ubuntu 防火墙_运维大神：ubuntu防火墙配置大全

安装防火墙组件：

sudo apt-get install ufw -y;

开启防火墙：

sudo ufw enable;

开启拒绝访问：

sudo ufw default deny;

查看状态：

ufw status;

常用端口配置案例如下：

sudo ufw allow 80/tcp;

sudo ufw allow 25/tcp;

sudo ufw allow 8080/tcp;

sudo ufw allow 81/tcp;

sudo ufw allow 83/tcp;

sudo ufw allow 8019/tcp;

sudo ufw allow 8005/tcp;

sudo ufw allow 8009/tcp;

sudo ufw allow 8105/tcp;

sudo ufw allow 8109/tcp;

sudo ufw allow 21/tcp;

ufw allow proto tcp from 172.18.111.84 to 172.18.111.105 port 22

ufw allow proto tcp from 172.18.111.153 to 172.18.111.105 port 22

ufw allow proto tcp from 172.18.253.16 to 172.18.111.105 port 22

ufw allow proto tcp from 172.18.253.12 to 172.18.111.105 port 22

ufw allow proto tcp from 172.18.253.18 to 172.18.111.105 port 22

ufw allow proto tcp from 192.168.5.84 to 172.18.111.105 port 10050

ufw allow proto tcp from 172.18.253.0/24 to 172.18.111.105 port 22

ufw status

写成shell脚本如下：

---

function firewall{sudo apt-get install ufw -y;echo "please input y"sudo ufw enable;sudo ufw default deny;ufw status;#ufw version;#cat /etc/ufw/user.rules > /etc/ufw/user.rules_bak2;myip=127.0.0.1;read -p "Please input system ip :" myipsudo ufw allow 80/tcp;#sudo ufw allow 80;#sudo ufw delete allow 80/tcp#ufw allow proto tcp from 172.18.253.16 to 172.18.111.85 port 2202#ufw delete allow proto tcp from 172.18.253.16 to 172.18.111.85 port 2202#ufw allow proto tcp from 172.18.253.0/24 to 172.18.34.36 port 2202#sudo ufw allow from 192.168.254.254#sudo ufw delete allow from 192.168.254.254ufw allow proto tcp from 172.18.111.84 to $myip port 2202ufw allow proto tcp from 172.18.111.153 to $myip port 2202ufw allow proto tcp from 172.18.253.16 to $myip port 2202ufw allow proto tcp from 172.18.253.12 to $myip port 2202ufw allow proto tcp from 172.18.253.18 to $myip port 2202ufw allow proto tcp from 192.168.5.84 to $myip port 10050ufw allow proto tcp from 172.18.253.0/24 to $myip port 2202ufw status}function main{ssh;firewall;}main;

---