Turn off the firewall that comes with Tencent Cloud Lightweight Application Server, and install ufw (or other) to manage the firewall of the server

Because the firewall of Tencent Cloud Lightweight Application Server runs outside the Linux system. So when you deploy a service on a Linux server, if the port is 8082, you can only go to the console.cloud.tencent.com web and add the corresponding rules for 8082 tcp. What if I don’t want to log in to Tencent Cloud’s web management page? I just want to manage my firewall directly via ssh.

There is a way. Let all the built-in firewalls be released, and then install the firewall software on your Linux distro.

Create a new firewall rule, select ALL for the application type, and of course select允许for the policy, and then click OK.

20220424121109

I use debian 11 and I use ufw to manage the firewall.

Debian 11 install ufw

 # 查询是否已安装ufw $ sudo dpkg -s ufw # 查询所有已安装包$ sudo dpkg --get-selections # 通过grep 过滤查询已安装的包$ sudo dpkg --get-selections |grep ufw # 通过-L 参数查看安装好的包在系统中的各个文件的位置$ sudo dpkg -L ufw # 搜索源中的ufw 包$ sudo apt-get search ufw # 安装ufw $ sudo apt-get install -y ufw

Manage debian 11 firewall via ufw

 # 查看ufw 状态如果返回Status: inactive 说明服务尚未启动$ sudo ufw status verbose # 启动ufw $ sudo ufw enable $ sudo systemctl enable ufw $ sudo systemctl restart ufw # 添加基于port 和protocol 的规则$ sudo ufw allow PORT:PROTOCOL comment "your comment" # 比如开启tcp 443 端口$ sudo ufw allow 443/tcp comment "Web服务HTTPS(443),如Apache、Nginx" # 后面根据需要打开相应的端口,建议添加comment 防止忘记这个端口是干嘛用的

This article is reprinted from: https://hellodk.cn/post/1027
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment