![我的系统日志服务器上每秒都会收到数十条 [UFW BLOCK] 消息](https://linux22.com/image/1190882/%E6%88%91%E7%9A%84%E7%B3%BB%E7%BB%9F%E6%97%A5%E5%BF%97%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%E6%AF%8F%E7%A7%92%E9%83%BD%E4%BC%9A%E6%94%B6%E5%88%B0%E6%95%B0%E5%8D%81%E6%9D%A1%20%5BUFW%20BLOCK%5D%20%E6%B6%88%E6%81%AF.png)
我目前正在运行一个 Ubuntu 服务器,在经历了几个月的高平均值之后,它的传入流量突然大幅下降。我在日志中注意到,每分钟都会生成数十条类似的 UFW Block 消息。您可以在下面看到相同的内容。
Nov 15 14:27:23 instance-1 kernel: [163291.543066] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=34658 DF PROTO=TCP SPT=33842 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:27:42 instance-1 kernel: [163310.995951] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=26888 DF PROTO=TCP SPT=33866 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:28:04 instance-1 kernel: [163332.872929] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.9.80.225 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=20671 DF PROTO=TCP SPT=53912 DPT=443 WINDOW=78 RES=0x00 ACK RST URGP=0
Nov 15 14:28:22 instance-1 kernel: [163351.244056] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=50298 DF PROTO=TCP SPT=33920 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:28:43 instance-1 kernel: [163371.603557] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=22370 DF PROTO=TCP SPT=59386 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:29:03 instance-1 kernel: [163391.555748] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=63536 DF PROTO=TCP SPT=33966 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:29:22 instance-1 kernel: [163411.282287] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=21342 DF PROTO=TCP SPT=33992 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:29:43 instance-1 kernel: [163431.696134] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=26408 DF PROTO=TCP SPT=59452 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:30:02 instance-1 kernel: [163451.054888] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=9973 DF PROTO=TCP SPT=34044 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:30:23 instance-1 kernel: [163472.053652] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=63549 DF PROTO=TCP SPT=59502 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0
Nov 15 14:30:43 instance-1 kernel: [163491.764167] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=33918 DF PROTO=TCP SPT=34094 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:31:03 instance-1 kernel: [163511.668000] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=14829 DF PROTO=TCP SPT=34122 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:31:23 instance-1 kernel: [163532.325401] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=34162 DF PROTO=TCP SPT=59572 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:31:44 instance-1 kernel: [163552.837822] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=29658 DF PROTO=TCP SPT=59590 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0
Nov 15 14:32:03 instance-1 kernel: [163572.375370] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=15828 DF PROTO=TCP SPT=34202 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0
Nov 15 14:32:22 instance-1 kernel: [163591.109170] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=16812 DF PROTO=TCP SPT=47858 DPT=443 WINDOW=192 RES=0x00 ACK RST URGP=0
Nov 15 14:32:43 instance-1 kernel: [163612.004351] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=2666 DF PROTO=TCP SPT=34256 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:33:03 instance-1 kernel: [163632.189419] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=27812 DF PROTO=TCP SPT=34278 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:33:23 instance-1 kernel: [163652.203641] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=22986 DF PROTO=TCP SPT=47938 DPT=443 WINDOW=186 RES=0x00 ACK RST URGP=0
Nov 15 14:33:43 instance-1 kernel: [163672.376794] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=17200 DF PROTO=TCP SPT=34326 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:34:03 instance-1 kernel: [163692.273798] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=21450 DF PROTO=TCP SPT=34350 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:34:24 instance-1 kernel: [163712.542638] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35389 DF PROTO=TCP SPT=48004 DPT=443 WINDOW=192 RES=0x00 ACK RST URGP=0
Nov 15 14:34:42 instance-1 kernel: [163731.424731] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=4339 DF PROTO=TCP SPT=59778 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0
Nov 15 14:35:04 instance-1 kernel: [163752.927110] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=26752 DF PROTO=TCP SPT=48048 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:35:22 instance-1 kernel: [163770.767014] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=15706 DF PROTO=TCP SPT=22462 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:35:42 instance-1 kernel: [163790.879044] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=37719 DF PROTO=TCP SPT=22499 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:36:03 instance-1 kernel: [163811.659551] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=34893 DF PROTO=TCP SPT=10170 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:36:22 instance-1 kernel: [163830.662021] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=63671 DF PROTO=TCP SPT=59888 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:36:43 instance-1 kernel: [163851.881254] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=30595 DF PROTO=TCP SPT=10199 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:37:03 instance-1 kernel: [163871.873084] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=44464 DF PROTO=TCP SPT=20374 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0
Nov 15 14:37:23 instance-1 kernel: [163891.804772] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=13501 DF PROTO=TCP SPT=34614 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
Nov 15 14:37:42 instance-1 kernel: [163911.030568] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=52374 DF PROTO=TCP SPT=20382 DPT=443 WINDOW=186 RES=0x00 ACK RST URGP=0
Nov 15 14:38:03 instance-1 kernel: [163932.148186] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=55187 DF PROTO=TCP SPT=60000 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0
我不确定这些 UFW 块是什么以及它们阻止了什么。如果有人能帮我弄清楚这是否是阻止我流量的原因,或者这是否导致了任何其他问题以及如何修复它,那将非常有帮助。
非常感谢!