【debian】防火墙管理
<p>最近在学习使用debian,转型使用debian,顺便记录下debian的防火墙命令。</p><hr>
<h1 id="1%E3%80%81%E5%AE%89%E8%A3%85UFW%E9%98%B2%E7%81%AB%E5%A2%99">1、安装UFW防火墙</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> apt-get install ufw</pre>
</div>
</div>
<h1 id="2%E3%80%81%E6%9F%A5%E7%9C%8B%E9%98%B2%E7%81%AB%E5%A2%99%E8%A7%84%E5%88%99%EF%BC%88%E6%9C%89%E6%B2%A1%E6%9C%89%E5%BC%80%E5%90%AF%EF%BC%89">2、查看防火墙规则(有没有开启)</h1>
<p>还有开启的端口</p>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw status</pre>
</div>
</div>
<div class="image-block">
<div><img src="https://ask.qcloudimg.com/http-save/yehe-1352455/ff3c97bfb4cbffdee11e1205d030534d.png?imageView2/2/w/1620"></div>
1</div>
<h1 id="3%E3%80%81%E5%BC%80%E5%90%AF/%E5%85%B3%E9%97%AD%E9%98%B2%E7%81%AB%E5%A2%99">3、开启/关闭防火墙</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw enable //<span style="color: rgba(0, 0, 0, 1)">开启
</span><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw disable //关闭</pre>
</div>
</div>
<h1 id="4%E3%80%81%E9%87%8D%E5%90%AF%E9%98%B2%E7%81%AB%E5%A2%99">4、重启防火墙</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw reload</pre>
</div>
</div>
<h1 id="5%E3%80%81%E5%BC%80%E5%90%AF%E6%8C%87%E5%AE%9Atcp%E6%88%96%E8%80%85udp%E7%AB%AF%E5%8F%A3">5、开启指定tcp或者udp端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow 22/tcp</pre>
</div>
</div>
<h1 id="6%E3%80%81%E5%90%8C%E6%97%B6%E5%BC%80%E5%90%AFtcp%E4%B8%8Eudp%E7%AB%AF%E5%8F%A3">6、同时开启tcp与udp端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow 445</pre>
</div>
</div>
<h1 id="7%E3%80%81%E5%88%A0%E9%99%A453%E7%AB%AF%E5%8F%A3">7、删除53端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw delete allow 53</pre>
</div>
</div>
<h1 id="8%E3%80%81%E6%8B%92%E7%BB%9D%E6%8C%87%E5%AE%9Atcp%E6%88%96%E8%80%85udp%E7%AB%AF%E5%8F%A3">8、拒绝指定tcp或者udp端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> allow/deny 20/<span style="color: rgba(0, 0, 0, 1)">tcp
</span><span style="color: rgba(128, 0, 128, 1)">$sudo</span> allow/deny 20/udp</pre>
</div>
</div>
<h1 id="9%E3%80%81ip%E8%AE%BF%E9%97%AE%E6%89%80%E6%9C%89%E7%AB%AF%E5%8F%A3">9、ip访问所有端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow from 192.168.8.8</pre>
</div>
</div>
<h1 id="10%E3%80%81%E5%BC%80%E5%90%AF%E6%8C%87%E5%AE%9A%E8%8C%83%E5%9B%B4%E7%AB%AF%E5%8F%A3">10、开启指定范围端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow proto tcp from any to any port 16300:32768</pre>
</div>
</div>
<h1 id="11%E3%80%81%E5%88%A0%E9%99%A4%E6%8C%87%E5%AE%9A%E8%8C%83%E5%9B%B4%E7%AB%AF%E5%8F%A3">11、删除指定范围端口</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw delete allow proto udp from any to any port 16384:32768</pre>
</div>
</div>
<h1 id="12%E3%80%81%E7%A6%81%E6%AD%A2%E6%9F%90%E9%A1%B9%E8%A7%84%E5%88%99">12、禁止某项规则</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw deny smtp</pre>
</div>
</div>
<h1 id="13%E3%80%81%E5%88%A0%E9%99%A4%E6%9F%90%E9%A1%B9%E8%A7%84%E5%88%99">13、删除某项规则</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw delete allow smtp</pre>
</div>
</div>
<h1 id="14%E3%80%81%E5%A4%96%E6%9D%A5%E8%AE%BF%E9%97%AE%E9%BB%98%E8%AE%A4%E5%85%81%E8%AE%B8">14、外来访问默认允许</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw <span style="color: rgba(0, 0, 255, 1)">default</span> allow/deny</pre>
</div>
</div>
<h1 id="15%E3%80%81%E5%85%81%E8%AE%B8HTTP%E6%B5%81%E9%87%8F%EF%BC%88%E7%AB%AF%E5%8F%A380-%EF%BC%89">15、允许HTTP流量(端口80 )</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow <span style="color: rgba(0, 0, 255, 1)">in</span> on eth0 to any port 80</pre>
</div>
</div>
<h1 id="16%E3%80%81%E5%85%81%E8%AE%B8MySQL%E6%95%B0%E6%8D%AE%E5%BA%93%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%88%E7%AB%AF%E5%8F%A33306-%EF%BC%89">16、允许Postgresql数据库服务器(端口5432 )</h1>
<div class="developer-code-block">
<div class="cnblogs_code">
<pre><span style="color: rgba(128, 0, 128, 1)">$sudo</span> ufw allow <span style="color: rgba(0, 0, 255, 1)">in</span> on eth1 to any port 5432</pre>
</div>
<p> </p>
</div><br><br>
来源:https://www.cnblogs.com/Thenext/p/17081721.html
頁:
[1]