Versions Compared

Old Version 5

changes.mady.by.user Guan Yin

Saved on

compared with

New Version Current

changes.mady.by.user Guan Yin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page Tree
expandCollapseAlltrue
root安全节点+超级节点搭建教程


Panel
borderColorgrey
bgColorwhite
titleColorblack
borderWidth1
titleBGColorwhite
borderStylesolid
titleLanguages


  • 配置基于主机的防火墙(UFW)

注意:如果您在VPS上运行,请检查控制面板并确保主机上的所有打开端口也在VPS控制面板中更新(它可能在主机和Internet之间有一个额外的防火墙)




描述指令
1

创建基本防火墙规则以保护主机,按顺序复制和粘贴每个命令。


仅当您没有自己的SSL证书时才需要端口80/443(http / https)(用于从letsencrypt获取证书时验证DNS记录)



Code Block
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
sudo ufw logging on
sudo ufw -f enable
sudo ufw status



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01:~$ sudo ufw status
Status: active

To......................................................................Action..................From
--.......................................................................-------...................-----
22/tcp..............................................................LIMIT....................Anywhere
80/tcp..............................................................ALLOW................Anywhere
443/tcp............................................................ALLOW...............Anywhere
9033/tcp..........................................................ALLOW...............Anywhere
22/tcp.(v6).......................................................LIMIT..................Anywhere.(v6)
80/tcp.(v6).......................................................ALLOW..............Anywhere.(v6)
443/tcp.(v6)....................................................ALLOW...............Anywhere.(v6)
9033/tcp.(v6)..................................................ALLOW..............Anywhere.(v6)


2UFW通常安装,默认情况下在启动时启用,以确保它在启动时启动,使用systemctl启用它


Code Block
sudo systemctl enable ufw



第4部分

第5部分/共11部分- 保护host

第6部分

Insert excerpt
友情链接
友情链接
nopaneltrue