因为mongo hacks我试图用ufw设置防火墙
状态显示:27017已禁用:
# ufw status
Status: active
To Action From
-- ------ ----
22 LIMIT Anywhere
2375/tcp ALLOW Anywhere
2376/tcp ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
3000/tcp ALLOW Anywhere
51000 ALLOW Anywhere
27017 DENY Anywhere
22 (v6) LIMIT Anywhere (v6)
2375/tcp (v6) ALLOW Anywhere (v6)
2376/tcp (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
3000/tcp (v6) ALLOW Anywhere (v6)
51000 (v6) ALLOW Anywhere (v6)
27017 (v6) DENY Anywhere (v6)
我也做了
$ sudo ufw reload
但是,我仍然可以执行mongo --host my.domain.com
并打开与mongoDB实例的连接。
也试过了,但它也不起作用:
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 28017 -j ACCEPT
如何锁定防火墙访问?
谢谢!