当存在专门允许访问的规则时,为什么 ufw 会阻止访问?

当存在专门允许访问的规则时,为什么 ufw 会阻止访问?
$ufw status numbered
Status: active

 To                         Action      From
 --                         ------      ----
[ 7] Anywhere                   ALLOW IN    192.168.0.0/24             # allow all from LAN
[ 8] Anywhere                   ALLOW IN    192.168.1.0/24             # allow all from LAN
[ 9] OpenSSH                    LIMIT IN    Anywhere                   # allow ssh (limited)
[10] xxxxx                      ALLOW IN    Anywhere                   # allow transmission access
[11] Anywhere                   ALLOW IN    192.168.1.148              # allow all from Samsung TV
[12] Anywhere                   ALLOW IN    192.168.1.252              # allow all from KEF LSX speakers

为什么ufw阻止 192.168.1.148 访问 192.168.1.31?所有上述ufw规则都应该促进这种访问,但为什么不呢?

$ufwl | grep '192.168'
... [UFW BLOCK] IN=enp1s0 OUT= MAC=68:05:ca:24:83:6c:00:12:fb:74:36:26:08:00 SRC=192.168.1.148 DST=192.168.1.31 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=52235 DPT=25930 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
... [UFW BLOCK] IN=enp1s0 OUT= MAC=68:05:ca:24:83:6c:84:17:15:02:86:9f:08:00 SRC=192.168.1.252 DST=192.168.1.31 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=52973 PROTO=TCP SPT=8080 DPT=33658 WINDOW=65535 RES=0x00 RST URGP=0 MARK=0x1

$lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 21.10
Release:        21.10
Codename:       impish

更新
在上述ufw规则之前,iptables只有这些“拒绝/阻止”某些内容的规则(除了在未明确授予访问权限的情况下进行的一般阻止之外):

Chain ufw-logging-deny (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere

        

答案1

我不知道为什么会发生这种情况,但我只是猜测这与我不时对 XUbuntu 进行的更新有关。我怀疑是这样,因为今天又出现了这个问题,但重新启动系统后它就消失了。我想不知何故,更新可能会将 UFW“重置”为某种“默认”、更严格的状态(我的一些规则被删除)。

答案2

我不知道原因,但遇到了类似的问题。跑步

ufw reload

解决了问题。

相关内容