4行命令,设置80和443只允许CF访问,防止被扫。

1
2
3
4
5
6
7
8
9
iptables -I INPUT -p tcp --dport 80 -j DROP
iptables -I INPUT -p tcp --dport 443 -j DROP





curl https://www.cloudflare.com/ips-v4awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'sh
curl https://www.cloudflare.com/ips-v4awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'sh

ipV6

1
2
3
4
ip6tables -I INPUT -p tcp --dport 80 -j DROP
ip6tables -I INPUT -p tcp --dport 443 -j DROP
curl https://www.cloudflare.com/ips-v6awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'sh
curl https://www.cloudflare.com/ips-v6awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'sh

firewall版本:

1
2
3
4
5
6
7
8
firewall-cmd --permanent --remove-port=80/tcp
firewall-cmd --permanent --remove-port=443/tcp
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
curl https://www.cloudflare.com/ips-v4awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"80\" accept\""}'sh
curl https://www.cloudflare.com/ips-v4awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"443\" accept\""}'sh
systemctl restart firewalld.service

默认分类
4行命令,设置80和443只允许CF访问,防止被扫。
https://239239xyz.github.io/2021/12/21/65/
作者
DaoKe
发布于
2021年12月21日
许可协议