我正在尝试将 ufw 配置为仅允许连接到本地网络上的 3 个 IP 地址,并拒绝其他所有 IP 地址。以下是我使用的命令:
yes | sudo ufw reset
sudo ufw default deny
sudo ufw allow in from 192.168.11.109
sudo ufw allow in from 192.168.11.118
sudo ufw allow in from 192.168.11.212
sudo ufw allow out to 192.168.11.109
sudo ufw allow out to 192.168.11.118
sudo ufw allow out to 192.168.11.212
sudo ufw enable
sudo ufw status verbose
一切似乎都正常。以下是 status 命令的结果:
joel@walker11 ~> sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere ALLOW IN 192.168.11.109
Anywhere ALLOW IN 192.168.11.118
Anywhere ALLOW IN 192.168.11.212
192.168.11.109 ALLOW OUT Anywhere
192.168.11.118 ALLOW OUT Anywhere
192.168.11.212 ALLOW OUT Anywhere
但是,我无法 ping 任何我明确允许的 IP 地址:
joel@walker11 ~> ping 192.168.11.109
PING 192.168.11.109 (192.168.11.109) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- 192.168.11.109 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
我该如何设置防火墙来允许往返于这些 IP 地址的流量?