Skip to end of metadata
Go to start of metadata
注意:如果您在VPS上运行,请检查控制面板并确保主机上的所有打开端口也在VPS控制面板中更新(它可能在主机和Internet之间有一个额外的防火墙)
| 描述 | 指令 |
|---|
| 1 | 创建基本防火墙规则以保护主机,按顺序复制和粘贴每个命令。
仅当您没有自己的SSL证书时才需要端口80/443(http / https)(用于从letsencrypt获取证书时验证DNS记录)
|
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
sudo ufw logging on
sudo ufw -f enable
sudo ufw status
zenops@zsec01:~$ sudo ufw status
Status: active To......................................................................Action..................From
--.......................................................................-------...................-----
22/tcp..............................................................LIMIT....................Anywhere
80/tcp..............................................................ALLOW................Anywhere
443/tcp............................................................ALLOW...............Anywhere
9033/tcp..........................................................ALLOW...............Anywhere
22/tcp.(v6).......................................................LIMIT..................Anywhere.(v6)
80/tcp.(v6).......................................................ALLOW..............Anywhere.(v6)
443/tcp.(v6)....................................................ALLOW...............Anywhere.(v6)
9033/tcp.(v6)..................................................ALLOW..............Anywhere.(v6)
|
| 2 | UFW通常安装,默认情况下在启动时启用,以确保它在启动时启动,使用systemctl启用它 |
sudo systemctl enable ufw
|
© 2019 Horizen. All rights reserved.