Debian Linux下通过设置UFW规则实现DDoS防护

admin Linux Shell, 网络安全 4288 阅读

网站域名托管于CloudFlare,且仅允许CloudFlare节点访问服务器。

Debian或Ubuntu系统下利用UFW工具一键添加防火墙规则的脚本:

代码:ufw_rules_add.sh

#!/bin/bash

for ipv4 in `curl -s https://www.cloudflare.com/ips-v4 | tee ips-v4`
do
    sudo ufw allow from $ipv4 to any port 80
    sudo ufw allow from $ipv4 to any port 443
    sudo ufw allow from $ipv4 to any port 8443
done

for ipv6 in `curl -s https://www.cloudflare.com/ips-v6 | tee ips-v6`
do
    sudo ufw allow from $ipv6 to any port 80
    sudo ufw allow from $ipv6 to any port 443
done

 

代码:ufw_rules_delete.sh

#!/bin/bash

for ipv4 in `cat ips-v4`
do
    sudo ufw delete allow from $ipv4 to any port 80
    sudo ufw delete allow from $ipv4 to any port 443
    sudo ufw allow from $ipv4 to any port 8443
done

for ipv6 in `cat ips-v6`
do
    sudo ufw delete allow from $ipv6 to any port 80
    sudo ufw delete allow from $ipv6 to any port 443
done

 

UFW防火墙一些常用命令

#查看防火墙状态

ufw status

#以序号的形式列出当前防火墙规则

ufw status numbered

#删除ufw status numbered中序号对应的防火墙规则

ufw delete [NUM]
例如:ufw delete 1

#输出UFW日志文件中最后10行的内容
tail -f /var/log/ufw.log

版权声明:
作者:admin
链接:https://luhaoyu.com/archives/26
来源:悄悄拔尖
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>
文章目录
关闭
目 录