4行命令,设置80和443只允许CF访问,防止被扫。
iptables版本
iptables -I INPUT -p tcp --dport 80 -j DROP
iptables -I INPUT -p tcp --dport 443 -j DROP
curl https://www.cloudflare.com/ips-v4|awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'|sh
curl https://www.cloudflare.com/ips-v4|awk '{print "iptables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'|sh
ipV6
ip6tables -I INPUT -p tcp --dport 80 -j DROP
ip6tables -I INPUT -p tcp --dport 443 -j DROP
curl https://www.cloudflare.com/ips-v6|awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 80 -j ACCEPT"}'|sh
curl https://www.cloudflare.com/ips-v6|awk '{print "ip6tables -I INPUT -s "$0" -p tcp --dport 443 -j ACCEPT"}'|sh
firewall版本:
firewall-cmd --permanent --remove-port=80/tcp
firewall-cmd --permanent --remove-port=443/tcp
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
curl https://www.cloudflare.com/ips-v4|awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"80\" accept\""}'|sh
curl https://www.cloudflare.com/ips-v4|awk '{print "firewall-cmd --permanent --add-rich-rule=\"rule family=\"ipv4\" source address=\""$0"\" port protocol=\"tcp\" port=\"443\" accept\""}'|sh
IPV6
curl https://www.cloudflare.com/ips-v6|awk '{print "firewall-cmd --permanent --add-rich-rule="rule family="ipv6" source address=""$0"" port protocol="tcp" port="80" accept""}'|sh
curl https://www.cloudflare.com/ips-v6|awk '{print "firewall-cmd --permanent --add-rich-rule="rule family="ipv6" source address=""$0"" port protocol="tcp" port="443" accept""}'|sh
systemctl restart firewalld.service