系统版本信息:
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic
# cat /proc/version
Linux version 5.0.0-37-generic (buildd@lcy01-amd64-023) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #40~18.04.1-Ubuntu SMP Thu Nov 14 12:06:39 UTC 2019
开放 22 端口
ufw 命令的帮助信息:
# ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy
防火墙状态:
# ufw status
Status: inactive
启动防火墙:
# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
提示:命令可能会中断现有的 ssh 连接。继续操作?
输入 y 继续:
# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
再次查看防火墙状态:
# ufw status
Status: active
开放 22 端口:
# ufw allow 22
Rule added
Rule added (v6)
重新加载防火墙:
# ufw reload
Firewall reloaded
重新查看防火墙状态:
# ufw status
查看 22 端口的网络状态:
# netstat -tunlp | grep 22
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1045/sshd
tcp6 0 0 :::22 :::* LISTEN 1045/sshd
开放 6379 端口
开放 6379 端口的 TCP 协议:
# ufw allow 6379/tcp
Rule added
Rule added (v6)
查看防火墙状态:
# ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
6379/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
6379/tcp (v6) ALLOW Anywhere (v6)