“Ufw on debian”的版本间的差异
跳到导航
跳到搜索
第5行: | 第5行: | ||
apt install ufw | apt install ufw | ||
ufw enable | ufw enable | ||
+ | |||
+ | sudo ufw default allow outgoing | ||
+ | sudo ufw default deny incoming | ||
+ | |||
ufw allow ssh | ufw allow ssh | ||
ufw allow www | ufw allow www |
2020年2月28日 (五) 06:23的版本
目录
线上一般的结合操作
apt install ufw ufw enable sudo ufw default allow outgoing sudo ufw default deny incoming ufw allow ssh ufw allow www etc 正常返回如下 ufw status Status: active To Action From -- ------ ---- SSH ALLOW Anywhere 80/tcp ALLOW Anywhere SSH (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6)
* install
apt install ufw
* Configuration
ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup UFW’s defaults are to deny all incoming connections and allow all outgoing connections. 要确定ufw status 后有没有规则可见 可见 这两个不要手工执行了 默认就有的 现执行就可以连ssh都上不去了 ufw default deny incoming ufw default allow outgoing ufw status verbose
* Firewall Rules
ufw app list ufw allow 'SSH' ufw allow 22/tcp ufw allow WWW #其实就是80 ufw allow 'Nginx HTTP' ufw allow 53/tcp
** Port Ranges
Port ranges may also be specified, a simple example for tcp would be: ufw allow 1000:2000/tcp and for udp: ufw allow 1000:2000/udp
** IP address
An IP address may also be used: ufw allow from 111.222.333.444
* Deleting Rules
Rules may be deleted with the following command: ufw delete allow ssh ufw reset
troubleshooting
openssh都连接上去 这个导致上不了的 ufw default deny incoming 确定了 不是这个问题 是 ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp (SSH) ALLOW IN Anywhere 80/tcp (WWW) ALLOW IN Anywhere 22/tcp (SSH (v6)) ALLOW IN Anywhere (v6) 80/tcp (WWW (v6)) ALLOW IN Anywhere (v6) 没有东西 linode 文档得了 如何确定在 ssh这后再deny incoming 呢 参考iptalbes ?
* see also
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29
https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/