Linux server configuration IP whitelist to prevent remote login and port exposure

Preface

The server used by the blogger was purchased from Alibaba Cloud. In fact, Alibaba Cloud has provided us with security policies for our use, but if it is the company's own server, or our own virtual machine, etc. You still need to check how to configure the firewall and the whitelist.

1. Alibaba Cloud's server does not have a firewall itself, but we can install an IPtable firewall (here Alibaba Cloud's server system is Centos). In this case, the firewall and the whitelist configured by Alibaba Cloud URL need to take effect at the same time.

1. Server Firewall

1.1. The following is the initial firewall configuration

vim /etc/sysconfig/iptables

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

1.2. Configure whitelist and exposed ports

1.2.1. Expose ports 22, 80, and 8080

1.2.2, add whitelist 116.90.86.196, 116.90.86.197 Be sure to enter your current IP address, be careful not to be able to log in

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

#Define whitelist variable name -N whitelist
#Set the whitelist ip segment -A whitelist -s 116.90.86.196 -j ACCEPT
-A whitelist -s 116.90.86.197 -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j whitelist
-A INPUT -i lo -j ACCEPT


-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j whitelist
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

2. Alibaba Cloud whitelist and port exposure

2.1 Security Group Configuration

2.3. Configure IP and port

2.3.1, 0.0.0.0/0 means unlimited IP

2.2.2. Cloning is to copy one, and then delete the previous one

The above article about Linux server configuration IP whitelist to prevent remote login and port exposure is all the content that the editor shares with you. I hope it can give you a reference, and I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Ensure Linux VPS and server security Xshell set up key login
How to check whether the ports of the local computer and the remote server are connected under Linux
Linux uses the scp command to copy files to the local computer and copy local files to the remote server
How to delete folders, files, and decompress commands on Linux servers
Tutorial on configuring SSH and Xshell to connect to the server in Linux (with pictures)

<<: Windows 10 + mysql 8.0.11 zip installation tutorial detailed

>>: WeChat Mini Program User Authorization Best Practices Guide

Implementation of sharing data between Docker Volume containers

Linux server configuration IP whitelist to prevent remote login and port exposure

Implementation of sharing data between Docker Volume containers

MySQL database optimization: detailed explanation of table and database sharding operations

Vue+express+Socket realizes chat function

Detailed explanation of storage engine in MySQL

WeChat applet to obtain mobile phone number step record

VMWare15 installs Mac OS system (graphic tutorial)

Instructions for using the meta viewport tag (mobile browsing zoom control)

Pure CSS to adjust Div height according to adaptive width (percentage)

Detailed understanding and comparative analysis of servers Apache, Tomcat and Nginx

Tips for List Building for Website Maintenance Pages

Recommend

About MYSQL, you need to know the data types and operation tables

How to install MySQL using yum on Centos7 and achieve remote connection

Tutorial on installing Ubuntu 20.04 and NVIDIA drivers

What is the function of !-- -- in HTML page style?

Nginx configuration file detailed explanation and optimization suggestions guide

How to eliminate the extra blank space at the bottom of the created web page when browsing

The process of building a Jenkins project under Linux (taking CentOS 7 as an example)

Nginx uses the Gzip algorithm to compress messages

Mysql Workbench query mysql database method

Manjaro installation CUDA implementation tutorial analysis

CentOS 8 system FTP server installation and passive mode configuration detailed tutorial

MySQL 8.0.22 installation and configuration method graphic tutorial under Windows 10

Detailed explanation of the process of using docker to build minio and java sdk

Detailed explanation of MySQL table name case-insensitive configuration method

MySQL multi-master and one-slave data backup method tutorial