Ufw 允许应用程序：错误：需要“from”或“to”与“app”

2024-6-10 • tag-icon

我使用的是 Ubuntu 20.04.3 LTS，尽管这个问题可能不是特定于 Ubuntu 而是特定于任何使用ufw.我正在为 VNC vino 连接设置规则。我的意思是通过配置的应用程序来做到这一点。我/etc/ufw/applications.d/vino-server用以下内容创建

[Vino Server]
title = “Vino VNC Server”
description = “Vino - Default Ubuntu VNC server”
ports=5900,5901/tcp

进而

$ sudo ufw allow app "Vino Server" from 192.168.0.0/24
ERROR: Need 'from' or 'to' with 'app'

我该如何解决这个错误？

我当时就执行了

$ sudo ufw allow from 192.168.0.0/24 proto tcp to any port 5900

添加了一行ufw status（见下文），最后允许通过 remmina 连接。所以看来我可以连接，只是缺少应用程序方式配置/允许。

$ sudo nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-19 08:03 -03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
631/tcp  open  ipp
5900/tcp open  vnc

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
5900/tcp                   ALLOW IN    192.168.0.0/24      <--- THIS LINE ADDED    
22/tcp (v6)                ALLOW IN    Anywhere (v6)             

$ sudo ss -ltnp
State        Recv-Q       Send-Q             Local Address:Port              Peer Address:Port       Process                                          
LISTEN       0            5                      127.0.0.1:631                    0.0.0.0:*           users:(("cupsd",pid=727,fd=7))                  
LISTEN       0            128                    127.0.0.1:6010                   0.0.0.0:*           users:(("sshd",pid=9845,fd=11))                 
LISTEN       0            5                        0.0.0.0:5900                   0.0.0.0:*           users:(("vino-server",pid=6594,fd=12))          
LISTEN       0            4096               127.0.0.53%lo:53                     0.0.0.0:*           users:(("systemd-resolve",pid=704,fd=13))       
LISTEN       0            128                      0.0.0.0:22                     0.0.0.0:*           users:(("sshd",pid=7138,fd=3))                  
LISTEN       0            5                          [::1]:631                       [::]:*           users:(("cupsd",pid=727,fd=6))                  
LISTEN       0            128                        [::1]:6010                      [::]:*           users:(("sshd",pid=9845,fd=10))                 
LISTEN       0            5                           [::]:5900                      [::]:*           users:(("vino-server",pid=6594,fd=11))          
LISTEN       0            128                         [::]:22                        [::]:*           users:(("sshd",pid=7138,fd=4))

答案1

从man ufw：

ufw  [--dry-run]  [rule]  [delete]  [insert  NUM]  [prepend] allow|deny|reject|limit
[in|out [on INTERFACE]] [log|log-all] [proto PROTOCOL] [from ADDRESS  [port  PORT  | app APPNAME ]] 
[to ADDRESS [port PORT | app APPNAME ]] [comment COMMENT]

因此，您必须from首先指定。

sudo ufw allow from 192.168.0.0/24 app "Vino Server"

答案1

相关内容