F/W 設定
Nid: 1142
ufw によるファイアウォール設定
必要ポートの許可設定
$ sudo ufw default deny incoming $ sudo ufw default allow outgoing $ sudo ufw allow ssh $ sudo ufw allow http $ sudo ufw allow https $ sudo ufw enable
確認
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 443/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6) 443/tcp (v6) ALLOW IN Anywhere (v6)
$ sudo netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1375/named tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1231/systemd-resolv tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1614/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1375/named tcp6 0 0 ::1:53 :::* LISTEN 1375/named tcp6 0 0 :::22 :::* LISTEN 1614/sshd tcp6 0 0 ::1:953 :::* LISTEN 1375/named udp 0 0 127.0.0.1:53 0.0.0.0:* 1375/named udp 0 0 127.0.0.53:53 0.0.0.0:* 1231/systemd-resolv udp6 0 0 ::1:53 :::* 1375/named
$ sudo tail -f /var/log/ufw.log