我最近在我的 Elementary OS 系统上启用了防火墙,使用ufw
.
这是我的sudo ufw status verbose
:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
然后我只允许 ssh (22)、打印(cups 端口)和我的媒体服务器的端口。
问题是我仍然在 Journalctl 中看到许多 sshd 日志条目,如下所示:
Aug 30 12:07:08 elementaryos sshd[8225]: Invalid user yale from 125.43.68.83 port 63475
Aug 30 12:07:08 elementaryos sshd[8225]: Received disconnect from 125.43.68.83 port 63475:11: Bye Bye [preauth]
Aug 30 12:07:08 elementaryos sshd[8225]: Disconnected from invalid user yale 125.43.68.83 port 63475 [preauth]
Aug 30 12:11:31 elementaryos sshd[8327]: Invalid user rx from 49.234.116.13 port 53310
Aug 30 12:11:31 elementaryos sshd[8327]: Received disconnect from 49.234.116.13 port 53310:11: Bye Bye [preauth]
Aug 30 12:11:31 elementaryos sshd[8327]: Disconnected from invalid user rx 49.234.116.13 port 53310 [preauth]
Aug 30 12:24:42 elementaryos sshd[8627]: Invalid user sftp_user from 142.44.211.229 port 39952
Aug 30 12:24:43 elementaryos sshd[8627]: Received disconnect from 142.44.211.229 port 39952:11: Bye Bye [preauth]
Aug 30 12:24:43 elementaryos sshd[8627]: Disconnected from invalid user sftp_user 142.44.211.229 port 39952 [preauth]
Aug 30 12:31:56 elementaryos sshd[8789]: Invalid user chris from 128.199.154.237 port 42658
Aug 30 12:31:56 elementaryos sshd[8789]: Received disconnect from 128.199.154.237 port 42658:11: Bye Bye [preauth]
Aug 30 12:31:56 elementaryos sshd[8789]: Disconnected from invalid user chris 128.199.154.237 port 42658 [preauth]
Aug 30 12:40:44 elementaryos sshd[9270]: Invalid user admin from 139.59.14.210 port 51780
Aug 30 12:40:45 elementaryos sshd[9270]: Connection closed by invalid user admin 139.59.14.210 port 51780 [preauth]
Aug 30 12:43:31 elementaryos sshd[9630]: Invalid user test from 139.59.14.210 port 43548
Aug 30 12:43:31 elementaryos sshd[9630]: Connection closed by invalid user test 139.59.14.210 port 43548 [preauth]
Aug 30 12:46:10 elementaryos sshd[9690]: Connection closed by authenticating user root 139.59.14.210 port 35310 [preauth]
Aug 30 12:55:33 elementaryos sshd[11834]: Received disconnect from 186.225.255.116 port 20373:11: Bye Bye [preauth]
Aug 30 12:55:33 elementaryos sshd[11834]: Disconnected from authenticating user root 186.225.255.116 port 20373 [preauth]
这些请求应该被我的防火墙阻止。所有这些 sshd 日志条目的解释是什么?