{"id":177,"date":"2026-05-02T01:27:40","date_gmt":"2026-05-01T23:27:40","guid":{"rendered":"https:\/\/eryann.fr\/?p=177"},"modified":"2026-05-02T14:08:17","modified_gmt":"2026-05-02T12:08:17","slug":"fiche-pare-feu-linux-ufw-simple-et-nftables-avance","status":"publish","type":"post","link":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/","title":{"rendered":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9)"},"content":{"rendered":"\n<p>Pour les \u00e9tudiants en BTS CIEL ou SIO, le pare-feu est indispensable pour s\u00e9curiser un serveur.<br>Cette fiche couvre :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>r\u00e8gles d\u2019entr\u00e9e \/ sortie<\/li>\n\n\n\n<li>ouverture des services (SSH, HTTP)<\/li>\n\n\n\n<li>blocage du ping (ICMP)<\/li>\n\n\n\n<li>lien avec fail2ban<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"683\" height=\"1024\" src=\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png\" alt=\"\" class=\"wp-image-179\" srcset=\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png 683w, https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-200x300.png 200w, https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-768x1152.png 768w, https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png 1024w\" sizes=\"auto, (max-width: 683px) 100vw, 683px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration UFW (simple et rapide)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># =========================================================<br># INSTALLATION<br># =========================================================<br><br>apt install ufw -y<br><br># =========================================================<br># POLITIQUE PAR DEFAUT<br># =========================================================<br><br>ufw default deny incoming<br>ufw default allow outgoing<br><br># =========================================================<br># OUVERTURE DES SERVICES<br># =========================================================<br><br># SSH<br>ufw allow 22\/tcp<br><br># HTTP<br>ufw allow 80\/tcp<br><br># HTTPS<br>ufw allow 443\/tcp<br><br># =========================================================<br># BLOQUER LE PING (ICMP)<br># =========================================================<br><br>nano \/etc\/ufw\/before.rules<br><br># Ajouter dans la section icmp :<br>-A ufw-before-input -p icmp --icmp-type echo-request -j DROP<br><br># =========================================================<br># ACTIVER UFW<br># =========================================================<br><br>ufw enable<br><br># V\u00e9rification<br>ufw status verbose<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Explication UFW<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>deny incoming \u2192 bloque tout par d\u00e9faut<\/li>\n\n\n\n<li>allow outgoing \u2192 autorise les sorties<\/li>\n\n\n\n<li>r\u00e8gles sp\u00e9cifiques \u2192 ouverture contr\u00f4l\u00e9e<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration nftables (niveau avanc\u00e9)<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># =========================================================<br># INSTALLATION<br># =========================================================<br><br>apt install nftables -y<br><br># =========================================================<br># CONFIGURATION<br># =========================================================<br><br>nano \/etc\/nftables.conf<br><br>table inet filter {<br><br>    chain input {<br>        type filter hook input priority 0;<br>        policy drop;<br><br>        # Autoriser loopback<br>        iif lo accept<br><br>        # Connexions \u00e9tablies<br>        ct state established,related accept<br><br>        # SSH<br>        tcp dport 22 accept<br><br>        # HTTP \/ HTTPS<br>        tcp dport {80, 443} accept<br><br>        # ICMP (ping) bloqu\u00e9<br>        ip protocol icmp icmp type echo-request drop<br>    }<br><br>    chain forward {<br>        type filter hook forward priority 0;<br>        policy drop;<br>    }<br><br>    chain output {<br>        type filter hook output priority 0;<br>        policy accept;<br>    }<br>}<br><br># =========================================================<br># ACTIVER<br># =========================================================<br><br>systemctl enable nftables<br>systemctl restart nftables<br><br># V\u00e9rifier<br>nft list ruleset<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Explication nftables<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>policy drop \u2192 tout bloqu\u00e9 par d\u00e9faut<\/li>\n\n\n\n<li>accept loopback \u2192 communication interne<\/li>\n\n\n\n<li>established \u2192 connexions d\u00e9j\u00e0 ouvertes<\/li>\n\n\n\n<li>r\u00e8gles sp\u00e9cifiques \u2192 autorisation fine<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Lien avec fail2ban<\/h2>\n\n\n\n<p>Fail2ban ajoute automatiquement des r\u00e8gles firewall pour bloquer les IP malveillantes.<\/p>\n\n\n\n<p>Avec nftables ou iptables :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>fail2ban injecte des r\u00e8gles dynamiques<\/li>\n\n\n\n<li>bannissement temporaire<\/li>\n<\/ul>\n\n\n\n<p>Exemple :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Cas pratiques<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Autoriser uniquement SSH depuis un r\u00e9seau<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow from 192.168.1.0\/24 to any port 22<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Bloquer une IP<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw deny from 192.168.1.50<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Tester un port<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>nc -zv 192.168.1.10 22<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Bonnes pratiques<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>toujours d\u00e9finir une politique par d\u00e9faut restrictive<\/li>\n\n\n\n<li>ouvrir uniquement les ports n\u00e9cessaires<\/li>\n\n\n\n<li>tester apr\u00e8s chaque r\u00e8gle<\/li>\n\n\n\n<li>documenter les r\u00e8gles<\/li>\n\n\n\n<li>utiliser fail2ban en compl\u00e9ment<\/li>\n\n\n\n<li>\u00e9viter de se bloquer en SSH<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">R\u00e9capitulatif des fichiers importants<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Fichier<\/th><th>R\u00f4le<\/th><\/tr><\/thead><tbody><tr><td>\/etc\/ufw\/before.rules<\/td><td>r\u00e8gles ICMP<\/td><\/tr><tr><td>\/etc\/nftables.conf<\/td><td>configuration nftables<\/td><\/tr><tr><td>ufw status<\/td><td>\u00e9tat firewall<\/td><\/tr><tr><td>nft list ruleset<\/td><td>r\u00e8gles actives<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Un pare-feu permet :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>de contr\u00f4ler les acc\u00e8s<\/li>\n\n\n\n<li>de prot\u00e9ger les services<\/li>\n\n\n\n<li>de r\u00e9duire la surface d\u2019attaque<\/li>\n<\/ul>\n\n\n\n<p>La combinaison :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>r\u00e8gles strictes<\/li>\n\n\n\n<li>fail2ban<\/li>\n\n\n\n<li>supervision<\/li>\n<\/ul>\n\n\n\n<p>constitue une base solide de s\u00e9curit\u00e9.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><audio autoplay=\"\"><\/audio><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pour les \u00e9tudiants en BTS CIEL ou SIO, le pare-feu est indispensable pour s\u00e9curiser un serveur.Cette fiche couvre : Configuration UFW (simple et rapide) Explication UFW Configuration nftables (niveau avanc\u00e9) Explication nftables Lien avec fail2ban Fail2ban ajoute automatiquement des r\u00e8gles firewall pour bloquer les IP malveillantes. Avec nftables ou iptables : Exemple : Cas pratiques [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12,10],"tags":[],"class_list":["post-177","post","type-post","status-publish","format-standard","hentry","category-linux","category-reseau"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps\" \/>\n<meta property=\"og:description\" content=\"Pour les \u00e9tudiants en BTS CIEL ou SIO, le pare-feu est indispensable pour s\u00e9curiser un serveur.Cette fiche couvre : Configuration UFW (simple et rapide) Explication UFW Configuration nftables (niveau avanc\u00e9) Explication nftables Lien avec fail2ban Fail2ban ajoute automatiquement des r\u00e8gles firewall pour bloquer les IP malveillantes. Avec nftables ou iptables : Exemple : Cas pratiques [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/\" \/>\n<meta property=\"og:site_name\" content=\"Eryann Breizh SecOps\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-01T23:27:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-02T12:08:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1536\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"wpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"wpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/\"},\"author\":{\"name\":\"wpadmin\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\"},\"headline\":\"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9)\",\"datePublished\":\"2026-05-01T23:27:40+00:00\",\"dateModified\":\"2026-05-02T12:08:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/\"},\"wordCount\":254,\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png\",\"articleSection\":[\"Linux\",\"R\u00e9seau\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/\",\"name\":\"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png\",\"datePublished\":\"2026-05-01T23:27:40+00:00\",\"dateModified\":\"2026-05-02T12:08:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png\",\"width\":1024,\"height\":1536},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/reseau\\\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/eryann.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#website\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"name\":\"Eryann Breizh SecOps\",\"description\":\"Fiches techniques &amp; labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO\",\"publisher\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/eryann.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#organization\",\"name\":\"Breizh Sec Ops\",\"url\":\"https:\\\/\\\/eryann.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"contentUrl\":\"https:\\\/\\\/eryann.fr\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png\",\"width\":1246,\"height\":229,\"caption\":\"Breizh Sec Ops\"},\"image\":{\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/eryann.fr\\\/#\\\/schema\\\/person\\\/d2ee98d2385cd045ed4fe1c07ca320b5\",\"name\":\"wpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g\",\"caption\":\"wpadmin\"},\"sameAs\":[\"https:\\\/\\\/eryann.fr\"],\"url\":\"https:\\\/\\\/eryann.fr\\\/index.php\\\/author\\\/wpadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/","og_locale":"fr_FR","og_type":"article","og_title":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps","og_description":"Pour les \u00e9tudiants en BTS CIEL ou SIO, le pare-feu est indispensable pour s\u00e9curiser un serveur.Cette fiche couvre : Configuration UFW (simple et rapide) Explication UFW Configuration nftables (niveau avanc\u00e9) Explication nftables Lien avec fail2ban Fail2ban ajoute automatiquement des r\u00e8gles firewall pour bloquer les IP malveillantes. Avec nftables ou iptables : Exemple : Cas pratiques [&hellip;]","og_url":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/","og_site_name":"Eryann Breizh SecOps","article_published_time":"2026-05-01T23:27:40+00:00","article_modified_time":"2026-05-02T12:08:17+00:00","og_image":[{"width":1024,"height":1536,"url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png","type":"image\/png"}],"author":"wpadmin","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"wpadmin","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#article","isPartOf":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/"},"author":{"name":"wpadmin","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5"},"headline":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9)","datePublished":"2026-05-01T23:27:40+00:00","dateModified":"2026-05-02T12:08:17+00:00","mainEntityOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/"},"wordCount":254,"publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png","articleSection":["Linux","R\u00e9seau"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/","url":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/","name":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9) - Eryann Breizh SecOps","isPartOf":{"@id":"https:\/\/eryann.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#primaryimage"},"image":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#primaryimage"},"thumbnailUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1-683x1024.png","datePublished":"2026-05-01T23:27:40+00:00","dateModified":"2026-05-02T12:08:17+00:00","breadcrumb":{"@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#primaryimage","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/a086f51c-21bd-4c48-9857-67b3ac9060a1.png","width":1024,"height":1536},{"@type":"BreadcrumbList","@id":"https:\/\/eryann.fr\/index.php\/reseau\/fiche-pare-feu-linux-ufw-simple-et-nftables-avance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/eryann.fr\/"},{"@type":"ListItem","position":2,"name":"Fiche pare-feu Linux : UFW (simple) et nftables (avanc\u00e9)"}]},{"@type":"WebSite","@id":"https:\/\/eryann.fr\/#website","url":"https:\/\/eryann.fr\/","name":"Eryann Breizh SecOps","description":"Fiches techniques &amp; labs en syst\u00e8mes et r\u00e9seaux poor les \u00e9tudiants en BTS CEIL ET SIO","publisher":{"@id":"https:\/\/eryann.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eryann.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/eryann.fr\/#organization","name":"Breizh Sec Ops","url":"https:\/\/eryann.fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/","url":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","contentUrl":"https:\/\/eryann.fr\/wp-content\/uploads\/2026\/05\/cropped-088112b9-fd28-4b18-b02d-4d9dded3e900-e1777846396685.png","width":1246,"height":229,"caption":"Breizh Sec Ops"},"image":{"@id":"https:\/\/eryann.fr\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/eryann.fr\/#\/schema\/person\/d2ee98d2385cd045ed4fe1c07ca320b5","name":"wpadmin","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d71b4031c3d015de3ca68c137413277e548b331b07db0acf781b9379b798eb3e?s=96&d=mm&r=g","caption":"wpadmin"},"sameAs":["https:\/\/eryann.fr"],"url":"https:\/\/eryann.fr\/index.php\/author\/wpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/comments?post=177"}],"version-history":[{"count":1,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/177\/revisions"}],"predecessor-version":[{"id":180,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/posts\/177\/revisions\/180"}],"wp:attachment":[{"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/media?parent=177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/categories?post=177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eryann.fr\/index.php\/wp-json\/wp\/v2\/tags?post=177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}