firewalld小结

通过配置firewalld可以较好的阻止恶意的流量

sudo systemctl start firewalld
sudo systemctl enable firewalld

/etc/firewalld
配置文件
/usr/lib/firewalld/services

sudo firewall-cmd --list-all-zones

sudo firewall-cmd --state

firewall-cmd --zone=external --add-icmp-block=echo-request
firewall-cmd --zone=external --add-icmp-block=echo-reply
firewall-cmd --runtime-to-permanent

firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="127.0.0.1" port port="9527" protocol="tcp" accept'

sudo firewall-cmd --reload

.acme.sh/acme.sh   --issue  -d t0m1tu.tk -d www.t0m1tu.tk --webroot /usr/share/nginx/html/
.acme.sh/acme.sh --install-cert -d t0m1tu.tk --key-file /etc/nginx/cert/ssl.pem --fullchain-file /etc/nginx/cert/ssl.key --reloadcmd "service nginx force-reload"

posted @ 2021-06-05 22:15 莫契阅读(54) 评论(0) 收藏举报

刷新页面返回顶部

追寻千里只为你

firewalld小结

公告