Arch Linux

kle

会员

注册时间： 2024-08-05

帖子： 3

能分享服务器的防火墙配置吗？

table inet dev {

  set blackhole_ipv4 {
    type ipv4_addr;
    flags dynamic, timeout;
    size 65536;
  }
  set blackhole_ipv6 {
    type ipv6_addr;
    flags dynamic, timeout;
    size 65536;
  }

  chain input {
    type filter hook input priority filter; policy accept;

    ct state new tcp dport 22 limit rate 10/hour

    ct state new tcp dport 443 \
        meter flood_ipv4 size 128000 { ip saddr timeout 10s limit rate over 10/second } \
        add @blackhole_ipv4 { ip saddr timeout 10m }
    ct state new tcp dport 443 \
        meter flood_ipv6 size 128000 { ip6 saddr and ffff:ffff:ffff:ffff:: timeout 10s limit rate over 10/second } \
        add @blackhole_ipv6 { ip6 saddr and ffff:ffff:ffff:ffff:: timeout 10m }

    ip saddr @blackhole_ipv4 counter drop
    ip6 saddr and ffff:ffff:ffff:ffff:: @blackhole_ipv6 counter drop
  }
}

依云

会员

所在地： a.k.a. 百合仙子

注册时间： 2011-08-21

帖子： 8,952

个人网站

Re: 能分享服务器的防火墙配置吗？

https://www.cloudflare.com/zh-cn/products/turnstile/