UFW 为 DENY/DENY,但数据包仍从我的以太网设备中传出。这是为什么?

UFW 为 DENY/DENY,但数据包仍从我的以太网设备中传出。这是为什么?

你好,

我有个问题。我想使用 UFW Ubuntu 防火墙完全锁定服务器的输入和输出,以确保最初不会发送任何数据包作为基准。

我启用了 UFW,并使用 GUFW 将 SEND/RECV 都设置为 DENY/DENY,但是执行 tcpdump 时...我仍然看到数据包。这是为什么?

root@ubuntu12:~# tcpdump -i eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN1MB (Ethernet), capture size 65535 bytes
00:18:13.546778 IP 13.14.3.22.https > 192.168.1.11.53742: Flags [P.], seq 61669:25111754, ack 55373, win 1334, length 60
00:18:13.583974 IP 192.168.1.11.53742 > 13.14.3.22.https: Flags [.], ack 60, win 330, length 0
00:18:16.368458 IP 192.168.1.11.37884 > 11.21.4.13.40029: Flags [P.], seq 1557077:1525079, ack 3451606, win 331, options [nop,nop,TS val 667792 ecr 4834388], length 2
00:18:16.476004 IP 16.1.4.13.4009 > 192.168.1.11.384: Flags [.], ack 2, win 83, options [nop,nop,TS val 483331 ecr 667752], length 0

UFW防火墙的配置:

$  sudo grep '^### tuple' /lib/ufw/user*.rules
/lib/ufw/user.rules:### tuple ### deny tcp 443 0.0.0.0/0 any 0.0.0.0/0 in
/lib/ufw/user.rules:### tuple ### deny udp 4444 0.0.0.0/0 any 0.0.0.0/0 in
/lib/ufw/user.rules:### tuple ### deny tcp 6881:6891 0.0.0.0/0 any 0.0.0.0/0 in
/lib/ufw/user.rules:### tuple ### deny udp 6881:6891 0.0.0.0/0 any 0.0.0.0/0 in
in
/lib/ufw/user.rules:### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in
/lib/ufw/user.rules:### tuple ### deny any 631 0.0.0.0/0 any 0.0.0.0/0 CUPS - in





$ ufw status

status: active

To                         Action      From
--                         ------      ----
51413/tcp                  DENY        Anywhere
51413/udp                  DENY        Anywhere
443/tcp                    DENY        Anywhere
6881/tcp                   DENY        Anywhere
6881/udp                   DENY        Anywhere
2234:2239/tcp              DENY        Anywhere
2242/tcp                   DENY        Anywhere
2240/tcp                   DENY        Anywhere
4444/udp                   DENY        Anywhere
4662/tcp                   DENY        Anywhere
4672/udp                   DENY        Anywhere
53                         DENY        Anywhere






$ sudo ufw show raw 
IPV4 (raw):
Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       1       40 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0            tcpflags:! 0x17/0x02
  205761 27027186 ACCEPT     udp  --  *      *       127.0.0.1            0.0.0.0/0           
       2      141 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
   77235  9359718 DROP       all  --  eth0   *       0.0.0.0/0            255.255.255.255     
  170607 17948324 DROP       all  --  *      *       0.0.0.0/0            192.168.0.255       
       0        0 DROP       all  --  *      *       224.0.0.0/8          0.0.0.0/0           
       0        0 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/8         
       0        0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0           
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0             
    1564   289698 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
       0        0 LSI        all  -f  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5
 3759890 3187820179 INBOUND    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   18258  1735226 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   18258  1735226 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 6 prefix "Unknown Input"
   18258  1735226 ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   18258  1735226 ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   18258  1735226 ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
       0        0 LOG_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix "Outbound "
       0        0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
Chain ufw-before-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
       0        0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 4
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
       0        0 ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
       0        0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
       0        0 ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
       0        0 ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
       0        0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
       0        0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
       0        0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-limit (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
       0        0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
Chain PREROUTING (policy ACCEPT 539090 packets, 100712724 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 306 packets, 28746 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 372448 packets, 21597937 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 369100 packets, 21156985 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
Chain PREROUTING (policy ACCEPT 4477889 packets, 3314295778 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 4233318 packets, 3244180512 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3535682 packets, 419300008 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 3553346 packets, 421249234 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
Chain PREROUTING (policy ACCEPT 181 packets, 36795 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 167 packets, 31957 bytes)
    pkts      bytes target     prot opt in     out     source               destination         


IPV6:
Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     145    10432 ufw6-before-logging-input  all      *      *       ::/0                 ::/0                
     145    10432 ufw6-before-input  all      *      *       ::/0                 ::/0                
       0        0 ufw6-after-input  all      *      *       ::/0                 ::/0                
       0        0 ufw6-after-logging-input  all      *      *       ::/0                 ::/0                
       0        0 ufw6-reject-input  all      *      *       ::/0                 ::/0                
       0        0 ufw6-track-input  all      *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ufw6-before-logging-forward  all      *      *       ::/0                 ::/0                
       0        0 ufw6-before-forward  all      *      *       ::/0                 ::/0                
       0        0 ufw6-after-forward  all      *      *       ::/0                 ::/0                
       0        0 ufw6-after-logging-forward  all      *      *       ::/0                 ::/0                
       0        0 ufw6-reject-forward  all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
      22     1432 ufw6-before-logging-output  all      *      *       ::/0                 ::/0                
      22     1432 ufw6-before-output  all      *      *       ::/0                 ::/0                
      15      960 ufw6-after-output  all      *      *       ::/0                 ::/0                
      15      960 ufw6-after-logging-output  all      *      *       ::/0                 ::/0                
      15      960 ufw6-reject-output  all      *      *       ::/0                 ::/0                
      15      960 ufw6-track-output  all      *      *       ::/0                 ::/0                

Chain ufw6-after-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-after-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:137
       0        0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:138
       0        0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:139
       0        0 ufw6-skip-to-policy-input  tcp      *      *       ::/0                 ::/0                 tcp dpt:445
       0        0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:67
       0        0 ufw6-skip-to-policy-input  udp      *      *       ::/0                 ::/0                 udp dpt:68

Chain ufw6-after-logging-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-before-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all      *      *       ::/0                 ::/0                 rt type:0 segsleft:0
       0        0 ufw6-user-forward  all      *      *       ::/0                 ::/0                

Chain ufw6-before-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all      lo     *       ::/0                 ::/0                
       0        0 DROP       all      *      *       ::/0                 ::/0                 rt type:0 segsleft:0
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 133 HL match HL == 255
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 134 HL match HL == 255
       0        0 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
       0        0 ACCEPT     icmpv6    *      *       fe80::/10            ::/0                 ipv6-icmptype 129
       0        0 ufw6-logging-deny  all      *      *       ::/0                 ::/0                 state INVALID
       0        0 DROP       all      *      *       ::/0                 ::/0                 state INVALID
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 1
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 2
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 3
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 4
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 128
       0        0 ACCEPT     udp      *      *       fe80::/10            fe80::/10            udp spt:547 dpt:546
       0        0 ACCEPT     udp      *      *       ::/0                 ff02::fb/128         udp dpt:5353
       0        0 ACCEPT     udp      *      *       ::/0                 ff02::f/128          udp dpt:1900
       0        0 ufw6-user-input  all      *      *       ::/0                 ::/0                

Chain ufw6-before-logging-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw6-before-logging-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw6-before-logging-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw6-before-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 ACCEPT     all      *      lo      ::/0                 ::/0                
       0        0 DROP       all      *      *       ::/0                 ::/0                 rt type:0 segsleft:0
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 135 HL match HL == 255
       0        0 ACCEPT     icmpv6    *      *       ::/0                 ::/0                 ipv6-icmptype 136 HL match HL == 255
       0        0 ACCEPT     all      *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
       0        0 ufw6-user-output  all      *      *       ::/0                 ::/0                

Chain ufw6-logging-allow (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 LOG        all      *      *       ::/0                 ::/0                 state INVALID LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
       0        0 LOG        all      *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-reject-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-skip-to-policy-forward (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all      *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-input (6 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all      *      *       ::/0                 ::/0                

Chain ufw6-skip-to-policy-output (0 references)
    pkts      bytes target     prot opt in     out     source               destination         
       0        0 DROP       all      *      *       ::/0                 ::/0                

Chain ufw6-track-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-track-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-forward (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-input (1 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-limit (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-limit-accept (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-forward (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-input (0 references)
    pkts      bytes target     prot opt in     out     source               destination         

Chain ufw6-user-output (1 references)
    pkts      bytes target     prot opt in     out     source               destination         
Chain PREROUTING (policy ACCEPT 17 packets, 1813 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

如何设置 UFW,以便拒绝/拒绝确保没有数据包发送到我的以太网设备? UFW 的 DENY/DENY 不是应该阻止所有内容双向通过 eth0 网卡吗?

编辑:我通过假断开网线来修复此问题的临时方法正在运行:sudo 服务网络停止

相关内容