2026年1月3日星期六

为Oracle Ubuntu 22.04 aarch64实例设置nftables防火墙

关闭系统默认iptables规则

  1. sudo apt update && sudo apt full-upgrade -y
  2. sudo apt install ufw -y
  3. sudo ufw enable
  4. sudo nano /etc/sysctl.conf  #开启net.ipv4.ip_forward=1
  5. sudo ufw default allow forward
  6. sudo ufw default allow incoming
  7. sudo ufw default allow outgoing
  8. sudo ufw status verbose #确认防火墙已全部开放
  9. sudo systemctl restart ufw

安装nftables

  1. sudo apt update && sudo apt install nftables -y
  2. sudo mkdir /etc/nftables
  3. sudo nano /etc/nftables/default.nft

设置nftables规则

#!/usr/sbin/nft -f

flush ruleset

table ip default {

  chain input {

    type filter hook input priority 0; policy drop;

    iif lo accept
    ct state established, related accept

    # ping
    icmp type echo-request limit rate 500/second accept

    # SSH
    tcp dport 22 accept

    # Nginx
    tcp dport { 80, 443 } accept
  }
}

启用nftables

  1. sudo systemctl start nftables
  2. sudo systemctl enable nftables
  3. sudo systemctl restart nftables



 

时间:
标签:

没有评论:

发表评论

订阅: 博文评论 (Atom)

为Oracle Ubuntu 22.04 aarch64实例设置nftables防火墙

关闭系统默认iptables规则 sudo apt update && sudo apt full-upgrade -y sudo apt install ufw -y sudo ufw enable sudo nano /etc/sysctl.conf  #开启...