第5部分- 保护host

Owned by Nathan Bode
Last updated: Jul 22, 2019 by Guan Yin

Expand all   Collapse all

Languages
  • 配置基于主机的防火墙(UFW)

注意:如果您在VPS上运行,请检查控制面板并确保主机上的所有打开端口也在VPS控制面板中更新(它可能在主机和Internet之间有一个额外的防火墙)



描述指令
1

创建基本防火墙规则以保护主机,按顺序复制和粘贴每个命令。


仅当您没有自己的SSL证书时才需要端口80/443(http / https)(用于从letsencrypt获取证书时验证DNS记录)


sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
sudo ufw logging on
sudo ufw -f enable
sudo ufw status


Example Output

zenops@zsec01:~$ sudo ufw status
Status: active

To......................................................................Action..................From
--.......................................................................-------...................-----
22/tcp..............................................................LIMIT....................Anywhere
80/tcp..............................................................ALLOW................Anywhere
443/tcp............................................................ALLOW...............Anywhere
9033/tcp..........................................................ALLOW...............Anywhere
22/tcp.(v6).......................................................LIMIT..................Anywhere.(v6)
80/tcp.(v6).......................................................ALLOW..............Anywhere.(v6)
443/tcp.(v6)....................................................ALLOW...............Anywhere.(v6)
9033/tcp.(v6)..................................................ALLOW..............Anywhere.(v6)

2UFW通常安装,默认情况下在启动时启用,以确保它在启动时启动,使用systemctl启用它
sudo systemctl enable ufw

第4部分

第5部分/共11部分- 保护host

第6部分



© 2019 Horizen. All rights reserved.