服务器防火墙配置

服务器防火墙配置

更新系统
配置iptables-restore
安装fail2ban

更新系统

1
2

[email protected]:~$ sudo apt-get update && sudo apt-get upgrade

配置iptables-restore

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

[email protected]:~$ sudo iptables -F

[email protected]:~$ sudo vi /etc/iptables.up.rules

*filter


-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A OUTPUT -j ACCEPT

-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW --dport 39999 -j ACCEPT

# ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:" --log-level 7

# drop incoming sensitive connections
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 150 -j DROP

# reject all other inbound
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT

"/etc/iptables.up.rules" 27L, 459C

[email protected]:~$ sudo vi /etc/iptables.up.rules
[email protected]:~$ sudo iptables-restore < /etc/iptables.up.rules
[email protected]:~$ sudo ufw status //查看防火墙有木有启动
Status: inactive
[email protected]:~$ sudo ufw enable //激活防火墙
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

[email protected]:~$ sudo vi /etc/network/if-up.d/iptables //开启自动启动防火墙

#!/bin/sh
iptables-restore /etc/iptable.up.rules

[email protected]:~$ sudo chmod +x /etc/network/if-up.d/iptables //给脚本权限

安装 Fail2Ban 防御模块

1
2
3
4
5

[email protected]:~$sudo apt-get install fail2ban

[email protected]:~$ sudo service fail2ban status
[email protected]:~$ sudo service fail2ban stop //停止
分享到:
Disqus 加载中...

如果长时间无法加载,请针对 disq.us | disquscdn.com | disqus.com 启用代理