UFW加固

拉黑IP

sudo ufw deny from 127.0.0.1 to any
sudo ufw reload

允许22端口

sudo ufw allow 22
sudo ufw allow 22/tcp

指定ip和端口

sudo ufw allow from 192.168.2.11 to any port 22

指定tcp/22访问

sudo ufw allow proto tcp from 192.168.2.11 to any port 22

指定ip段

sudo ufw allow from 192.168.0.0/24 to any port 22
sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22

删除端口规则

sudo ufw delete allow 22
sudo ufw delete deny 8080

防火墙重置

sudo ufw reset

编号防火墙规则

sudo ufw status numbered
sudo ufw delete 4

iptables加固

拉黑IP

iptables -I INPUT -s 1.2.3.4 -j DROP
iptables-restore

允许22端口

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

指定IP和端口

iptables -A INPUT -p tcp --dport 22 -s 1.2.3.4 -j ACCEPT

拒绝端口

sudo iptables -A INPUT -p tcp --dport 22 -j REJECT