我要评分
获取效率
正确性
完整性
易理解

Firewall Rules

Configuring firewall rules is the most critical part of OpenClaw security hardening. The core principle is "deny by default and allow on demand". Only necessary ports are enabled, and all other ports are blocked.

The following configurations may affect external access. If external access is required, you are advised to use an allowlist mechanism to permit only necessary IP addresses or ports.

Procedure

  • System firewall (UFW – Ubuntu/Debian)
    sudo ufw allow from 127.0.0.1 to any port 18789
    sudo ufw default deny incoming
    sudo ufw default deny forward
    sudo ufw enable
  • iptables (Generic Linux)
    1. Set the default policy to discard all inbound and forwarded traffic and allow only outbound traffic.
      sudo iptables -P INPUT DROP
      sudo iptables -P FORWARD DROP
      sudo iptables -P OUTPUT ACCEPT
    2. Allow local loop back traffic.
      sudo iptables -A INPUT -i lo -j ACCEPT
    3. Save the rules (Ubuntu/Debian).
      sudo apt install iptables-persistent -y
      sudo netfilter-persistent save