如何判断 UFW 阻止了哪个应用程序

Question

可能最好检查ufw日志。

sudo less /var/log/ufw*

如果没有阻塞日志，请检查日志级别。请记住，更高级别的日志记录可以快速填满您的磁盘。

文件：/etc/ufw/ufw.conf

# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low

man ufw显示一些有关日志记录的信息

       logging on|off|LEVEL
              toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may
              also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL. The default  log
              level is 'low'.  See LOGGING for details.
........
LOGGING
       ufw  supports multiple logging levels. ufw defaults to a loglevel of 'low' when a loglevel is not specified. Users
       may specify a loglevel with:

         ufw logging LEVEL

       LEVEL may be 'off', 'low', 'medium', 'high' and 'full'. Log levels are defined as:

       off    disables ufw managed logging

       low    logs all blocked packets not matching the defined policy (with rate limiting), as well as packets  matching
              logged rules

       medium log  level  low, plus all allowed packets not matching the defined policy, all INVALID packets, and all new
              connections.  All logging is done with rate limiting.

       high   log level medium (without rate limiting), plus all packets with rate limiting

       full   log level high without rate limiting

       Loglevels above medium generate a lot of logging output, and may quickly fill up your disk.  Loglevel  medium  may
       generate a lot of logging output on a busy system.

       Specifying 'on' simply enables logging at log level 'low' if logging is currently not enabled.

日志示例：

May 22 00:06:44 HOSTNAME kernel: [12387117.150851] [UFW -->BLOCK<--] IN=<NIC> OUT= MAC=XXXXXXXXXXXXXXXXXXXXXX SRC=0.0.0.0 DST=XXXXXXXXX LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2

现在我看到您想知道哪个应用程序正在发送它们......也许应用程序日志（失败的尝试）等......

您还可以打开端口，并使用nethogs查看谁正在使用带宽并从那里开始。之后关闭端口。

Answer 1

可能最好检查ufw日志。

sudo less /var/log/ufw*

如果没有阻塞日志，请检查日志级别。请记住，更高级别的日志记录可以快速填满您的磁盘。

文件：/etc/ufw/ufw.conf

# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low

man ufw显示一些有关日志记录的信息

       logging on|off|LEVEL
              toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may
              also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL. The default  log
              level is 'low'.  See LOGGING for details.
........
LOGGING
       ufw  supports multiple logging levels. ufw defaults to a loglevel of 'low' when a loglevel is not specified. Users
       may specify a loglevel with:

         ufw logging LEVEL

       LEVEL may be 'off', 'low', 'medium', 'high' and 'full'. Log levels are defined as:

       off    disables ufw managed logging

       low    logs all blocked packets not matching the defined policy (with rate limiting), as well as packets  matching
              logged rules

       medium log  level  low, plus all allowed packets not matching the defined policy, all INVALID packets, and all new
              connections.  All logging is done with rate limiting.

       high   log level medium (without rate limiting), plus all packets with rate limiting

       full   log level high without rate limiting

       Loglevels above medium generate a lot of logging output, and may quickly fill up your disk.  Loglevel  medium  may
       generate a lot of logging output on a busy system.

       Specifying 'on' simply enables logging at log level 'low' if logging is currently not enabled.

日志示例：

May 22 00:06:44 HOSTNAME kernel: [12387117.150851] [UFW -->BLOCK<--] IN=<NIC> OUT= MAC=XXXXXXXXXXXXXXXXXXXXXX SRC=0.0.0.0 DST=XXXXXXXXX LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2

现在我看到您想知道哪个应用程序正在发送它们......也许应用程序日志（失败的尝试）等......

您还可以打开端口，并使用nethogs查看谁正在使用带宽并从那里开始。之后关闭端口。

如何判断 UFW 阻止了哪个应用程序

答案1

相关内容