zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dcc8afffba960ebd5dd21e5d6bdd0e79890c110a
shell-scripts/1-代理Xray/3-BitsFLowCloud-洛杉矶/防火墙-配置.sh
zeaslity dcc8afffba 完成Bitsflow家人云的迁移工作
2025-12-08 08:56:23 +08:00

91 lines
2.9 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# UFW 防火墙配置脚本
# 适用于 Ubuntu 22.04
# 检查是否以root权限运行
if [ "$EUID" -ne 0 ]; then
echo "请使用 sudo 运行此脚本"
exit 1
fi
echo "========================================="
echo "开始配置 UFW 防火墙规则"
echo "========================================="
# 1. 禁用UFW确保配置过程中不会被锁定
echo ">>> 临时禁用 UFW"
ufw disable
# 2. 重置UFW到默认状态清除所有现有规则
echo ">>> 重置 UFW 到默认状态"
echo "y" | ufw reset
# 3. 设置默认策略:允许所有出站流量,拒绝所有入站流量
echo ">>> 设置默认策略:允许出站,拒绝入站"
ufw default allow outgoing
echo "执行: ufw default allow outgoing"
ufw default deny incoming
echo "执行: ufw default deny incoming"
# 4. 允许白名单IP的所有流量入站方向
echo ">>> 添加白名单 IP 规则(允许所有端口和协议)"
echo "执行: ufw allow from 42.192.52.227/32"
ufw allow from 42.192.52.227/32
echo "执行: ufw allow from 43.154.83.213/32"
ufw allow from 43.154.83.213/32
echo "执行: ufw allow from 144.24.164.121/32"
ufw allow from 144.24.164.121/32
echo "执行: ufw allow from 132.145.87.10/32"
ufw allow from 132.145.87.10/32
echo "执行: ufw allow from 140.238.0.0/16"
ufw allow from 140.238.0.0/16
# 5. 允许公网访问指定端口TCP 和 UDP
echo ">>> 开放公网端口0.0.0.0/0"
echo "执行: ufw allow from 0.0.0.0/0 to any port 443 proto tcp"
ufw allow from 0.0.0.0/0 to any port 443 proto tcp
echo "执行: ufw allow from 0.0.0.0/0 to any port 443 proto udp"
ufw allow from 0.0.0.0/0 to any port 443 proto udp
echo "执行: ufw allow from 0.0.0.0/0 to any port 22333 proto tcp"
ufw allow from 0.0.0.0/0 to any port 22333 proto tcp
echo "执行: ufw allow from 0.0.0.0/0 to any port 22333 proto udp"
ufw allow from 0.0.0.0/0 to any port 22333 proto udp
echo "执行: ufw allow from 0.0.0.0/0 to any port 25000:26000 proto tcp"
ufw allow from 0.0.0.0/0 to any port 25000:26000 proto tcp
echo "执行: ufw allow from 0.0.0.0/0 to any port 25000:26000 proto udp"
ufw allow from 0.0.0.0/0 to any port 25000:26000 proto udp
# 6. 禁止非白名单IP的ICMP请求ping
echo ">>> 配置 ICMP 规则仅允许白名单IP"
echo "注意默认拒绝策略已经阻止非白名单的ICMP白名单IP可以ping"
# 7. 启用UFW
echo ">>> 启用 UFW 防火墙"
echo "y" | ufw enable
# 8. 显示当前规则
echo "========================================="
echo "UFW 防火墙配置完成!当前规则如下:"
echo "========================================="
ufw status verbose
echo ""
echo "配置总结:"
echo "- 出站流量:全部允许"
echo "- 入站流量:默认拒绝"
echo "- 开放端口443, 22333, 25000-26000 (TCP/UDP)"
echo "- 白名单IP42.192.52.227, 43.154.83.213, 144.24.164.121, 132.145.87.10, 140.238.0.0/16"
echo "- ICMP仅白名单IP可访问"
Reference in New Issue View Git Blame Copy Permalink