一、Ubuntu 防火墙 ufw 问题记录
系统 Ubuntu 20.04,ufw 禁止 IP 地址 A.B.C.D 的访问:
结果监控里面 A.B.C.D 的 IP 还是在大量连接。
然后 ufw status 看了下状态,规则生效了啊,甚至重新 reload也没用,怎么回事呢?
UFW (iptables) 规则的匹配基于规则出现的顺序,一旦匹配某个规则,检查便会停止。因此,如果某个规则允许访问 TCP 端口 22 (如使用 udo ufw allow 22),后面另一个规则指示拦截某个 IP 地址(如使用 ufw deny proto tcp from A.B.C.D to any port 22)。最终,允许访问 TCP 端口 22 的规则会被使用,而后一个拦截黑客 IP 地址 A.B.C.D 却没有被使用。
这都是由于规则的顺序造成的。为避免这类问题,你需要编辑 /etc/ufw/before.rules文件,在“# End required lines”之后”Block an IP Address”添加规则。
二、Ubuntu 防火墙 ufw 问题解决
所以 vim /etc/ufw/before.rules
查找如下所示的行:
# End required lines添加规则来拦截黑客或垃圾信息传播者:
# Block spammers
-A ufw-before-input -s A.B.C.D -j DROP保存并关闭文件。最后,让防火墙重新加载配置信息:
ufw reload这样折腾一圈,果然生效了。不过不理解这 ufw 的设计逻辑,也许有其他需求会这样,但对于大多数简单的拦截 IP 等应用环境,这个逻辑更像一个 bug。
Excellent article! The depth of analysis is impressive. For those wanting more information, I recommend this link: FIND OUT MORE. Keen to see what others think!
hello there and thank you for your info – I have definitely picked up anything new from
right here. I did however expertise a few technical points using
this site, since I experienced to reload the site many times previous to I
could get it to load properly. I had been wondering if your hosting is
OK? Not that I’m complaining, but slow loading instances times will
often affect your placement in google and can damage your high quality score if advertising
and marketing with Adwords. Anyway I’m adding this RSS to my
email and can look out for a lot more of your respective
intriguing content. Ensure that you update this again very soon..
Najlepsze escape roomy
I was studying some of your posts on this website and I conceive this web
site is real instructive! Retain putting up.!