套CloudFlare防止源站IP泄露教程
转载自loc全球mjj论坛检查是否安装了iptables
- service iptables status
安装iptables
- yum install -y iptables
升级iptables
- yum update iptables
安装iptables-services
- yum install -y iptables-services
查看默认防火墙状态
- firewall-cmd --state
停止firewall
- systemctl stop firewalld.service
禁止firewall开机启动
- systemctl disable firewalld.service
禁用firewalld服务
- systemctl mask firewalld
查看iptables现有规则
- iptables -L -n
先允许所有
- iptables -P INPUT ACCEPT
清空所有默认规则
- iptables -F
清空所有自定义规则
- iptables -X
所有计数器归0
- iptables -Z
禁止来自IPv4的所有HTTP/S访问请求
- iptables -I INPUT -p tcp --dport 80 -j DROP
- iptables -I INPUT -p tcp --dport 443 -j DROP
对Cloudflare CDN IPv4地址开放HTTP/S入站访问
- for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done
- for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done
禁止来自IPv6的所有HTTP/S访问请求
- ip6tables -I INPUT -p tcp --dport 80 -j DROP
- ip6tables -I INPUT -p tcp --dport 443 -j DROP
对Cloudflare CDN IPv6地址开放HTTP/S入站访问
- for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 80 -j ACCEPT; done
- for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -s $i -p tcp --dport 443 -j ACCEPT; done
保存iptables配置
- iptables-save
- ip6tables-save
保存规则(路径:/etc/sysconfig/iptables和ip6tables)
- service iptables save
- service ip6tables save
开启iptables服务
- systemctl enable iptables.service
- systemctl enable ip6tables.service
自动载入规则
- chkconfig iptables on
- chkconfig ip6tables on
开启服务
- systemctl start iptables.service
- systemctl start ip6tables.service
查看状态
- systemctl status iptables.service
- systemctl status ip6tables.service
重启iptables
- systemctl restart iptables.service
- systemctl restart ip6tables.service
共有 0 条评论