Ubuntu配置防火墙iptables重启生效(常见iptables的用法记录)
source link: https://vps.la/2022/02/23/ubuntu%e9%85%8d%e7%bd%ae%e9%98%b2%e7%81%ab%e5%a2%99iptables%e9%87%8d%e5%90%af%e7%94%9f%e6%95%88%ef%bc%88%e5%b8%b8%e8%a7%81iptables%e7%9a%84%e7%94%a8%e6%b3%95%e8%ae%b0%e5%bd%95%ef%bc%89/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Ubuntu配置防火墙iptables重启生效(常见iptables的用法记录)-VPS啦
基于服务器的安全考虑,我们需要在Ubuntu 18.04环境中进行配置iptables防火墙,这里老蒋简单的记录iptables的常规用法。一般我们都是在需要服务器的ROOT权限下进行的,有些服务器环境默认是安装过的,我们需要检查到底是否有安装,如果有安装过,直接就添加防火墙规则。
第一、检查是否安装iptables
# 检查
# which iptables
/sbin/iptables
# whereis iptables
iptables: /sbin/iptables /etc/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gz
第二、安装iptables
如果没有安装的话,我们则需要安装。
# 进行安装
sudo apt-get install iptables
第三、如果安装过我们创建规则
vi /etc/iptables
我们添加规则。
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:syn-flood – [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 7070 -j ACCEPT-A INPUT -p icmp -m limit –limit 100/sec –limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit –limit 1/s –limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp –tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit –limit 3/sec –limit-burst 6 -j RETURN
-A syn-flood -j REJECT –reject-with icmp-port-unreachable
COMMIT
然后保存规则
iptables-save > /etc/iptables
第四、创建规则确保重启也执行iptable规则
vi /etc/network/if-pre-up.d/iptables
第四、创建规则确保重启也执行iptable规则
vi /etc/network/if-pre-up.d/iptables
iptables-restore < /etc/iptables
保存退出。
第五、查看防火墙规则
iptables -L
这里我们可以看到所有的防火墙设置。
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:http-alt
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:7070
ACCEPT icmp — anywhere anywhere limit: avg 100/sec burst 100
ACCEPT icmp — anywhere anywhere limit: avg 1/sec burst 10
syn-flood tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
REJECT all — anywhere anywhere reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destinationChain syn-flood (1 references)
target prot opt source destination
RETURN tcp — anywhere anywhere limit: avg 3/sec burst 6
REJECT all — anywhere anywhere reject-with icmp-port-unreachable
一般情况下,就这么用的。具体的iptables的配置,我们可以根据需要进行端口设置。参考:
文章来源:
https://www.itbulu.com/ubuntu-iptables.html
未经允许不得转载:VPS啦 » Ubuntu配置防火墙iptables重启生效(常见iptables的用法记录)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK