Browse Source

修改为ufw

master
xiaoz 2 years ago
parent
commit
0c114c2d47
  1. 26
      init_debian.sh

26
init_debian.sh

@ -9,31 +9,30 @@ ssh_port=$1
#初始化软件 #初始化软件
init_soft(){ init_soft(){
echo '--------------------------------------------------------------'; echo '--------------------------------------------------------------';
echo 'Install curl/wget and firewalld.' echo 'Install curl/wget and ufw.'
echo '--------------------------------------------------------------'; echo '--------------------------------------------------------------';
#更新软件 #更新软件
apt-get update apt-get update
#使用nftables #使用nftables
update-alternatives --set iptables /usr/sbin/iptables-nft #update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft #update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
update-alternatives --set arptables /usr/sbin/arptables-nft #update-alternatives --set arptables /usr/sbin/arptables-nft
update-alternatives --set ebtables /usr/sbin/ebtables-nft #update-alternatives --set ebtables /usr/sbin/ebtables-nft
#安装必要软件 #安装必要软件
apt-get -y install curl wget apt-get -y install curl wget ufw
apt-get -y install firewalld #apt-get -y install firewalld
#启动firewalld #启动firewalld
systemctl start firewalld && systemctl enable firewalld #systemctl start firewalld && systemctl enable firewalld
#FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables #FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=iptables
#针对上面的错误,需要将iptables更换为nftables #针对上面的错误,需要将iptables更换为nftables
sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf #sed -i "s/FirewallBackend=iptables/FirewallBackend=nftables/g" /etc/firewalld/firewalld.conf
#放行常见端口 #放行常见端口
firewall-cmd --zone=public --add-port=80/tcp --permanent ufw allow 80
firewall-cmd --zone=public --add-port=443/tcp --permanent ufw allow 443
firewall-cmd --reload
} }
#初始化SSH配置 #初始化SSH配置
@ -43,8 +42,7 @@ init_ssh(){
echo 'Modifying SSH port.' echo 'Modifying SSH port.'
echo '--------------------------------------------------------------'; echo '--------------------------------------------------------------';
#先放行端口 #先放行端口
firewall-cmd --zone=public --add-port=${ssh_port}/tcp --permanent ufw allow ${ssh_port}
firewall-cmd --reload
#修改ssh配置文件 #修改ssh配置文件
#修改SSH端口 #修改SSH端口

Loading…
Cancel
Save