JS@ 服务器SSH安全防护解决方案的实际应用效果

在我的华为云服务器上从2026年2月9日开始部署此方案起，经过春节这段时间我一直没有空关注我的服务器，这两天有空关注了一下，觉得效果不错。

从2026年2月9日到2026年2月24日止，总共被防火墙拦截的ip和ip段数目是1954个

firewall-cmd --list-rich-rules | wc -l

1954

具体的栏截内容截显如下：

 firewall-cmd --list-rich-rules 

rule family="ipv4" source address="98.70.102.179" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="103.183.62.2" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="124.200.54.18" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="103.163.215.10" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="38.107.234.116" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="182.40.195.233" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="210.183.21.53" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="45.55.198.79" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="120.48.85.137" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"
.
.
.
rule family="ipv4" source address="36.137.249.148" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="144.91.121.136" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="202.165.29.119" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="120.48.42.17" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="156.227.236.246" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="129.148.36.96" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

[root@hcss-ecs-4917 ~]#

拦截的攻击网段如下：

[root@hcss-ecs-4917 ~]# firewall-cmd --list-rich-rules | grep -e ".0/24"

rule family="ipv4" source address="69.5.189.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="103.181.143.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="103.250.10.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

.
.
.

rule family="ipv4" source address="14.103.120.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="171.25.158.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="103.189.234.0/24" port port="9922" protocol="tcp" reject type="icmp-port-unreachable"

[root@hcss-ecs-4917 ~]#

拦截的网段数为61：

firewall-cmd --list-rich-rules | grep -e ".0/24" | wc -l

61

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search