4行命令,设置80和443只允许CF访问,防止被扫。
HaoYa Lv5
  2021-12-21 19:09:00 2021-12-21 19:09   2022-10-30 22:11:22     
iptables -I INPUT -p tcp --dport 80 -j DROP
iptables -I INPUT -p tcp --dport 443 -j DROP





curl https://www.cloudflare.com/ips-v4awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'sh
curl https://www.cloudflare.com/ips-v4awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'sh

ipV6

ip6tables -I INPUT -p tcp --dport 80 -j DROP
ip6tables -I INPUT -p tcp --dport 443 -j DROP
curl https://www.cloudflare.com/ips-v6awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'sh
curl https://www.cloudflare.com/ips-v6awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'sh

firewall版本:

firewall-cmd --permanent --remove-port=80/tcp
firewall-cmd --permanent --remove-port=443/tcp
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
curl https://www.cloudflare.com/ips-v4awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"80\" accept\""}'sh
curl https://www.cloudflare.com/ips-v4awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"443\" accept\""}'sh
systemctl restart firewalld.service

 评论