我正在运行一个装有 Ubuntu 20.04 的云服务器,它托管着一个论坛。该论坛使用 Google 的 reCaptcha 来保护新注册。
但是,当我设置好 iptable 规则后,reCaptcha 就会超时。如果我禁用规则,一切就都好了。
我不是这方面的专家,现有的规则主要来自强化指南(1,2)这就是我所拥有的:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports 22,http,https,submission state NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
DROP all -f anywhere anywhere
DROP all -f anywhere anywhere
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport sports 22,http,https,submission state ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
因此,如果我将链默认策略更改为 ACCEPT,则一切正常,因此错误一定出在上述规则之一中。但是,HTTP/HTTPS 肯定已启用,并且搜索其他端口后找不到 reCaptcha 使用的更多端口。
有人能帮助我让它工作吗?