亚洲香蕉成人av网站在线观看_欧美精品成人91久久久久久久_久久久久久久久久久亚洲_热久久视久久精品18亚洲精品_国产精自产拍久久久久久_亚洲色图国产精品_91精品国产网站_中文字幕欧美日韩精品_国产精品久久久久久亚洲调教_国产精品久久一区_性夜试看影院91社区_97在线观看视频国产_68精品久久久久久欧美_欧美精品在线观看_国产精品一区二区久久精品_欧美老女人bb

首頁 > 服務器 > Web服務器 > 正文

阿里云windows服務器安全設置(防火墻策略)

2024-09-01 13:48:27
字體:
來源:轉載
供稿:網友

通過防火墻策略限制對外掃描行為

請您根據您的服務器操作系統,下載對應的腳本運行,運行后您的防火墻策略會封禁對外發包的行為,確保您的主機不會再出現惡意發包的情況,為您進行后續數據備份操作提供足夠的時間。

Window2003的批處理文件

@rem 配置windows2003系統的IP安全策略@rem version 3.0 time:2014-5-12netsh ipsec static add policy name=dropnetsh ipsec static add filterlist name=drop_portnetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=21 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=22 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=23 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=25 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=53 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=80 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=135 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=139 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=443 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=445 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1314 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1433 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1521 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=2222 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3306 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3433 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3389 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=4899 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=8080 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=18186 protocol=TCP mirrored=nonetsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=nonetsh ipsec static add filteraction name=denyact action=blocknetsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyactnetsh ipsec static set policy name=drop assign=y

Window2008的批處理文件

@rem 配置windows2008系統的IP安全策略@rem version 3.0 time:2014-5-12@rem 重置防火墻使用默認規則netsh firewall resetnetsh firewall set service remotedesktop enable all@rem 配置高級windows防火墻netsh advfirewall firewall add rule name="drop" protocol=TCP dir=out remoteport="21,22,23,25,53,80,135,139,443,445,1433,1314,1521,2222,3306,3433,3389,4899,8080,18186" action=blocknetsh advfirewall firewall add rule name="dropudp" protocol=UDP dir=out remoteport=any action=block

Linux系統腳本

#!/bin/bash##########################################Function:  linux drop port#Usage:    bash linux_drop_port.sh#Author:   Customer Service Department#Company:   Alibaba Cloud Computing#Version:   2.0######################################### check_os_release(){ while true do  os_release=$(grep "Red Hat Enterprise Linux Server release"/etc/issue 2>/dev/null)  os_release_2=$(grep "Red Hat Enterprise Linux Server release"/etc/redhat-release 2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep "release 5" >/dev/null2>&1   then    os_release=redhat5    echo "$os_release"   elif echo "$os_release"|grep "release 6">/dev/null 2>&1   then    os_release=redhat6    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  os_release=$(grep "Aliyun Linux release" /etc/issue2>/dev/null)  os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep "release 5" >/dev/null2>&1   then    os_release=aliyun5    echo "$os_release"   elif echo "$os_release"|grep "release 6">/dev/null 2>&1   then    os_release=aliyun6    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  os_release=$(grep "CentOS release" /etc/issue 2>/dev/null)  os_release_2=$(grep "CentOS release" /etc/*release2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep "release 5" >/dev/null2>&1   then    os_release=centos5    echo "$os_release"   elif echo "$os_release"|grep "release 6">/dev/null 2>&1   then    os_release=centos6    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null)  os_release_2=$(grep -i "ubuntu" /etc/lsb-release2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep "Ubuntu 10" >/dev/null2>&1   then    os_release=ubuntu10    echo "$os_release"   elif echo "$os_release"|grep "Ubuntu 12.04">/dev/null 2>&1   then    os_release=ubuntu1204    echo "$os_release"   elif echo "$os_release"|grep "Ubuntu 12.10">/dev/null 2>&1   then    os_release=ubuntu1210    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  os_release=$(grep -i "debian" /etc/issue 2>/dev/null)  os_release_2=$(grep -i "debian" /proc/version 2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep "Linux 6" >/dev/null2>&1   then    os_release=debian6    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  os_release=$(grep "openSUSE" /etc/issue 2>/dev/null)  os_release_2=$(grep "openSUSE" /etc/*release 2>/dev/null)  if [ "$os_release" ] && [ "$os_release_2" ]  then   if echo "$os_release"|grep"13.1" >/dev/null 2>&1   then    os_release=opensuse131    echo "$os_release"   else    os_release=""    echo "$os_release"   fi   break  fi  break  done} exit_script(){ echo -e "/033[1;40;31mInstall $1 error,will exit./n/033[0m" rm-f $LOCKfile exit 1} config_iptables(){ iptables -I OUTPUT 1 -p tcp -m multiport --dport21,22,23,25,53,80,135,139,443,445 -j DROP iptables -I OUTPUT 2 -p tcp -m multiport --dport 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186-j DROP iptables -I OUTPUT 3 -p udp -j DROP iptables -nvL} ubuntu_config_ufw(){ ufwdeny out proto tcp to any port 21,22,23,25,53,80,135,139,443,445 ufwdeny out proto tcp to any port 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 ufwdeny out proto udp to any ufwstatus} ####################Start####################check lock file ,one time only let thescript run one timeLOCKfile=/tmp/.$(basename $0)if [ -f "$LOCKfile" ]then echo -e "/033[1;40;31mThe script is already exist,please next timeto run this script./n/033[0m" exitelse echo -e "/033[40;32mStep 1.No lock file,begin to create lock fileand continue./n/033[40;37m" touch $LOCKfilefi #check userif [ $(id -u) != "0" ]then echo -e "/033[1;40;31mError: You must be root to run this script,please use root to execute this script./n/033[0m" rm-f $LOCKfile exit 1fi echo -e "/033[40;32mStep 2.Begen tocheck the OS issue./n/033[40;37m"os_release=$(check_os_release)if [ "X$os_release" =="X" ]then echo -e "/033[1;40;31mThe OS does not identify,So this script isnot executede./n/033[0m" rm-f $LOCKfile exit 0else echo -e "/033[40;32mThis OS is $os_release./n/033[40;37m"fi echo -e "/033[40;32mStep 3.Begen toconfig firewall./n/033[40;37m"case "$os_release" inredhat5|centos5|redhat6|centos6|aliyun5|aliyun6) service iptables start config_iptables ;;debian6) config_iptables ;;ubuntu10|ubuntu1204|ubuntu1210) ufwenable <<EOFyEOF ubuntu_config_ufw ;;opensuse131) config_iptables ;;esac echo -e "/033[40;32mConfig firewallsuccess,this script now exit!/n/033[40;37m"rm -f $LOCKfile

上述文件下載到機器內部直接執行即可。

設置iptables,限制訪問

/sbin/iptables -P INPUT ACCEPT/sbin/iptables -F/sbin/iptables -X/sbin/iptables -Z/sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT/sbin/iptables -A INPUT -p tcp --dport 8080 -j ACCEPT/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT/sbin/iptables -P INPUT DROP service iptables save

以上腳本,在每次重裝完系統后執行一次即可,其配置會保存至/etc/sysconfig/iptables

 

發表評論 共有條評論
用戶名: 密碼:
驗證碼: 匿名發表
亚洲香蕉成人av网站在线观看_欧美精品成人91久久久久久久_久久久久久久久久久亚洲_热久久视久久精品18亚洲精品_国产精自产拍久久久久久_亚洲色图国产精品_91精品国产网站_中文字幕欧美日韩精品_国产精品久久久久久亚洲调教_国产精品久久一区_性夜试看影院91社区_97在线观看视频国产_68精品久久久久久欧美_欧美精品在线观看_国产精品一区二区久久精品_欧美老女人bb
精品爽片免费看久久| 一区二区欧美亚洲| 在线视频免费一区二区| 日韩视频在线观看免费| 欧美小视频在线观看| 欧美一级高清免费| 91在线高清视频| 亚洲精品成人久久久| 精品视频久久久久久久| 日韩免费av一区二区| 一本色道久久综合狠狠躁篇怎么玩| 久久亚洲综合国产精品99麻豆精品福利| 欧美最猛黑人xxxx黑人猛叫黄| 欧美日韩在线视频首页| 最新91在线视频| 久久伊人精品天天| 成人性生交大片免费看视频直播| 国产成人极品视频| 国产精品夜色7777狼人| 国产成人精品999| 国产成人精品电影| 黄色一区二区在线观看| 91精品国产自产91精品| 国产精品久久久久99| 国产亚洲一区二区在线| 久久免费视频在线观看| 久久婷婷国产麻豆91天堂| 中文字幕不卡在线视频极品| 国内自拍欧美激情| 亚洲男人的天堂在线播放| 日本国产欧美一区二区三区| 国产午夜精品视频| 日韩精品视频免费专区在线播放| 美日韩在线视频| 在线视频日本亚洲性| 国产视频精品xxxx| 欧美日韩一区二区在线| 国产69精品久久久| 国产精品美女久久| 成人有码视频在线播放| 日本精品视频在线| 久久久999国产精品| 欧美另类极品videosbest最新版本| 97碰在线观看| 国产精品视频在线观看| 色婷婷**av毛片一区| 亚洲国产小视频| 久久免费福利视频| 亚洲黄色在线观看| 91视频-88av| 久久色在线播放| 懂色aⅴ精品一区二区三区蜜月| 亚洲国产日韩欧美在线图片| 欧美性xxxx极品hd欧美风情| 久久国产精品首页| 欧美午夜片在线免费观看| 日韩在线免费观看视频| 亚洲欧美精品在线| 国产在线高清精品| 日韩精品高清在线| 国产精品免费在线免费| 国产精品日韩电影| 亚洲国产又黄又爽女人高潮的| 亚洲xxxx视频| 尤物九九久久国产精品的分类| 另类专区欧美制服同性| 色老头一区二区三区| 黑人精品xxx一区| 日韩免费在线看| 伊人亚洲福利一区二区三区| 成年人精品视频| 日韩电影中文字幕| 国产精品免费久久久久影院| 91视频国产高清| 国产精品一香蕉国产线看观看| 亚洲人成网站色ww在线| 国产成人精品最新| 久久人人爽人人爽人人片av高请| 97国产精品久久| 亚洲女人天堂色在线7777| 日韩精品小视频| 日韩黄色在线免费观看| 亚洲男人天堂2019| 国模视频一区二区| 日韩久久午夜影院| 亚洲国产婷婷香蕉久久久久久| 欧美亚洲免费电影| 日韩精品视频中文在线观看| 欧美一区第一页| 亚洲精品天天看| 国内精品久久久久影院优| 日韩精品免费在线播放| 亚洲天堂av在线免费观看| 中文字幕日韩av综合精品| 精品欧美国产一区二区三区| 国产剧情久久久久久| 日韩av电影中文字幕| 亚洲美女av网站| 午夜精品久久久久久99热| 欧美一级片一区| 色视频www在线播放国产成人| 国产精品6699| 国产精品久久久久久久久久ktv| 成人在线小视频| 欧美性少妇18aaaa视频| 国产日韩欧美夫妻视频在线观看| 国内成人精品视频| 日本久久91av| 亚洲人午夜精品免费| 欧美日韩国产综合视频在线观看中文| 日韩免费在线免费观看| 日韩视频免费中文字幕| 国产91精品在线播放| 国产成人avxxxxx在线看| 国产在线视频一区| 日韩av在线网页| 久久琪琪电影院| 日韩福利伦理影院免费| 欧美第一淫aaasss性| 国产午夜精品全部视频在线播放| 久久久久久亚洲| 欧美性黄网官网| 国产99久久精品一区二区永久免费| 91在线观看免费高清| 欧美激情国产精品| 国产日本欧美一区二区三区在线| 久久青草精品视频免费观看| 亚洲欧美综合另类中字| 亚洲精品91美女久久久久久久| 成人性生交xxxxx网站| www.99久久热国产日韩欧美.com| 日韩电影在线观看永久视频免费网站| 欧美黑人极品猛少妇色xxxxx| 亚洲第一区第一页| 宅男66日本亚洲欧美视频| 日韩成人av在线| 国产色婷婷国产综合在线理论片a| 久久久久久久久久国产精品| 91黑丝在线观看| 精品视频在线播放色网色视频| 国产在线视频欧美| 狠狠躁夜夜躁人人躁婷婷91| 国产精品久久77777| 97超级碰在线看视频免费在线看| 欧美日韩国产第一页| 九九久久久久99精品| 91亚洲精品在线观看| 国产一级揄自揄精品视频| 亚洲欧美在线免费| 日韩精品视频中文在线观看| 久久精品亚洲热| 美女啪啪无遮挡免费久久网站| 麻豆一区二区在线观看| 欧美激情久久久| 国产成人精品av| 国产女人精品视频| 美女999久久久精品视频| 欧美日韩性生活视频| 欧美一二三视频| 国产区亚洲区欧美区| 亚洲国产第一页| 欧美巨乳在线观看| 欧美一乱一性一交一视频| 午夜精品久久久久久久99热浪潮|