前言

官方的教程很不错，但是还是有一些缺陷，作者从实践的方式出发，给大家带来有用的知识！

armbian安装防火墙

armbian官方的部署文档

更新软件包
```
sudo apt update
```

安装 ufw

sudo apt install ufw

操作结果：

root@armbian:~# sudo apt install ufw
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  ufw
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 167 kB of archives.
After this operation, 857 kB of additional disk space will be used.
Get:1 https://mirrors.tuna.tsinghua.edu.cn/debian bullseye/main arm64 ufw all 0.36-7.1 [167 kB]
Fetched 167 kB in 0s (335 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 35412 files and directories currently installed.)
Preparing to unpack .../archives/ufw_0.36-7.1_all.deb ...
Unpacking ufw (0.36-7.1) ...
Setting up ufw (0.36-7.1) ...
Creating config file /etc/ufw/before.rules with new version
Creating config file /etc/ufw/before6.rules with new version
Creating config file /etc/ufw/after.rules with new version
Creating config file /etc/ufw/after6.rules with new version
Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/systemd/system/ufw.service.
Processing triggers for rsyslog (8.2102.0-2+deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...

启动 ufw

# 默认情况下，它将允许常见的服务端口（如 SSH、HTTP、HTTPS）通过，而其他所有端口将被拒绝
sudo ufw enable

root@armbian:~# sudo ufw enable
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

虽然，出现了警告信息，但是没关系，之后解决它

检测防火墙状态

root@armbian:~# sudo ufw status
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Status: active

进行到这里，如果你按照1panel官方教程的话，你会发现1panel的面板与服务器的连接，已经由于防火墙的存在断开，你又如何按照官方的教程点击面板上的开关按钮呢！

检查防火墙状态（补充：可跳过）

sudo iptables -L

原因分析

由于1panel默认安装时，访问的端口是任意生成的，所以无法通过默认开启的http80端口和https433端口进行访问，所以我们需要查看1panel的端口，然后开放端口的相应的端口。

解决方案

第一步：查看1panel的面板入口端口

1pctl user-info

例如：(这里作者之前进行的端口的修改)
参看 Armbian安装1panel教程

root@armbian:~# 1pctl user-info
username: root
password: xxxx
port: 1234
ssl: disable
entrance: xxxx

第二步：打开指定端口的访问权限

端口号就是第一步查看的port值
```
sudo ufw allow <端口号>
```
- 例如

root@armbian:~# sudo ufw allow 1234
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Rule added
Rule added (v6)

第三步：重启防火墙

激活防火墙，并根据您之前添加的规则来配置防火墙

sudo ufw enable

例如：

root@armbian:~# sudo ufw enable
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

第四步骤：查看防火墙状态【可略】

确保防火墙已启用并且包含允许访问1Panel面板的端口规则

sudo ufw status

例如:

root@armbian:~# sudo ufw status
WARN: uid is 0 but '/etc/default' is owned by 1001
WARN: uid is 0 but '/etc' is owned by 1001
WARN: uid is 0 but '/usr/sbin' is owned by 1001
WARN: uid is 0 but '/usr' is owned by 1001
Status: active
To                         Action      From
--                         ------      ----
1234                       ALLOW       Anywhere
1234 (v6)                  ALLOW       Anywhere (v6)