阿里云ECS安全组策略简单来说就是开放服务器端口供外界来使用,端口举个例子,常见的http默认的端口就是80,MySQL数据库的端口是3306,FTP的端口是21,宝塔面板的自定义初始端口是8888等等很多端口,下面给大家介绍一下端口是什么。
阿里云ECS禁封端口号
安全组是一种虚拟防火墙,具备状态检测和数据包过滤功能,用于在云端划分安全域。您可以通过配置安全组规则,允许或禁止安全组内的ECS实例对公网或私网的访问。
云服务器 ECS > 安全 > 安全组 > 安全组概述
由于出于对互联网的开放负责,阿里云目前已知只将25端口调用465端口禁封掉 。
25端口主要是用于邮件发送服务的端口,其实主要是阿里云想推广自家邮件服务,不过可以理解。
ECS站点需要开放那些端口
- FTP外放端口 21/21
- 宝塔面板端口 8888/8888
- https开放端口 443/443
- 数据库访问权限 3306/3306
除了自定义端口外,阿里云服务器还自己开启了-1/22/3389端口,这三个端口均为系统创建规则。
具体导出规则明细
[
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"FTP外放端口",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"21/21",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:17:33Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"宝塔面板端口",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"8888/8888",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:16:11Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"https开放端口",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"443/443",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:13:33Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"22/22",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:13:33Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"MySQL数据库入站端口",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"80/80",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2018-07-30T00:54:19Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"数据库访问权限",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"3306/3306",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2018-07-20T02:37:51Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"System created rule.",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"-1/-1",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":110,
"IpProtocol":"ICMP",
"SourcePortRange":"-1/-1",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2018-02-10T09:38:13Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"System created rule.",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"22/22",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":110,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2018-02-10T09:38:13Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"0.0.0.0/0",
"Description":"System created rule.",
"DestCidrIp":"",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"3389/3389",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"ingress",
"Priority":110,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2018-02-10T09:38:13Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"",
"Description":"",
"DestCidrIp":"0.0.0.0/0",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"22/22",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"egress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:12:49Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"",
"Description":"",
"DestCidrIp":"0.0.0.0/0",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"23/23",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"egress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:12:49Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"",
"Description":"",
"DestCidrIp":"0.0.0.0/0",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"3306/3306",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"egress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:12:49Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"",
"Description":"",
"DestCidrIp":"0.0.0.0/0",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"443/443",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"egress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:12:49Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
},
{
"SourceCidrIp":"",
"Description":"",
"DestCidrIp":"0.0.0.0/0",
"NicType":"intranet",
"DestGroupName":"",
"PortRange":"80/80",
"DestGroupId":"",
"Ipv6DestCidrIp":"",
"Direction":"egress",
"Priority":1,
"IpProtocol":"TCP",
"SourcePortRange":"",
"SourceGroupOwnerAccount":"",
"Policy":"Accept",
"CreateTime":"2019-06-13T03:12:49Z",
"SourceGroupId":"",
"DestGroupOwnerAccount":"",
"Ipv6SourceCidrIp":"",
"SourceGroupName":""
}
]
以上配置是我阿里云服务器外网线圈组配置,基本就是把用到的服务启用的端口都设置了一下,此配置适用于门户网站或者博客环境,就到这吧!
发表评论