pve:firewall
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录前一修订版 | |||
| pve:firewall [2026/02/26 01:49] – [安全组] admin | pve:firewall [2026/02/26 01:49] (当前版本) – [常用规则示例] admin | ||
|---|---|---|---|
| 行 95: | 行 95: | ||
| IN ACCEPT -p tcp --dport 80 | IN ACCEPT -p tcp --dport 80 | ||
| IN ACCEPT -p tcp --dport 443 | IN ACCEPT -p tcp --dport 443 | ||
| - | </code | + | </code> |
| === 拒绝Ping === | === 拒绝Ping === | ||
| 行 101: | 行 101: | ||
| < | < | ||
| IN DROP -p icmp --icmp-type echo-request | IN DROP -p icmp --icmp-type echo-request | ||
| - | </code | + | </code> |
| === 限制SSH === | === 限制SSH === | ||
| 行 108: | 行 108: | ||
| IN ACCEPT -p tcp --dport 22 -s 10.0.0.0/8 | IN ACCEPT -p tcp --dport 22 -s 10.0.0.0/8 | ||
| IN DROP -p tcp --dport 22 | IN DROP -p tcp --dport 22 | ||
| - | </code | + | </code> |
| ===== IPv6支持 ===== | ===== IPv6支持 ===== | ||
| 行 119: | 行 119: | ||
| enable: 1 | enable: 1 | ||
| ipv6: 1 | ipv6: 1 | ||
| - | </code | + | </code> |
| === IPv6规则 === | === IPv6规则 === | ||
| 行 141: | 行 141: | ||
| < | < | ||
| tail -f / | tail -f / | ||
| - | </code | + | </code> |
| ===== 自动化规则 ===== | ===== 自动化规则 ===== | ||
| 行 170: | 行 170: | ||
| < | < | ||
| IN ACCEPT -mac XX: | IN ACCEPT -mac XX: | ||
| - | </code | + | </code> |
| === 连接跟踪 === | === 连接跟踪 === | ||
pve/firewall.txt · 最后更改: 由 admin