Debug客栈
做一个爱分享的程序猿
Debug客栈
阿里云ECS安全组策略分析

阿里云ECS安全组策略简单来说就是开放服务器端口供外界来使用,端口举个例子,常见的http默认的端口就是80,MySQL数据库的端口是3306,FTP的端口是21,宝塔面板的自定义初始端口是8888等等很多端口,下面给大家介绍一下端口是什么。

阿里云ECS禁封端口号

安全组是一种虚拟防火墙,具备状态检测和数据包过滤功能,用于在云端划分安全域。您可以通过配置安全组规则,允许或禁止安全组内的ECS实例对公网或私网的访问。

云服务器 ECS > 安全 > 安全组 > 安全组概述

由于出于对互联网的开放负责,阿里云目前已知只将25端口调用465端口禁封掉 。

25端口主要是用于邮件发送服务的端口,其实主要是阿里云想推广自家邮件服务,不过可以理解。

ECS站点需要开放那些端口

  1. FTP外放端口 21/21
  2. 宝塔面板端口 8888/8888
  3. https开放端口 443/443
  4. 数据库访问权限 3306/3306

除了自定义端口外,阿里云服务器还自己开启了-1/22/3389端口,这三个端口均为系统创建规则。

具体导出规则明细

[
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"FTP外放端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"21/21",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:17:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"宝塔面板端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"8888/8888",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:16:11Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"https开放端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"443/443",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:13:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:13:33Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"MySQL数据库入站端口",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"80/80",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-07-30T00:54:19Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"数据库访问权限",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3306/3306",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-07-20T02:37:51Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"-1/-1",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"ICMP",
        "SourcePortRange":"-1/-1",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"0.0.0.0/0",
        "Description":"System created rule.",
        "DestCidrIp":"",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3389/3389",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"ingress",
        "Priority":110,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2018-02-10T09:38:13Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"22/22",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"23/23",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"3306/3306",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"443/443",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    },
    {
        "SourceCidrIp":"",
        "Description":"",
        "DestCidrIp":"0.0.0.0/0",
        "NicType":"intranet",
        "DestGroupName":"",
        "PortRange":"80/80",
        "DestGroupId":"",
        "Ipv6DestCidrIp":"",
        "Direction":"egress",
        "Priority":1,
        "IpProtocol":"TCP",
        "SourcePortRange":"",
        "SourceGroupOwnerAccount":"",
        "Policy":"Accept",
        "CreateTime":"2019-06-13T03:12:49Z",
        "SourceGroupId":"",
        "DestGroupOwnerAccount":"",
        "Ipv6SourceCidrIp":"",
        "SourceGroupName":""
    }
]

以上配置是我阿里云服务器外网线圈组配置,基本就是把用到的服务启用的端口都设置了一下,此配置适用于门户网站或者博客环境,就到这吧!

赞赏
本文链接:https://www.debuginn.cn/3010.html
本文采用 CC BY-NC-SA 3.0 Unported 协议进行许可,转载请保留此文章链接
相关链接: Debug客栈  |  Debug客栈引导页  |  加入交流群  |  赞助本站  |  博主微博  |  博主推特  |  音乐下载器
社会主义核心价值观: 富强、民主、文明、和谐、自由、平等、公正、法治、爱国、敬业、诚信、友善

发表评论

textsms
account_circle
email

Debug客栈

阿里云ECS安全组策略分析
阿里云ECS安全组策略简单来说就是开放服务器端口供外界来使用,端口举个例子,常见的http默认的端口就是80,MySQL数据库的端口是3306,FTP的端口是21,宝塔面板的自定义初始端口是8888等…
扫描二维码继续阅读
2019-06-15