Set up firewall under ubuntu

Enterprise 2023-09-09 22:54:58 views: null

The firewall has not been turned on on the Ubuntu server. From a security perspective, there are many risks if it is not turned on, so I decided to turn it on. The specific steps are as follows:

1. Check firewall status

Enter root privileges

ufw status verbose

Status: Inactive

2. First enable ssh permissions

The purpose of this is to prevent yourself from being locked out. If you use another port, remember to replace 22 with your actual ssh port.

ufw allow 22

Firewall rules updated

Rules updated (v6)

3. Turn on the firewall

After completing the above two steps, you can open the firewall:

ufw enable

This command may interrupt the current ssh connection. Do you want to continue (y|n)? y

Enable and activate the firewall on system startup

4. Add rules

Add rules as needed. You can add rules according to the ports currently opened by your server. If you need to check the current port opening status, you can use the following command:

netstat -tnlp

Add firewall rules (xxx represents the port number):

ufw allow xxx

Delete existing firewall rules:

 ufw delete allow xxx

Denied access rules:

ufw deny xxx

Default rules:

ufw default deny

5.Fix the problem of docker opening firewall by default

In actual use, the docker container may be used. If it is not set, it may cause the firewall to be set but not effective. For example, access to port 80 has been denied, but remote access using curl is still possible. The reason is that docker has automatically added firewall rules, which causes the firewall to automatically open the corresponding port as long as docker has a mapped port.

      To solve this problem, you need to make changes in the docker configuration file:

1) Modify the docker configuration file

Modify /etc/docker/daemon.json (if it doesn’t exist, create a new one):

vi /etc/docker/daemon.json

 Add the following:

{

  "iptables": false

}

2) Restart docker:

systemctl restart docker

When you visit again, you will find that the firewall has taken effect.

6. The setting cannot ping the host

In order to effectively protect your own host, you can prevent the remote terminal from pinging your own host. This needs to be set separately, and both ipv4 and ipv6 need to be set:

1) ipv4 settings

edit file: 

vi /etc/ufw/before.rules

Find this line and change the last word from ACCEPT to DROP:

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

After the modification is completed, save and exit;

2) Modify ipv6 settings

edit file:

vi /etc/ufw/before6.rules

Similarly, find this line and change the last word from ACCEPT to DROP:

-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j DROP

Save and exit;

3) Reload the firewall

ufw reload

If you test again, you will find that you cannot ping the host. At this point, the basic firewall settings are complete.

Here is my game example, you can try it:

 

Guess you like

Origin blog.csdn.net/a17432025/article/details/131683804
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com