Linux server configuration IP whitelist to prevent remote login and port exposure

Preface

The server used by the blogger was purchased from Alibaba Cloud. In fact, Alibaba Cloud has provided us with security policies for our use, but if it is the company's own server, or our own virtual machine, etc. You still need to check how to configure the firewall and the whitelist.

1. Alibaba Cloud's server does not have a firewall itself, but we can install an IPtable firewall (here Alibaba Cloud's server system is Centos). In this case, the firewall and the whitelist configured by Alibaba Cloud URL need to take effect at the same time.

1. Server Firewall

1.1. The following is the initial firewall configuration

vim /etc/sysconfig/iptables

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

1.2. Configure whitelist and exposed ports

1.2.1. Expose ports 22, 80, and 8080

1.2.2, add whitelist 116.90.86.196, 116.90.86.197 Be sure to enter your current IP address, be careful not to be able to log in

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

#Define whitelist variable name -N whitelist
#Set the whitelist ip segment -A whitelist -s 116.90.86.196 -j ACCEPT
-A whitelist -s 116.90.86.197 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j whitelist
-A INPUT -i lo -j ACCEPT


-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j whitelist
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

2. Alibaba Cloud whitelist and port exposure

2.1 Security Group Configuration

2.3. Configure IP and port

2.3.1, 0.0.0.0/0 means unlimited IP

2.2.2. Cloning is to copy one, and then delete the previous one

The above article about Linux server configuration IP whitelist to prevent remote login and port exposure is all the content that the editor shares with you. I hope it can give you a reference, and I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Ensure Linux VPS and server security Xshell set up key login
How to check whether the ports of the local computer and the remote server are connected under Linux
Linux uses the scp command to copy files to the local computer and copy local files to the remote server
How to delete folders, files, and decompress commands on Linux servers
Tutorial on configuring SSH and Xshell to connect to the server in Linux (with pictures)

<<: Windows 10 + mysql 8.0.11 zip installation tutorial detailed

>>: WeChat Mini Program User Authorization Best Practices Guide

Solve MySQL startup error: ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)

Linux server configuration IP whitelist to prevent remote login and port exposure

Solve MySQL startup error: ERROR 2003 (HY000): Can't connect to MySQL server on 'localhost' (10061)

How to install SVN server under Linux

Detailed graphic explanation of hadoop installation and configuration based on Linux7

HTML table markup tutorial (6): dark border color attribute BORDERCOLORDARK

Web interview Vue custom components and calling methods

Analyzing the node event loop and message queue

Thoughts on truncation of multi-line text with a "show more" button

Discuss the value of Web standards from four aspects with a mind map

HTML markup language - table tag

Tips for List Building for Website Maintenance Pages

Recommend

Solve the problem of inconsistent front and back end ports of Vue

How to implement Mysql scheduled tasks under Linux

MySQL 8.0.17 decompression version installation and configuration method graphic tutorial

About input file control and beautification

Solutions to Files/Folders That Cannot Be Deleted in Linux

Independent implementation of nginx container configuration file

Will mysql's in invalidate the index?

Summary of Vue watch monitoring methods

202 Free High Quality XHTML Templates (2)

Summary of some common methods of JavaScript array

Modify the default color of the input box placeholder text -webkit-input-placeholder method

A brief discussion on HTML doctype and encoding

How to modify the forgotten password when installing MySQL on Mac

Detailed explanation of how to use the vue verification code component

Docker connects to the host Mysql operation