January 15Jan 15 -------------------------------------------Debian預設防火牆更改為iptables防火牆-------------------------------------------由於我慣用iptables防火牆,因此移除nftables防火牆apt remove nftables也移除ufw防火牆apt remove ufw安裝iptables防火牆apt install iptables看看iptables防火牆是否運作iptables -L -v------------------------------設定防火牆規則------------------------------cd /usr/local/binvi firewall.sh將iptables防火牆的規則,複製貼上到firewall.sh檔案裡ESC儲存並離開:wq變更權限chmod +x /usr/local/bin/firewall.sh測試防火牆./firewall.sh./firewall.sh start-------------------------設置 rc.local 開機啟動-------------------------網路找到 rc.local 開機啟動https://u.sb/debian-rc-local/cat /lib/systemd/system/rc-local.servicesystemctl status rc-local將底下代碼寫入到rc.localvi /etc/rc.local#!/bin/sh -e## rc.local## This script is executed at the end of each multiuser runlevel.# Make sure that the script will "exit 0" on success or any other# value on error.## In order to enable or disable this script just change the execution# bits.## By default this script does nothing.exit 0EOF儲存並離開:wq執行 變更權限chmod +x /etc/rc.local啟動 rc-local 服務systemctl enable --now rc-local無視警告...因為這個服務沒有任何依賴的系統服務,只是開機啟動 /etc/rc.local 腳本將需要開機啟動的命令加到 /etc/rc.local 檔案中,放在 exit 0 前面即可,然後重開機再次修改rc.localvi /etc/rc.local把這一行,放在 exit 0 前面即可/usr/local/bin/firewall.sh start儲存並離開:wq重開機reboot確認iptables防火牆的規則,有無成功執行,就是要看到你指定的IP有無出現iptables -L再次查看rc.local狀態systemctl status rc-local.service已經是 active (exited)
Create an account or sign in to comment