1. 静态 IP 配置
从Ubuntu 17.10开始,Canonical 引入了一个名为 Netplan 的新工具,用于网络设置管理。
- 编辑默认网络配置文件
sudo vi /etc/netplan/00-installer-config.yaml
- 修改内容如下
# This is the network config written by 'subiquity' network: ethernets: ens160: dhcp4: no dhcp6: no addresses: [192.168.0.88/24] gateway4: 192.168.0.254 nameservers: addresses: [114.114.114.114] version: 2
- 应用生效
sudo netplan apply
- 查看结果
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:db:c7:14 brd ff:ff:ff:ff:ff:ff inet 192.168.0.88/24 brd 192.168.0.255 scope global ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fedb:c714/64 scope link valid_lft forever preferred_lft forever
2. 修改 APT 软件源为阿里源
- 备份原配置文件
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
- 编辑配置文件,清空内容,将阿里源信息写入
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
- 更新软件源信息
sudo apt-get update
Get:1 http://mirrors.aliyun.com/ubuntu bionic InRelease [242 kB] Get:2 http://mirrors.aliyun.com/ubuntu bionic-security InRelease [88.7 kB] Get:3 http://mirrors.aliyun.com/ubuntu bionic-updates InRelease [88.7 kB] ... Get:55 http://mirrors.aliyun.com/ubuntu bionic-backports/universe amd64 Packages [11.6 kB] Get:56 http://mirrors.aliyun.com/ubuntu bionic-backports/universe Translation-en [5,864 B] Fetched 39.7 MB in 2min 1s (329 kB/s) Reading package lists... Done
3. 启用防火墙
由于公司对网络安全抓的比较紧,不开启防火墙的话容易被扫出各种漏洞,因此需要通过防火墙屏蔽不需要对外暴露的服务端口。
- 安装防火墙(Ubuntu 默认自带)
sudo apt-get install ufw
- 启用防火墙服务
sudo ufw enable
- 设置默认策略为拦截全部外部入站请求
sudo ufw default deny
- 放行 22 端口,用于 SSH 连接
sudo ufw allow 22/tcp
- 放行指定 IP 的主机访问全部端口
sudo ufw allow from 192.168.10.10
- 查看防火墙状态
sudo ufw status