我已经在 Ubuntu Focal 上启用了简单防火墙：

# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

然而，它似乎没有阻止任何东西：

# ip -o -4 address
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: enp0s3    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3\       valid_lft 77618sec preferred_lft 77618sec

# nmap 127.0.0.1 10.0.2.15
Starting Nmap 7.80 ( https://nmap.org ) at 2020-12-17 15:11 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000030s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh

Nmap scan report for dummyhost (10.0.2.15)
Host is up (0.0000030s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 2 IP addresses (2 hosts up) scanned in 0.05 seconds

我究竟做错了什么？

更新

在同一主机上扫描和运行时显然nmap不会穿越防火墙。有没有办法nmap像从远程系统扫描一样扫描本地系统上的公共地址？