ubuntu 操作系统下的ufw 防火墙配置 (三)
10)开放特定端口,对所有IP
sudo ufw allow 80/tcp
root@meng:~# sudo ufw allow 80/tcp
Rule added
Rule added (v6)
root@meng:~# sudo ufw allow 8080/tcp
Rule added
Rule added (v6)
root@meng:~# sudo ufw allow 9080/tcp
Rule added
Rule added (v6)
root@meng:~# ufw status
Status: active
To Action From
22/tcp ALLOW 192.168.10.17
22/tcp ALLOW 192.168.204.179
22/tcp ALLOW 192.168.10.1
80/tcp ALLOW Anywhere
8080/tcp ALLOW Anywhere
9080/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
9080/tcp (v6) ALLOW Anywhere (v6)
11)安装docker容器方式下的网络防火墙配置
root@meng:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@meng:~# docker run -itd --name meng -p 80:80 nginx:1.22.1
a1c5074f4f8dddf3eaefaba57cfbceb0b5e3f343b8f99b067406a5ecee1561a1
root@meng:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a1c5074f4f8d nginx:1.22.1 "/docker-entrypoint.…" 2 seconds ago Up 1 second 0.0.0.0:80->80/tcp meng
root@meng:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.22.1 7067317e3807 18 months ago 142MB
root@meng:~# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:34147 0.0.0.0:* LISTEN 5333/containerd
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 841/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1720/sshd: /usr/sbi
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6714/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1720/sshd: /usr/sbi
root@meng:~# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root@meng:~# ufw status
Status: active
To Action From
22/tcp ALLOW 192.168.10.17
22/tcp ALLOW 192.168.204.179
22/tcp ALLOW 192.168.10.1
80/tcp ALLOW Anywhere
8080/tcp ALLOW Anywhere
9080/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
8080/tcp (v6) ALLOW Anywhere (v6)
9080/tcp (v6) ALLOW Anywhere (v6)
外部机器测试
root@meng:~# telnet 192.168.10.20 22
Trying 192.168.10.20...
telnet: Unable to connect to remote host: Connection timed out
root@meng:~# telnet 192.168.10.20 22
Trying 192.168.10.20...
^]^C
root@meng:~# telnet 192.168.10.20 80
Trying 192.168.10.20...
Connected to 192.168.10.20.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
root@meng:~# curl http://192.168.10.20:80
Welcome to nginx!If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
http://nginx.org/">nginx.org.
Commercial support is available at
http://nginx.com/">nginx.com.
Thank you for using nginx.