我最终选择了防火墙的方案,只指定部分mac地址访问我的77端口即可:
- 配置允许访问的端口(这一步应该先进行,否则就无法访问Web服务了)
# 192.168.13.113
# Base(192.168.13.68)
# Node1(192.168.13.195)
# Node2(192.168.13.83)
# Node3(192.168.13.32)
# Node4(192.168.13.105)
# Node5(192.168.13.236)
iptables -I INPUT -s 192.168.13.113 -j ACCEPT
iptables -I INPUT -s 192.168.13.68 -j ACCEPT
iptables -I INPUT -s 192.168.13.195 -j ACCEPT
iptables -I INPUT -s 192.168.13.83 -j ACCEPT
iptables -I INPUT -s 192.168.13.32 -j ACCEPT
iptables -I INPUT -s 192.168.13.105 -j ACCEPT
iptables -I INPUT -s 192.168.13.236 -j ACCEPT
iptables -I INPUT -s 192.168.28.118 -j ACCEPT
- 设置lan口的入站规则为拒绝
Web服务(作废,不优雅,麻烦)
- 编辑/etc/config/uhttpd
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
config cert 'defaults'
option days '730'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
- 重启该服务
/etc/init.d/uhttpd restart