树莓派防火墙配置

• 机型：树莓派3B+
• 系统：Raspberry Pi OS(32 bit)

1. 启动防火墙

• 安装ufw

$ sudo apt-get install ufw

• 启动ufw

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

• 设置入站规则为全关闭，出站规则为全开放
• 注意：ssh的22端口要及时添加到入站规则中，否则下次ssh将连接不上

$ sudo ufw default deny
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
$ sudo ufw allow 22/tcp
Rule added
Rule added (v6)

2. 防火墙规则

• 开启、关闭防火墙

sudo ufw enable
sudo ufw disable

• 查看防火墙的状态

sudo ufw status

• 端口的设置

# 开放tcp协议80端口
sudo ufw allow 80/tcp
# 移除80端口
sudo ufw delete allow 80/tcp
# 开放RDP的3389端口
sudo ufw allow 3389
# 移除3389端口
sudo ufw delete allow 3389
# 开放10000-11000端口，需指定协议(tcp/udp)
sudo ufw allow 10000:11000/tcp
# 移除上述端口
sudo ufw delete allow 10000:11000/tcp

• IP的设置

# 允许192.168.1.110的访问，不限端口、协议
sudo ufw allow from 192.168.1.110
# 移除上条规则
sudo ufw delete allow from 192.168.1.110