pve:firewall
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 后一修订版 | 前一修订版 | ||
| pve:firewall [2026/02/25 15:31] – admin | pve:firewall [2026/02/26 01:49] (当前版本) – [常用规则示例] admin | ||
|---|---|---|---|
| 行 36: | 行 36: | ||
| [OPTIONS] | [OPTIONS] | ||
| enable: 1 | enable: 1 | ||
| - | </code | + | </code> |
| ===== 规则配置 ===== | ===== 规则配置 ===== | ||
| 行 67: | 行 67: | ||
| < | < | ||
| pvesh create / | pvesh create / | ||
| - | </code | + | </code> |
| === 添加规则到组 === | === 添加规则到组 === | ||
| 行 73: | 行 73: | ||
| < | < | ||
| pvesh create / | pvesh create / | ||
| - | </code | + | </code> |
| === 使用安全组 === | === 使用安全组 === | ||
| 行 95: | 行 95: | ||
| IN ACCEPT -p tcp --dport 80 | IN ACCEPT -p tcp --dport 80 | ||
| IN ACCEPT -p tcp --dport 443 | IN ACCEPT -p tcp --dport 443 | ||
| - | </code | + | </code> |
| === 拒绝Ping === | === 拒绝Ping === | ||
| 行 101: | 行 101: | ||
| < | < | ||
| IN DROP -p icmp --icmp-type echo-request | IN DROP -p icmp --icmp-type echo-request | ||
| - | </code | + | </code> |
| === 限制SSH === | === 限制SSH === | ||
| 行 108: | 行 108: | ||
| IN ACCEPT -p tcp --dport 22 -s 10.0.0.0/8 | IN ACCEPT -p tcp --dport 22 -s 10.0.0.0/8 | ||
| IN DROP -p tcp --dport 22 | IN DROP -p tcp --dport 22 | ||
| - | </code | + | </code> |
| ===== IPv6支持 ===== | ===== IPv6支持 ===== | ||
| 行 119: | 行 119: | ||
| enable: 1 | enable: 1 | ||
| ipv6: 1 | ipv6: 1 | ||
| - | </code | + | </code> |
| === IPv6规则 === | === IPv6规则 === | ||
| 行 141: | 行 141: | ||
| < | < | ||
| tail -f / | tail -f / | ||
| - | </code | + | </code> |
| ===== 自动化规则 ===== | ===== 自动化规则 ===== | ||
| 行 170: | 行 170: | ||
| < | < | ||
| IN ACCEPT -mac XX: | IN ACCEPT -mac XX: | ||
| - | </code | + | </code> |
| === 连接跟踪 === | === 连接跟踪 === | ||
pve/firewall.1772033489.txt.gz · 最后更改: 由 admin