为什么 ufw 在允许连接的情况下却阻止连接?

为什么 ufw 在允许连接的情况下却阻止连接?

我有以下一组规则

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 41337/tcp                  ALLOW IN    Anywhere
 ...
[15] 8080/tcp                   ALLOW IN    Anywhere
[16] 4001/tcp                   ALLOW IN    Anywhere

但我仍然收到UFW BLOCK日志条目dmesg

[Mon Jan 20 13:28:42 2020] [UFW BLOCK] IN=enp3s0 OUT= MAC=74:xx:xx:xx:e5:xx:xx:45:cb:59:xx:b0:08:xx SRC=49.XXX.XXX.XXX DST=192.168.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=894 DF PROTO=TCP SPT=4001 DPT=4001 WINDOW=8192 RES=0x00 ACK SYN URGP=0
[Mon Jan 20 13:28:54 2020] [UFW BLOCK] IN=enp3s0 OUT= MAC=74:xx:xx:xx:e5:xx:xx:45:cb:59:xx:b0:08:xx SRC=113.XXX.XXX.XXX DST=192.168.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=15559 DPT=4001 WINDOW=0 RES=0x00 RST URGP=0

这是为什么?

编辑

全表:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

     To                         Action      From
     --                         ------      ----
[ 1] 1337/tcp                  ALLOW IN    Anywhere
[ 2] 8333/tcp                   ALLOW IN    Anywhere
[ 3] 53/udp                     ALLOW IN    Anywhere
[ 4] 51413/tcp                  ALLOW IN    Anywhere
[ 5] 9117/tcp                   ALLOW IN    Anywhere
[ 6] 53/tcp                     ALLOW IN    Anywhere
[ 7] 8090/tcp                   ALLOW IN    Anywhere
[ 8] 6881/udp                   ALLOW IN    Anywhere
[ 9] 80/tcp                     ALLOW IN    Anywhere
[10] 443/tcp                    ALLOW IN    Anywhere
[11] 5351/udp                   ALLOW IN    17X.XXX.0.0/16
[12] 5351/udp                   ALLOW IN    17X.XXX.0.0/16
[13] 5351/udp                   ALLOW IN    17X.XXX.0.0/16
[14] 8084/tcp                   ALLOW IN    Anywhere
[15] 8080/tcp                   ALLOW IN    Anywhere
[16] 4001/tcp                   ALLOW IN    Anywhere
[17] 5001/tcp                   ALLOW IN    10.X.X.X/24

相关内容