Linux server configuration IP whitelist to prevent remote login and port exposure

Preface

The server used by the blogger was purchased from Alibaba Cloud. In fact, Alibaba Cloud has provided us with security policies for our use, but if it is the company's own server, or our own virtual machine, etc. You still need to check how to configure the firewall and the whitelist.

1. Alibaba Cloud's server does not have a firewall itself, but we can install an IPtable firewall (here Alibaba Cloud's server system is Centos). In this case, the firewall and the whitelist configured by Alibaba Cloud URL need to take effect at the same time.

1. Server Firewall

1.1. The following is the initial firewall configuration

vim /etc/sysconfig/iptables

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

1.2. Configure whitelist and exposed ports

1.2.1. Expose ports 22, 80, and 8080

1.2.2, add whitelist 116.90.86.196, 116.90.86.197 Be sure to enter your current IP address, be careful not to be able to log in

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

#Define whitelist variable name -N whitelist
#Set the whitelist ip segment -A whitelist -s 116.90.86.196 -j ACCEPT
-A whitelist -s 116.90.86.197 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j whitelist
-A INPUT -i lo -j ACCEPT


-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j whitelist
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

2. Alibaba Cloud whitelist and port exposure

2.1 Security Group Configuration

2.3. Configure IP and port

2.3.1, 0.0.0.0/0 means unlimited IP

2.2.2. Cloning is to copy one, and then delete the previous one

The above article about Linux server configuration IP whitelist to prevent remote login and port exposure is all the content that the editor shares with you. I hope it can give you a reference, and I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Ensure Linux VPS and server security Xshell set up key login
How to check whether the ports of the local computer and the remote server are connected under Linux
Linux uses the scp command to copy files to the local computer and copy local files to the remote server
How to delete folders, files, and decompress commands on Linux servers
Tutorial on configuring SSH and Xshell to connect to the server in Linux (with pictures)

<<: Windows 10 + mysql 8.0.11 zip installation tutorial detailed

>>: WeChat Mini Program User Authorization Best Practices Guide