Linux server configures ip whitelist to prevent remote login and port exposure 01/31 Update SLTechnology News&Howtos

Linux server configures ip whitelist to prevent remote login and port exposure

2025-01-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Preface

The server used by bloggers is purchased by Aliyun. In fact, Aliyun has already provided security policies for us to use, but if it is the company's own server, or our own virtual machine, and so on. You still need to see for yourself how to configure the firewall and how to configure the whitelist.

1. Aliyun's server does not have a firewall, but we can install an IPtable firewall (here Ariyun's server system is Centos). In that case, you need to have both the firewall and the whitelist configured by Ariyun's URL take effect at the same time.

1. Server firewall

1.1. The following is the initialized firewall configuration

Vim / etc/sysconfig/iptables# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [0:0]-An INPUT-m state-- state RELATED ESTABLISHED-j ACCEPT-An INPUT-p icmp- j ACCEPT-An INPUT-I lo-j ACCEPT-An INPUT-p tcp-m state-state NEW-m tcp-- dport 22-j ACCEPT-An INPUT-m state-- state NEW-m tcp-p tcp-- dport 80-j ACCEPT-An INPUT-j REJECT-- reject-with icmp-host-prohibited-A FORWARD-j REJECT-- reject-with icmp-host-prohibitedCOMMIT

1.2. Configure whitelist and exposed ports

1.2.1. Expose ports 22, 80, 8080

1.2.2. Add whitelist 116.90.86.196, 116.90.86.197 be sure to enter your current ip and be careful that you can't log in.

# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]: FORWARD ACCEPT [0:0]: OUTPUT ACCEPT [0:0] # define whitelist variable name-N whitelist# set whitelist ip segment-A whitelist-s 116.90.86.196-j ACCEPT-A whitelist-s 116.90.86.197-j ACCEPT-An INPUT-m state-- state RELATED ESTABLISHED-j ACCEPT-An INPUT-p icmp- j whitelist-An INPUT-I lo-j ACCEPT-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 22-j whitelist-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 8080-j ACCEPT-An INPUT-p tcp-m state-state NEW-m tcp-dport 80-j ACCEPT-An INPUT-j REJECT-reject-with icmp-host-prohibited-A FORWARD-j REJECT-- reject-with icmp-host-prohibitedCOMMIT

2. Ariyun whitelist and port exposure

2.1. Security group configuration

2.3.Configuring ip and port

2.3.1, 0.0.0.0 ip 0 means unlimited.

2.2.2. Cloning is to copy one out, and then delete the previous one.

The above Linux server configuration ip whitelist to prevent remote login and port exposure is all the content shared by the editor. I hope I can give you a reference and support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.