阿里云ECS安全组策略简单来说就是开放服务器端口供外界来使用，端口举个例子，常见的http默认的端口就是80，MySQL数据库的端口是3306，FTP的端口是21，宝塔面板的自定义初始端口是8888等等很多端口，下面给大家介绍一下端口是什么。

阿里云ECS禁封端口号

安全组是一种虚拟防火墙，具备状态检测和数据包过滤功能，用于在云端划分安全域。您可以通过配置安全组规则，允许或禁止安全组内的ECS实例对公网或私网的访问。

云服务器 ECS > 安全 > 安全组 > 安全组概述

由于出于对互联网的开放负责，阿里云目前已知只将25端口调用465端口禁封掉 。

25端口主要是用于邮件发送服务的端口，其实主要是阿里云想推广自家邮件服务，不过可以理解。

ECS站点需要开放那些端口

1. FTP外放端口 21/21
2. 宝塔面板端口 8888/8888
3. https开放端口 443/443
4. 数据库访问权限 3306/3306

除了自定义端口外，阿里云服务器还自己开启了-1/22/3389端口，这三个端口均为系统创建规则。

具体导出规则明细

[
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"FTP外放端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"21/21",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:17:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"宝塔面板端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"8888/8888",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:16:11Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"https开放端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"443/443",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:13:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:13:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"MySQL数据库入站端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"80/80",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-07-30T00:54:19Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"数据库访问权限",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3306/3306",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-07-20T02:37:51Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"-1/-1",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"ICMP",
        "SourcePortRange":"-1/-1",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3389/3389",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"23/23",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3306/3306",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"443/443",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"80/80",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    }
]

以上配置是我阿里云服务器外网线圈组配置，基本就是把用到的服务启用的端口都设置了一下，此配置适用于门户网站或者博客环境，就到这吧！