UFW - 如何使其更容易,UFW 可以拥有哪些隐形端口?

UFW - 如何使其更容易,UFW 可以拥有哪些隐形端口?

让我告诉你我刚刚浪费了两个小时做的事情:

To                         Action      From
--                         ------      ----
22                         REJECT      Anywhere
23/tcp                     REJECT      Anywhere
79/tcp                     REJECT      Anywhere
25/tcp                     REJECT      Anywhere
43/tcp                     REJECT      Anywhere
49                         REJECT      Anywhere
21/tcp                     REJECT      Anywhere
110                        REJECT      Anywhere
115/tcp                    REJECT      Anywhere
39/udp                     REJECT      Anywhere
143                        REJECT      Anywhere
161                        REJECT      Anywhere
199                        REJECT      Anywhere
209                        REJECT      Anywhere
213                        REJECT      Anywhere
530/tcp                    REJECT      Anywhere
389                        REJECT      Anywhere
444                        REJECT      Anywhere
465/tcp                    REJECT      Anywhere
512/udp                    REJECT      Anywhere
513/udp                    REJECT      Anywhere
514/tcp                    REJECT      Anywhere
514/udp                    REJECT      Anywhere
540/tcp                    REJECT      Anywhere
554                        REJECT      Anywhere
556/tcp                    REJECT      Anywhere
623/udp                    REJECT      Anywhere
706                        REJECT      Anywhere
88                         REJECT      Anywhere
990/tcp                    REJECT      Anywhere
994                        REJECT      Anywhere
995                        REJECT      Anywhere
993                        REJECT      Anywhere
130/tcp                    REJECT      Anywhere
130/udp                    REJECT      Anywhere
131/udp                    REJECT      Anywhere
132/udp                    REJECT      Anywhere
133/udp                    REJECT      Anywhere
134/udp                    REJECT      Anywhere
135/udp                    REJECT      Anywhere
136/udp                    REJECT      Anywhere
137/udp                    REJECT      Anywhere
138/udp                    REJECT      Anywhere
139/udp                    REJECT      Anywhere
139/tcp                    REJECT      Anywhere
138/tcp                    REJECT      Anywhere
137/tcp                    REJECT      Anywhere
136/tcp                    REJECT      Anywhere
135/tcp                    REJECT      Anywhere
134/tcp                    REJECT      Anywhere
133/tcp                    REJECT      Anywhere
132/tcp                    REJECT      Anywhere
131/tcp                    REJECT      Anywhere
22 (v6)                    REJECT      Anywhere (v6)
23/tcp (v6)                REJECT      Anywhere (v6)
79/tcp (v6)                REJECT      Anywhere (v6)
25/tcp (v6)                REJECT      Anywhere (v6)
43/tcp (v6)                REJECT      Anywhere (v6)
49 (v6)                    REJECT      Anywhere (v6)
21/tcp (v6)                REJECT      Anywhere (v6)
110 (v6)                   REJECT      Anywhere (v6)
115/tcp (v6)               REJECT      Anywhere (v6)
39/udp (v6)                REJECT      Anywhere (v6)
143 (v6)                   REJECT      Anywhere (v6)
161 (v6)                   REJECT      Anywhere (v6)
199 (v6)                   REJECT      Anywhere (v6)
209 (v6)                   REJECT      Anywhere (v6)
213 (v6)                   REJECT      Anywhere (v6)
530/tcp (v6)               REJECT      Anywhere (v6)
389 (v6)                   REJECT      Anywhere (v6)
444 (v6)                   REJECT      Anywhere (v6)
465/tcp (v6)               REJECT      Anywhere (v6)
512/udp (v6)               REJECT      Anywhere (v6)
513/udp (v6)               REJECT      Anywhere (v6)
514/tcp (v6)               REJECT      Anywhere (v6)
514/udp (v6)               REJECT      Anywhere (v6)
540/tcp (v6)               REJECT      Anywhere (v6)
554 (v6)                   REJECT      Anywhere (v6)
556/tcp (v6)               REJECT      Anywhere (v6)
623/udp (v6)               REJECT      Anywhere (v6)
706 (v6)                   REJECT      Anywhere (v6)
88 (v6)                    REJECT      Anywhere (v6)
990/tcp (v6)               REJECT      Anywhere (v6)
994 (v6)                   REJECT      Anywhere (v6)
995 (v6)                   REJECT      Anywhere (v6)
993 (v6)                   REJECT      Anywhere (v6)
130/tcp (v6)               REJECT      Anywhere (v6)
130/udp (v6)               REJECT      Anywhere (v6)
131/udp (v6)               REJECT      Anywhere (v6)
132/udp (v6)               REJECT      Anywhere (v6)
133/udp (v6)               REJECT      Anywhere (v6)
134/udp (v6)               REJECT      Anywhere (v6)
135/udp (v6)               REJECT      Anywhere (v6)
136/udp (v6)               REJECT      Anywhere (v6)
137/udp (v6)               REJECT      Anywhere (v6)
138/udp (v6)               REJECT      Anywhere (v6)
139/udp (v6)               REJECT      Anywhere (v6)
139/tcp (v6)               REJECT      Anywhere (v6)
138/tcp (v6)               REJECT      Anywhere (v6)
137/tcp (v6)               REJECT      Anywhere (v6)
136/tcp (v6)               REJECT      Anywhere (v6)
135/tcp (v6)               REJECT      Anywhere (v6)
134/tcp (v6)               REJECT      Anywhere (v6)
133/tcp (v6)               REJECT      Anywhere (v6)
132/tcp (v6)               REJECT      Anywhere (v6)
131/tcp (v6)               REJECT      Anywhere (v6)

随后安装 fail2ban,我从 wiki 端口页面列表手动完成所有操作并输入每个拒绝命令!

我可能还错过了另外 60000

答案1

几乎每个访问列表默认都以 结尾deny all all

当你启用ufw宽度时,任何规则对allow某些流量都处于deny状态。

Status: active

To                         Action      From
--                         ------      ----
69                         ALLOW       Anywhere
53                         ALLOW       Anywhere
22                         ALLOW       213.xxx.xxx.xxx
80/tcp                     ALLOW       194.247.xxx.xxx
21/tcp                     ALLOW       194.247.xxx.xxx
69 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)

此规则接受端口 69 上的任意端口、端口 53 上的任意端口、来自 213.xxx.xxx.xxx 的 ssh、来自 194.247.xxx.xxx 的 80 和 21 ...并拒绝任何其他入站流量

编辑1

当启用时ufw没有任何allow规则一切都是deny

规则的完整命令ufw

sudo ufw [--dry-run] [delete] [insert NUM]  allow|deny|reject|limit  [in|out on INTERFACE] [log|log-all] [proto protocol] [from ADDRESS [port PORT]][to ADDRESS [port PORT]]

根据此规则模板,您可以使用此规则允许 xxx.xxx.xxx.xxx 在端口 80 上

对于特定主机

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx to any port 80

如果你不想允许任何人访问你的网络服务器

sudo ufw allow proto tcp from any to any port 80

如果你想允许特定网络的访问

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx/yy to any port 80

在哪里

xxx.xxx.xxx.xxx-代表网络ip

yy——代表网络掩码

如果您DNS在服务器上有服务,请使用制定规则port 53proto tcpproto udp

sudo ufw allow proto tcp from xxx.xxx.xxx.xxx/yy to any port 53
sudo ufw allow proto udp from xxx.xxx.xxx.xxx/yy to any port 53

相关内容