Because the firewall of Tencent Cloud Lightweight Application Server runs outside the Linux system. So when you deploy a service on a Linux server, if the port is 8082, you can only go to the console.cloud.tencent.com web and add the corresponding rules for 8082 tcp. What if I don’t want to log in to Tencent Cloud’s web management page? I just want to manage my firewall directly via ssh.
There is a way. Let all the built-in firewalls be released, and then install the firewall software on your Linux distro.
Create a new firewall rule, select ALL for the application type, and of course select允许for the policy, and then click OK.
I use debian 11 and I use ufw to manage the firewall.
Debian 11 install ufw
# 查询是否已安装ufw $ sudo dpkg -s ufw # 查询所有已安装包$ sudo dpkg --get-selections # 通过grep 过滤查询已安装的包$ sudo dpkg --get-selections |grep ufw # 通过-L 参数查看安装好的包在系统中的各个文件的位置$ sudo dpkg -L ufw # 搜索源中的ufw 包$ sudo apt-get search ufw # 安装ufw $ sudo apt-get install -y ufw
Manage debian 11 firewall via ufw
# 查看ufw 状态如果返回Status: inactive 说明服务尚未启动$ sudo ufw status verbose # 启动ufw $ sudo ufw enable $ sudo systemctl enable ufw $ sudo systemctl restart ufw # 添加基于port 和protocol 的规则$ sudo ufw allow PORT:PROTOCOL comment "your comment" # 比如开启tcp 443 端口$ sudo ufw allow 443/tcp comment "Web服务HTTPS(443),如Apache、Nginx" # 后面根据需要打开相应的端口,建议添加comment 防止忘记这个端口是干嘛用的
This article is reprinted from: https://hellodk.cn/post/1027
This site is for inclusion only, and the copyright belongs to the original author.