mirror of
https://code.forgejo.org/infrastructure/documentation
synced 2024-11-22 03:21:10 +00:00
k8s ufw firewall
This commit is contained in:
parent
d9420f8ac4
commit
ab3221ab89
30
README.md
30
README.md
|
@ -65,6 +65,36 @@ lxc-helpers.sh lxc_container_user_install $name $(id -u) $USER
|
||||||
|
|
||||||
## firewall
|
## firewall
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt-get install ufw
|
||||||
|
```
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo ufw default allow incoming
|
||||||
|
sudo ufw default allow outgoing
|
||||||
|
sudo ufw default allow routed
|
||||||
|
|
||||||
|
ips="88.198.58.177 2a01:4f8:222:507::2" # host specific
|
||||||
|
|
||||||
|
for host_ip in $ips ; do
|
||||||
|
sudo ufw allow to $host_ip port 22 proto tcp
|
||||||
|
sudo ufw deny to $host_ip
|
||||||
|
done
|
||||||
|
|
||||||
|
for public_ip in 188.40.16.47 2a01:4f8:fff2:48::2 ; do
|
||||||
|
sudo ufw allow to $public_ip port 22,80,443,2000:3000 proto tcp
|
||||||
|
sudo ufw deny to $public_ip
|
||||||
|
done
|
||||||
|
```
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo systemctl enable ufw
|
||||||
|
sudo ufw enable
|
||||||
|
```
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo ufw status verbose
|
||||||
|
```
|
||||||
|
|
||||||
## nftables
|
## nftables
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue