$ufw status numbered
Status: active
To Action From
-- ------ ----
[ 7] Anywhere ALLOW IN 192.168.0.0/24 # allow all from LAN
[ 8] Anywhere ALLOW IN 192.168.1.0/24 # allow all from LAN
[ 9] OpenSSH LIMIT IN Anywhere # allow ssh (limited)
[10] xxxxx ALLOW IN Anywhere # allow transmission access
[11] Anywhere ALLOW IN 192.168.1.148 # allow all from Samsung TV
[12] Anywhere ALLOW IN 192.168.1.252 # allow all from KEF LSX speakers
为什么ufw阻止 192.168.1.148 访问 192.168.1.31?所有上述ufw规则都应该促进这种访问,但为什么不呢?
$ufwl | grep '192.168'
... [UFW BLOCK] IN=enp1s0 OUT= MAC=68:05:ca:24:83:6c:00:12:fb:74:36:26:08:00 SRC=192.168.1.148 DST=192.168.1.31 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=52235 DPT=25930 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1
... [UFW BLOCK] IN=enp1s0 OUT= MAC=68:05:ca:24:83:6c:84:17:15:02:86:9f:08:00 SRC=192.168.1.252 DST=192.168.1.31 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=52973 PROTO=TCP SPT=8080 DPT=33658 WINDOW=65535 RES=0x00 RST URGP=0 MARK=0x1
$lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.10
Release: 21.10
Codename: impish
更新
在上述ufw规则之前,iptables只有这些“拒绝/阻止”某些内容的规则(除了在未明确授予访问权限的情况下进行的一般阻止之外):
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
答案1
我不知道为什么会发生这种情况,但我只是猜测这与我不时对 XUbuntu 进行的更新有关。我怀疑是这样,因为今天又出现了这个问题,但重新启动系统后它就消失了。我想不知何故,更新可能会将 UFW“重置”为某种“默认”、更严格的状态(我的一些规则被删除)。
答案2
我不知道原因,但遇到了类似的问题。跑步
ufw reload
解决了问题。