我使用的是 Ubuntu 18.04,并启用了 ufw。Quake3 服务器服务名为“quake3-server.service”,仅使用 UDP 端口。我已使用以下命令设置 iptables 规则:
sudo iptables -A INPUT -p udp --dport quake3-server -j ACCEPT
sudo iptables -A INPUT -p udp --dport 27960 -j ACCEPT
并尝试了 tcp 设置。我检查了这些设置是否已应用,并使用以下命令重新启动了 iptables:
systemctl stop netfilter-persistent
systemctl start netfilter-persistent
systemctl restart netfilter-persistent
我尝试通过以下方式将规则添加到 ufw:
sudo ufw allow 27960
sudo ufw allow 27960/udp
并尝试添加服务和服务器:
sudo ufw allow quake3-server
sudo ufw allow quake3-server.service
并在 etc/ufw/applications.d 中添加了一个“应用程序配置文件”:
[quake3-server.service]
title=Q3Server
description=Q3 server details description
ports=29760/udp|29760/tcp
[quake3-server]
title=Q3Server
description=Q3 server details description
ports=29760/udp|29760/tcp
并成功保存并重新启动每个添加。
服务器sudo iptables -L如下:
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT tcp -- anywhere anywhere tcp dpt:27960
ACCEPT udp -- anywhere anywhere udp dpt:27960
ACCEPT tcp -- anywhere anywhere tcp dpt:27960
ACCEPT udp -- anywhere anywhere udp dpt:27960
ACCEPT tcp -- anywhere 0.0.0.0 tcp dpt:27960
ACCEPT udp -- anywhere 0.0.0.0 udp dpt:27960
ufw status verbose显示:
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
10000/tcp ALLOW IN Anywhere
27960/tcp ALLOW IN Anywhere
27960/udp ALLOW IN Anywhere
27960 ALLOW IN Anywhere
0.0.0.0 27960 ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
10000/tcp (v6) ALLOW IN Anywhere (v6)
27960/tcp (v6) ALLOW IN Anywhere (v6)
27960/udp (v6) ALLOW IN Anywhere (v6)
27960 (v6) ALLOW IN Anywhere (v6)
并sudo ufw show raw显示:
Chain ufw6-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:22
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:80
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:443
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:10000
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:27960
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:27960
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:27960
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:27960
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
897 53696 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
23 1072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
5 248 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
1 44 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0 udp dpt:27960
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
51529 4804279 ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
51529 4804279 ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
12265 732225 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
12037 719561 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
12037 719561 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
12037 719561 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
ZenMap 显示:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
10000/tcp open snet-sensor-mgmt
并且 telnet 似乎也不想连接端口 27960。
因此尝试让端口 27960 可供网络查看和连接。
一个提示可能是:当禁用时ufw,端口在 ZenMap 和 Telnet 中仍然对网络保持隐藏。
下载 quake3-server 后,我以为它会自动为专用服务器添加防火墙例外,但事实似乎并非如此,如下ufw app list所示:
Available applications:
Apache
Apache Full
Apache Secure
Bind9
Dovecot IMAP
Dovecot POP3
Dovecot Secure IMAP
Dovecot Secure POP3
OpenSSH
Postfix
Postfix SMTPS
Postfix Submission
它现在quake3-server.service也显示在该列表中,因为我手动添加了它并重新启动了 ufw 和 iptables 服务。
有什么建议吗?谢谢。我相信这很简单。
更新
sudo iptables -v -x -n -LDoug Smythies得出的结果:
Chain INPUT (policy DROP 9716 packets, 434587 bytes)
pkts bytes target prot opt in out source dest ination
206710 24244632 ufw-before-logging-input all -- * * 0.0.0.0/0
0.0.0.0/0
206710 24244632 ufw-before-input all -- * * 0.0.0.0/0
0.0.0.0/0
23145 1226262 ufw-after-input all -- * * 0.0.0.0/0
0.0.0.0/0
21753 1154148 ufw-after-logging-input all -- * * 0.0.0.0/0
0.0.0.0/0
21753 1154148 ufw-reject-input all -- * * 0.0.0.0/0
0.0.0.0/0
21753 1154148 ufw-track-input all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source dest ination
12517 741629 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
201 10072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
146 7628 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
26 1200 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27960
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0 tcp dpt:27960
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0 udp dpt:27960