This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Server configuration Linux web server, firewall iptables is the simplest configuration
View: 12017|Reply: 0

[Web] Linux web server, firewall iptables is the simplest configuration

[Copy link]
Posted on 11/3/2014 4:04:29 PM | | |
Configuring Firewall (Server Security Optimization)

Security Plan: Open port 80 22 and open loop (loop address 127.0.0.1)

         # iptables –P INPUT ACCEPT

         # iptables –P OUTPUT ACCEPT

         # iptables –P FORWARD ACCEPT

         The above steps are to prevent the remote link from breaking through all requests if operated remotely before clearing all rules.

Next, clear the server's built-in rules and user-defined rules:

         # iptables –F

         # iptables -X



         Open the ssh port for remote linking:

         # iptables –A INPUT –p tcp –dport 22 –j ACCEPT



         Then close the INPUT and FORWARD requests:

         # iptables –P INPUT DROP

         # iptables –P FORWARD DROP



         Next, set up a loop so that a package like ping 127.0.0.1 can pass through. php will use this rule later,

         Nginx to set php-fpm access address: http://127.0.0.1:9000 This rule is used

         # iptables –A INPUT –i lo –j ACCEPT



         Next, set up allowing other machines to ping the machine, or not allow, it will be safer not to allow.

         # iptables –A INPUT –p icmp –j ACCEPT



         Next, open web service port 80

         # iptables –A INPUT –p tcp –dport 80 –j ACCEPT



         Last save settings:

         # iptables-save

         # service iptables restart



         At this point, all external ports except 22 80 have been closed, and the server can send outbound requests through any port, but external requests can only enter the interior through ports 80 and 22.





Previous:Alibaba Cloud Centos configures iptables firewall
Next:CorelDRAW X7 Crack Keygen Download + Graphic Cracking Tutorial

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com