Why?
部分的でもいいから残しておこうと思った
ref
メモ
現在の設定を見る
ufw status
有効にする
ufw enable
ipv6 を無効にする
# IPV6=yes の行数を確認する grep -i -n ipv6 /etc/default/ufw # root@unbound01:~# grep -n -i ipv6 /etc/default/ufw 4:# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback 7:IPV6=yes root@unbound01:~# # 7 行目をコメントアウト sed '7s/^/# /' /etc/default/ufw -i # root@unbound01:~# sed '7s/^/# /' /etc/default/ufw -i root@unbound01:~# root@unbound01:~# grep -in ipv6 /etc/default/ufw 4:# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback 7:# IPV6=yes root@unbound01:~#
unbound 再起動
unbound-checkconf
systemctl restart unbound
ufw allow from 192.168.10.0/24 to any port 53 ufw allow from 192.168.100.0/24 to any port 53 ufw allow from 192.168.10.0/24 to any port 22 proto tcp ufw allow from 192.168.100.0/24 to any port 22 proto tcp
check
ufw status ufw status verbose # root@unbound01:~# ufw status Status: active To Action From -- ------ ---- 53 ALLOW 192.168.10.0/24 53 ALLOW 192.168.100.0/24 22/tcp ALLOW 192.168.10.0/24 22/tcp ALLOW 192.168.100.0/24 root@unbound01:~# root@unbound01:~# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 53 ALLOW IN 192.168.10.0/24 53 ALLOW IN 192.168.100.0/24 22/tcp ALLOW IN 192.168.10.0/24 22/tcp ALLOW IN 192.168.100.0/24 root@unbound01:~#
reload して再読込
ufw reload
