l\u0259\u015fdirilmi\u015f sintaksisl\u0259 idar\u0259 etm\u0259y\u0259 imkan ver\u0259n bir komanda x\u0259tti al\u0259tidir. Ad\u0131 \u201cqar\u0131\u015f\u0131q olmayan firewall\u201d kimi ba\u015fa d\u00fc\u015f\u00fcl\u0259 bil\u0259r. M\u0259qs\u0259di odur ki, istifad\u0259\u00e7i \u00e7ox m\u00fcr\u0259kk\u0259b a\u015fa\u011f\u0131 s\u0259viyy\u0259li firewall sintaksisin\u0259 girm\u0259d\u0259n \u0259n vacib qaydalar\u0131 rahat qura bilsin.<\/p>\n<p>Praktik bax\u0131mdan UFW il\u0259 siz bunlar\u0131 ed\u0259 bil\u0259rsiniz:<\/p>\n<ul>\n<li>yaln\u0131z laz\u0131m olan portlar\u0131 a\u00e7maq<\/li>\n<li>dig\u0259r b\u00fct\u00fcn g\u0259l\u0259n ba\u011flant\u0131lar\u0131 bloklamaq<\/li>\n<li>SSH, HTTP, HTTPS kimi xidm\u0259tl\u0259r \u00fc\u00e7\u00fcn haz\u0131r v\u0259 ayd\u0131n qaydalar yazmaq<\/li>\n<li>m\u00fc\u0259yy\u0259n IP \u00fcnvanlar\u0131na icaz\u0259 verm\u0259k v\u0259 ya blok qoymaq<\/li>\n<li>firewall statusunu v\u0259 aktiv qaydalar\u0131 izl\u0259m\u0259k<\/li>\n<\/ul>\n<p>Y\u0259ni UFW server t\u0259hl\u00fck\u0259sizliyinin yerini tam t\u0259kba\u015f\u0131na tutmur, amma \u00e7ox vacib bir \u0259sas qat yarad\u0131r. X\u00fcsusil\u0259 VPS, cloud instance v\u0259 ya yeni qurulan t\u0259tbiq serverl\u0259rind\u0259 \u201c\u0259vv\u0259lc\u0259 minimal a\u00e7\u0131q giri\u015f\u201d prinsipi \u00fc\u00e7\u00fcn \u00e7ox uy\u011fundur.<\/p>\n<h2>Bu t\u0259lim kim \u00fc\u00e7\u00fcnd\u00fcr?<\/h2>\n<ul>\n<li>Ubuntu server quran yeni ba\u015flayanlar<\/li>\n<li>VPS v\u0259 ya cloud serveri internet\u0259 a\u00e7madan \u0259vv\u0259l t\u0259hl\u00fck\u0259sizlik bazas\u0131n\u0131 qurmaq ist\u0259y\u0259nl\u0259r<\/li>\n<li>WordPress, Nginx, Apache, Node.js v\u0259 ya dig\u0259r t\u0259tbiql\u0259ri host ed\u0259nl\u0259r<\/li>\n<li>SSH giri\u015fini qoruyaraq yaln\u0131z laz\u0131m olan portlar\u0131 a\u00e7maq ist\u0259y\u0259n sistem administratorlar\u0131<\/li>\n<\/ul>\n<h2>\u018fsas m\u0259ntiq: default deny, laz\u0131m olan\u0131 allow<\/h2>\n<p>Firewall qurark\u0259n \u0259n sa\u011flam yana\u015fma budur: \u0259vv\u0259lc\u0259 g\u0259l\u0259n ba\u011flant\u0131lar\u0131 ba\u011fla, sonra h\u0259qiq\u0259t\u0259n laz\u0131m olan xidm\u0259tl\u0259r\u0259 ayr\u0131ca icaz\u0259 ver. Buna \u00e7ox vaxt \u201cdefault deny\u201d yana\u015fmas\u0131 deyilir. M\u0259s\u0259l\u0259n, serverd\u0259 yaln\u0131z SSH, HTTP v\u0259 HTTPS i\u015fl\u0259y\u0259c\u0259ks\u0259, o zaman \u0259sas m\u0259ntiq bel\u0259 olmal\u0131d\u0131r:<\/p>\n<ul>\n<li>22 n\u00f6mr\u0259li port v\u0259 ya istifad\u0259 etdiyiniz x\u00fcsusi SSH portu a\u00e7\u0131q olsun<\/li>\n<li>80 v\u0259 443 portlar\u0131 a\u00e7\u0131q olsun<\/li>\n<li>dig\u0259r b\u00fct\u00fcn laz\u0131ms\u0131z giri\u015fl\u0259r ba\u011fl\u0131 qals\u0131n<\/li>\n<\/ul>\n<p>Bu yana\u015fma h\u00fccum s\u0259thini azald\u0131r. Serverd\u0259 qura\u015fd\u0131rd\u0131\u011f\u0131n\u0131z amma istifad\u0259 etm\u0259diyiniz bir xidm\u0259t t\u0259sad\u00fcf\u0259n internet\u0259 a\u00e7\u0131q qalsa bel\u0259, firewall onu xaricd\u0259n g\u00f6r\u00fcnm\u0259z ed\u0259 bil\u0259r.<\/p>\n<h2>Ba\u015flamazdan \u0259vv\u0259l vacib x\u0259b\u0259rdarl\u0131q<\/h2>\n<p>\u018fg\u0259r server\u0259 uzaqdan SSH il\u0259 qo\u015fulmusunuzsa, firewall-u aktiv etm\u0259zd\u0259n \u0259vv\u0259l <strong>m\u00fctl\u0259q SSH qaydas\u0131n\u0131 a\u00e7\u0131n<\/strong>. \u018fks halda \u00f6z\u00fcn\u00fcz\u00fc serverd\u0259n k\u0259narda qoya bil\u0259rsiniz. Bu, yeni ba\u015flayanlar\u0131n \u0259n \u00e7ox etdiyi s\u0259hvl\u0259rd\u0259n biridir.<\/p>\n<p>Y\u0259ni qayda sad\u0259dir:<\/p>\n<ol>\n<li>\u0259vv\u0259l SSH \u00fc\u00e7\u00fcn icaz\u0259 verin<\/li>\n<li>sonra firewall-u aktiv edin<\/li>\n<\/ol>\n<h2>UFW qura\u015fd\u0131r\u0131l\u0131b-qura\u015fd\u0131r\u0131lmad\u0131\u011f\u0131n\u0131 yoxlay\u0131n<\/h2>\n<p>Bir \u00e7ox Ubuntu sistemind\u0259 UFW m\u00f6vcud olur, amma aktiv olmaya bil\u0259r. Yoxlamaq \u00fc\u00e7\u00fcn bu \u0259mrd\u0259n istifad\u0259 edin:<\/p>\n<pre><code>sudo ufw status<\/code><\/pre>\n<p>\u018fg\u0259r al\u0259t sistemd\u0259 yoxdursa, a\u015fa\u011f\u0131dak\u0131 \u0259mrl\u0259 qura bil\u0259rsiniz:<\/p>\n<pre><code>sudo apt update\nsudo apt install ufw -y<\/code><\/pre>\n<p>Qura\u015fd\u0131rmadan sonra yenid\u0259n status yoxlamas\u0131 edin. \u0130lk m\u0259rh\u0259l\u0259d\u0259 \u00e7ox vaxt bel\u0259 bir n\u0259tic\u0259 g\u00f6r\u0259c\u0259ksiniz:<\/p>\n<pre><code>Status: inactive<\/code><\/pre>\n<p>Bu normald\u0131r. Dem\u0259li, qaydalar h\u0259l\u0259 t\u0259tbiq olunmay\u0131b.<\/p>\n<h2>Default qaydalar\u0131 t\u0259yin edin<\/h2>\n<p>\u018fn yax\u015f\u0131 ba\u015flan\u011f\u0131c budur ki, g\u0259l\u0259n trafiki ba\u011flayas\u0131n\u0131z, \u00e7\u0131xan trafiki is\u0259 a\u00e7\u0131q saxlayas\u0131n\u0131z. Serverl\u0259rin b\u00f6y\u00fck hiss\u0259sind\u0259 bu m\u0259ntiqlidir, \u00e7\u00fcnki server \u00f6z\u00fc update \u00e7\u0259km\u0259li, paket qura\u015fd\u0131rmal\u0131, DNS sor\u011fular\u0131 etm\u0259li v\u0259 xaric\u0259 \u00e7\u0131x\u0131\u015f etm\u0259lidir.<\/p>\n<pre><code>sudo ufw default deny incoming\nsudo ufw default allow outgoing<\/code><\/pre>\n<p>Bu iki \u0259mr bel\u0259 i\u015fl\u0259yir:<\/p>\n<ul>\n<li><strong>deny incoming<\/strong> xaricd\u0259n g\u0259l\u0259n yeni ba\u011flant\u0131lar\u0131 standart olaraq bloklay\u0131r<\/li>\n<li><strong>allow outgoing<\/strong> serverd\u0259n xaric\u0259 \u00e7\u0131xan trafik\u0259 icaz\u0259 verir<\/li>\n<\/ul>\n<p>Bu, yax\u015f\u0131 t\u0259hl\u00fck\u0259sizlik bazas\u0131d\u0131r. Amma h\u0259l\u0259 SSH a\u00e7\u0131lmay\u0131bsa, firewall-u aktiv etm\u0259y\u0259 t\u0259l\u0259sm\u0259yin.<\/p>\n<h2>SSH \u00fc\u00e7\u00fcn icaz\u0259 verin<\/h2>\n<p>\u018fg\u0259r server\u0259 standart SSH portu olan 22 \u00fcz\u0259rind\u0259n qo\u015fulursunuzsa, bu \u0259mrd\u0259n istifad\u0259 edin:<\/p>\n<pre><code>sudo ufw allow OpenSSH<\/code><\/pre>\n<p>Alternativ olaraq portu birba\u015fa da yaza bil\u0259rsiniz:<\/p>\n<pre><code>sudo ufw allow 22\/tcp<\/code><\/pre>\n<p>\u018fg\u0259r SSH \u00fc\u00e7\u00fcn f\u0259rqli port istifad\u0259 edirsinizs\u0259, m\u0259s\u0259l\u0259n 2222, o halda uy\u011fun portu a\u00e7\u0131n:<\/p>\n<pre><code>sudo ufw allow 2222\/tcp<\/code><\/pre>\n<p>Burada vacib m\u0259qam budur ki, real istifad\u0259 etdiyiniz port a\u00e7\u0131lmadan firewall-u aktiv etm\u0259yin.<\/p>\n<h2>Web server portlar\u0131n\u0131 a\u00e7\u0131n<\/h2>\n<p>\u018fg\u0259r serverinizd\u0259 sayt, API v\u0259 ya panel i\u015fl\u0259yirs\u0259, \u00e7ox vaxt HTTP v\u0259 HTTPS portlar\u0131na da icaz\u0259 verm\u0259k laz\u0131md\u0131r:<\/p>\n<pre><code>sudo ufw allow 80\/tcp\nsudo ufw allow 443\/tcp<\/code><\/pre>\n<p>Nginx v\u0259 Apache \u00fc\u00e7\u00fcn UFW-d\u0259 b\u0259z\u0259n haz\u0131r profil adlar\u0131 da olur. M\u0259s\u0259l\u0259n:<\/p>\n<pre><code>sudo ufw app list<\/code><\/pre>\n<p>\u018fg\u0259r siyah\u0131da Nginx Full v\u0259 ya Apache Full kimi profill\u0259r g\u00f6r\u00fcn\u00fcrs\u0259, bel\u0259 d\u0259 a\u00e7a bil\u0259rsiniz:<\/p>\n<pre><code>sudo ufw allow 'Nginx Full'<\/code><\/pre>\n<p>Bu yana\u015fma 80 v\u0259 443 portlar\u0131n\u0131 bir yerd\u0259 a\u00e7\u0131r.<\/p>\n<h2>Firewall-u aktiv edin<\/h2>\n<p>\u0130ndi \u0259sas qaydalar haz\u0131rd\u0131rsa, UFW-ni aktiv ed\u0259 bil\u0259rsiniz:<\/p>\n<pre><code>sudo ufw enable<\/code><\/pre>\n<p>Sistem sizd\u0259n t\u0259sdiq ist\u0259y\u0259 bil\u0259r. Aktiv etdikd\u0259n sonra statusu \u0259trafl\u0131 yoxlay\u0131n:<\/p>\n<pre><code>sudo ufw status verbose<\/code><\/pre>\n<p>N\u0259tic\u0259d\u0259 t\u0259xmin\u0259n bel\u0259 bir g\u00f6r\u00fcn\u00fc\u015f g\u00f6rm\u0259lisiniz:<\/p>\n<pre><code>Status: active\nLogging: on\nDefault: deny (incoming), allow (outgoing)\nNew profiles: skip<\/code><\/pre>\n<p>V\u0259 a\u015fa\u011f\u0131da icaz\u0259 veril\u0259n portlar g\u00f6r\u00fcn\u0259c\u0259k.<\/p>\n<h2>Aktiv qaydalar\u0131 oxumaq v\u0259 anlamaq<\/h2>\n<p>\u018fn \u00e7ox istifad\u0259 olunan yoxlama \u0259mri budur:<\/p>\n<pre><code>sudo ufw status numbered<\/code><\/pre>\n<p>Bu \u0259mr siz\u0259 qaydalar\u0131 n\u00f6mr\u0259 il\u0259 g\u00f6st\u0259rir. Bu is\u0259 sonradan m\u00fc\u0259yy\u0259n qaydan\u0131 silm\u0259k \u00fc\u00e7\u00fcn rahatd\u0131r. M\u0259s\u0259l\u0259n, bel\u0259 bir \u00e7\u0131x\u0131\u015f g\u00f6r\u0259 bil\u0259rsiniz:<\/p>\n<pre><code>[ 1] OpenSSH ALLOW IN Anywhere\n[ 2] 80\/tcp ALLOW IN Anywhere\n[ 3] 443\/tcp ALLOW IN Anywhere<\/code><\/pre>\n<p>Bu o dem\u0259kdir ki, SSH, HTTP v\u0259 HTTPS \u00fc\u00e7\u00fcn xaricd\u0259n giri\u015f\u0259 icaz\u0259 verilib.<\/p>\n<h2>Yeni port nec\u0259 a\u00e7\u0131l\u0131r?<\/h2>\n<p>M\u0259s\u0259l\u0259n, t\u0259tbiqiniz 3000 portunda i\u015fl\u0259yirs\u0259 v\u0259 onu birba\u015fa internet\u0259 a\u00e7maq ist\u0259yirsinizs\u0259:<\/p>\n<pre><code>sudo ufw allow 3000\/tcp<\/code><\/pre>\n<p>Amma burada bir m\u0259sl\u0259h\u0259t vacibdir: development portlar\u0131n\u0131 internet\u0259 birba\u015fa a\u00e7maq h\u0259mi\u015f\u0259 yax\u015f\u0131 fikir deyil. \u00c7ox hallarda daha t\u0259hl\u00fck\u0259siz yana\u015fma odur ki, t\u0259tbiqi localhost-da saxlayas\u0131n\u0131z, qar\u015f\u0131s\u0131na Nginx reverse proxy qoyas\u0131n\u0131z v\u0259 yaln\u0131z 80\/443 portlar\u0131n\u0131 a\u00e7\u0131q saxlayas\u0131n\u0131z.<\/p>\n<h2>M\u00fc\u0259yy\u0259n IP \u00fc\u00e7\u00fcn icaz\u0259 verm\u0259k<\/h2>\n<p>B\u0259z\u0259n admin panel, database portu v\u0259 ya daxili xidm\u0259t b\u00fct\u00fcn internet\u0259 a\u00e7\u0131q olmamal\u0131d\u0131r. M\u0259s\u0259l\u0259n, yaln\u0131z ofis IP-sind\u0259n 22 portuna giri\u015f verm\u0259k ist\u0259yirsinizs\u0259:<\/p>\n<pre><code>sudo ufw allow from 203.0.113.10 to any port 22 proto tcp<\/code><\/pre>\n<p>Bu qayda yaln\u0131z g\u00f6st\u0259ril\u0259n IP-d\u0259n SSH giri\u015fin\u0259 icaz\u0259 verir. Bu \u00fcsul x\u00fcsusil\u0259 admin panell\u0259r, x\u00fcsusi backend servis v\u0259 m\u0259hdud eri\u015fim t\u0259l\u0259b ed\u0259n portlar \u00fc\u00e7\u00fcn \u00e7ox faydal\u0131d\u0131r.<\/p>\n<h2>M\u00fc\u0259yy\u0259n IP-ni bloklamaq<\/h2>\n<p>\u015e\u00fcbh\u0259li v\u0259 ya arzuolunmaz bir IP \u00fcnvan\u0131n\u0131 bloklamaq ist\u0259s\u0259niz:<\/p>\n<pre><code>sudo ufw deny from 198.51.100.25<\/code><\/pre>\n<p>Daha spesifik olmaq da m\u00fcmk\u00fcnd\u00fcr. M\u0259s\u0259l\u0259n yaln\u0131z 22 portu \u00fc\u00e7\u00fcn blok:<\/p>\n<pre><code>sudo ufw deny from 198.51.100.25 to any port 22 proto tcp<\/code><\/pre>\n<h2>Qayda silm\u0259k nec\u0259 olur?<\/h2>\n<p>\u018fg\u0259r s\u0259hv qayda yazm\u0131s\u0131n\u0131zsa v\u0259 ya art\u0131q laz\u0131m deyils\u0259, iki rahat \u00fcsul var.<\/p>\n<p><strong>1. Eyni sintaksisl\u0259 delete:<\/strong><\/p>\n<pre><code>sudo ufw delete allow 3000\/tcp<\/code><\/pre>\n<p><strong>2. N\u00f6mr\u0259 il\u0259 delete:<\/strong><\/p>\n<pre><code>sudo ufw status numbered\nsudo ufw delete 4<\/code><\/pre>\n<p>N\u00f6mr\u0259 il\u0259 sil\u0259rk\u0259n diqq\u0259tli olun, \u00e7\u00fcnki qayda s\u0131ras\u0131 d\u0259yi\u015f\u0259 bil\u0259r. H\u0259r d\u0259f\u0259 \u0259vv\u0259l statusu yenid\u0259n yoxlamaq yax\u015f\u0131d\u0131r.<\/p>\n<h2>UFW log-lar\u0131 v\u0259 troubleshooting<\/h2>\n<p>Firewall aktivdir, amma t\u0259tbiq a\u00e7\u0131lm\u0131rsa, bir ne\u00e7\u0259 \u0259sas ehtimal var:<\/p>\n<ul>\n<li>laz\u0131m olan port a\u00e7\u0131lmay\u0131b<\/li>\n<li>xidm\u0259t yaln\u0131z localhost \u00fcz\u0259rind\u0259 dinl\u0259yir<\/li>\n<li>cloud provayder s\u0259viyy\u0259sind\u0259 ayr\u0131ca security group v\u0259 ya network ACL var<\/li>\n<li>t\u0259tbiqin \u00f6z\u00fc \u00e7\u00f6km\u00fc\u015f v\u0259 ya portda i\u015fl\u0259mir<\/li>\n<\/ul>\n<p>\u018fvv\u0259lc\u0259 dinl\u0259y\u0259n portlar\u0131 yoxlay\u0131n:<\/p>\n<pre><code>sudo ss -tulpn<\/code><\/pre>\n<p>Sonra UFW statusunu yenid\u0259n bax\u0131n:<\/p>\n<pre><code>sudo ufw status verbose<\/code><\/pre>\n<p>Log-lar\u0131 izl\u0259m\u0259k \u00fc\u00e7\u00fcn sistem jurnal\u0131ndan istifad\u0259 ed\u0259 bil\u0259rsiniz:<\/p>\n<pre><code>sudo journalctl -xe\nsudo dmesg | grep -i ufw<\/code><\/pre>\n<p>\u018fg\u0259r cloud server istifad\u0259 edirsinizs\u0259, m\u0259s\u0259l\u0259n VPS paneli, AWS, Azure v\u0259 ya ba\u015fqa provayder, unutmay\u0131n ki, UFW yegan\u0259 filtr olmaya bil\u0259r. Y\u0259ni provayder s\u0259viyy\u0259sind\u0259 d\u0259 port ayr\u0131ca a\u00e7\u0131lmal\u0131 ola bil\u0259r.<\/p>\n<h2>Praktik t\u0259hl\u00fck\u0259sizlik t\u00f6vsiy\u0259l\u0259ri<\/h2>\n<ul>\n<li>SSH portunu a\u00e7madan UFW-ni aktiv etm\u0259yin<\/li>\n<li>ehtiyac olmayan portlar\u0131 a\u00e7\u0131q saxlamay\u0131n<\/li>\n<li>database portlar\u0131n\u0131 b\u00fct\u00fcn internet\u0259 a\u00e7maqdan qa\u00e7\u0131n<\/li>\n<li>admin panell\u0259ri m\u00fcmk\u00fcn olduqda yaln\u0131z m\u00fc\u0259yy\u0259n IP-l\u0259r\u0259 a\u00e7\u0131n<\/li>\n<li>m\u00fct\u0259madi olaraq <code>sudo ufw status numbered<\/code> il\u0259 qaydalar\u0131 audit edin<\/li>\n<li>UFW-ni Fail2Ban, g\u00fccl\u00fc SSH konfiqurasiyas\u0131 v\u0259 sistem yenil\u0259m\u0259l\u0259ri il\u0259 birlikd\u0259 d\u00fc\u015f\u00fcn\u00fcn<\/li>\n<\/ul>\n<p>Y\u0259ni firewall yax\u015f\u0131d\u0131r, amma t\u0259kba\u015f\u0131na b\u00fct\u00fcn t\u0259hl\u00fck\u0259sizlik strategiyas\u0131 deyil. O, daha b\u00f6y\u00fck t\u0259hl\u00fck\u0259sizlik modelinin vacib hiss\u0259sidir.<\/p>\n<h2>Tipik n\u00fcmun\u0259 konfiqurasiya<\/h2>\n<p>Sad\u0259 bir Ubuntu web server \u00fc\u00e7\u00fcn \u0259n \u00e7ox g\u00f6r\u00fcl\u0259n t\u0259hl\u00fck\u0259siz ba\u015flan\u011f\u0131c konfiqurasiyas\u0131 bel\u0259dir:<\/p>\n<pre><code>sudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow OpenSSH\nsudo ufw allow 80\/tcp\nsudo ufw allow 443\/tcp\nsudo ufw enable\nsudo ufw status verbose<\/code><\/pre>\n<p>Bu ssenarid\u0259 server yaln\u0131z SSH, HTTP v\u0259 HTTPS \u00fc\u00e7\u00fcn \u0259l\u00e7atan olur. Dig\u0259r portlar ba\u011fl\u0131 qal\u0131r.<\/p>\n<h2>UFW-ni s\u00f6nd\u00fcrm\u0259k v\u0259 yenid\u0259n y\u00fckl\u0259m\u0259k<\/h2>\n<p>B\u0259z\u0259n test v\u0259 troubleshooting zaman\u0131 firewall-u m\u00fcv\u0259qq\u0259ti s\u00f6nd\u00fcrm\u0259k laz\u0131m ola bil\u0259r:<\/p>\n<pre><code>sudo ufw disable<\/code><\/pre>\n<p>Qaydalar\u0131 d\u0259yi\u015f\u0259nd\u0259n sonra reload etm\u0259k ist\u0259s\u0259niz:<\/p>\n<pre><code>sudo ufw reload<\/code><\/pre>\n<p>Amma praktik t\u00f6vsiy\u0259 budur ki, production serverd\u0259 firewall-u s\u0259b\u0259bsiz s\u00f6nd\u00fcrm\u0259yin. Problemi qayda s\u0259viyy\u0259sind\u0259 h\u0259ll etm\u0259k daha sa\u011flam yana\u015fmad\u0131r.<\/p>\n<h2>UFW il\u0259 ba\u011fl\u0131 \u0259n \u00e7ox edil\u0259n s\u0259hvl\u0259r<\/h2>\n<ul>\n<li>SSH a\u00e7\u0131lmadan firewall-u aktiv etm\u0259k<\/li>\n<li>application portlar\u0131n\u0131 d\u00fc\u015f\u00fcnm\u0259d\u0259n internet\u0259 a\u00e7maq<\/li>\n<li>UFW qaydas\u0131n\u0131 yaz\u0131b, amma cloud firewall-u unutmaq<\/li>\n<li>port a\u00e7\u0131ld\u0131\u011f\u0131n\u0131 z\u0259nn edib, xidm\u0259tin \u0259slind\u0259 h\u0259min portda i\u015fl\u0259m\u0259diyini n\u0259z\u0259r\u0259 almamaq<\/li>\n<li>qayda \u0259lav\u0259 etdikd\u0259n sonra statusu v\u0259 real ba\u011flant\u0131n\u0131 test etm\u0259m\u0259k<\/li>\n<\/ul>\n<p>Bu s\u0259hvl\u0259rin \u00e7oxu sad\u0259 audit v\u0259 yoxlama add\u0131mlar\u0131 il\u0259 qar\u015f\u0131s\u0131 al\u0131na bil\u0259r.<\/p>\n<h2>N\u0259tic\u0259<\/h2>\n<p>UFW, Ubuntu server t\u0259hl\u00fck\u0259sizliyi \u00fc\u00e7\u00fcn \u00e7ox praktik bir ba\u015flan\u011f\u0131c n\u00f6qt\u0259sidir. O, m\u00fcr\u0259kk\u0259b firewall idar\u0259etm\u0259sini daha sad\u0259 \u0259mrl\u0259rl\u0259 \u0259l\u00e7atan edir v\u0259 siz\u0259 serverd\u0259 hans\u0131 giri\u015fl\u0259rin a\u00e7\u0131q qalaca\u011f\u0131n\u0131 ayd\u0131n \u015f\u0259kild\u0259 n\u0259zar\u0259td\u0259 saxlama\u011fa k\u00f6m\u0259k edir. X\u00fcsusil\u0259 VPS, cloud instance v\u0259 hostinq m\u00fchitl\u0259rind\u0259 minimal a\u00e7\u0131q port yana\u015fmas\u0131 \u00fc\u00e7\u00fcn \u00e7ox faydal\u0131d\u0131r.<\/p>\n<p>\u018fn do\u011fru ba\u015flan\u011f\u0131c budur: \u0259vv\u0259lc\u0259 g\u0259l\u0259n trafiki standart olaraq ba\u011flay\u0131n, sonra yaln\u0131z laz\u0131m olan portlara icaz\u0259 verin, SSH qaydas\u0131n\u0131 unutmay\u0131n v\u0259 d\u0259yi\u015fiklikl\u0259rd\u0259n sonra real test apar\u0131n. \u018fg\u0259r bu yana\u015fman\u0131 sistem yenil\u0259m\u0259l\u0259ri, SSH s\u0259rtl\u0259\u015fdirilm\u0259si v\u0259 \u0259lav\u0259 t\u0259hl\u00fck\u0259sizlik al\u0259tl\u0259ri il\u0259 birl\u0259\u015fdirs\u0259niz, serveriniz daha t\u0259hl\u00fck\u0259siz v\u0259 idar\u0259olunan v\u0259ziyy\u0259t\u0259 g\u0259l\u0259c\u0259k.<\/p>\n<h2>Q\u0131sa x\u00fclas\u0259<\/h2>\n<ul>\n<li>UFW Ubuntu-da firewall qaydalar\u0131n\u0131 sad\u0259 idar\u0259 etm\u0259y\u0259 k\u00f6m\u0259k edir<\/li>\n<li>\u0259n yax\u015f\u0131 ba\u015flan\u011f\u0131c yana\u015fmas\u0131 default deny incoming v\u0259 allow outgoing modelidir<\/li>\n<li>firewall-u aktiv etm\u0259zd\u0259n \u0259vv\u0259l SSH portuna m\u00fctl\u0259q icaz\u0259 verilm\u0259lidir<\/li>\n<li>HTTP v\u0259 HTTPS kimi yaln\u0131z laz\u0131m olan portlar a\u00e7\u0131q saxlanmal\u0131d\u0131r<\/li>\n<li>m\u00fc\u0259yy\u0259n IP-l\u0259r\u0259 x\u00fcsusi icaz\u0259 v\u0259 blok qaydalar\u0131 yazmaq m\u00fcmk\u00fcnd\u00fcr<\/li>\n<li>UFW t\u0259hl\u00fck\u0259sizlik \u00fc\u00e7\u00fcn vacibdir, amma onu dig\u0259r qoruma t\u0259dbirl\u0259ri il\u0259 birlikd\u0259 istifad\u0259 etm\u0259k laz\u0131md\u0131r<\/li>\n<\/ul>\n<p><strong>M\u0259nb\u0259 istiqam\u0259ti:<\/strong> UFW istifad\u0259si \u00fc\u00e7\u00fcn Ubuntu sistem s\u0259n\u0259dl\u0259ri v\u0259 Linux firewall idar\u0259etm\u0259 prinsipl\u0259rin\u0259 \u0259saslanan praktik \u0259m\u0259liyyat yana\u015fmalar\u0131ndan faydalan\u0131l\u0131b.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>UFW n\u0259dir, Ubuntu serverd\u0259 firewall nec\u0259 qurulur, SSH k\u0259silm\u0259d\u0259n nec\u0259 aktiv edilir v\u0259 portlar t\u0259hl\u00fck\u0259siz \u015f\u0259kild\u0259 nec\u0259 a\u00e7\u0131l\u0131b ba\u011flan\u0131r, bu praktik b\u0259l\u0259d\u00e7id\u0259 add\u0131m-add\u0131m izah olunur.<\/p>\n","protected":false},"author":1,"featured_media":11064,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,41],"tags":[],"class_list":["post-11065","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/ufw-ubuntu-firewall-replicate.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=11065"}],"version-history":[{"count":1,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11065\/revisions"}],"predecessor-version":[{"id":11066,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11065\/revisions\/11066"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/11064"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=11065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=11065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=11065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}