-
安装防火墙
sudo apt install ufw
-
查看UFW状态
sudo ufw status verbose
-
配置允许访问的应用
ufw allow ssh
-
启用 UFW
ufw enable
-
禁止访问端口
ufw deny 2049/tcp ufw deny 2049/tcp
-
查看UFW 允许列表
ufw app list
-
允许子网内所有的 IP,你可以 CIDR 的格式来配置
sudo ufw allow from 192.168.100.33/24
-
master节点防火墙配置示例
root@atlas03:~/docker-build# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
2049/tcp DENY Anywhere
9300/tcp DENY Anywhere
3399/tcp ALLOW Anywhere
3399/udp ALLOW Anywhere
22/udp ALLOW Anywhere
80/tcp ALLOW Anywhere
80/udp ALLOW Anywhere
6443/udp ALLOW Anywhere
6443/tcp ALLOW Anywhere
111/tcp ALLOW Anywhere
111/udp ALLOW Anywhere
2049/udp ALLOW