我看到了很多关于这个主题的其他问题,但其他人的问题似乎都不适用于我的情况。我有这个 ufw 配置:
23 ALLOW Anywhere
22 ALLOW Anywhere
32270 ALLOW Anywhere
34088 DENY Anywhere
9091 ALLOW Anywhere
plexmediaserver-all ALLOW Anywhere
Samba ALLOW Anywhere
9200 ALLOW Anywhere
9300 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
5601 ALLOW Anywhere
22 ALLOW 10.10.0.0/16
8080 ALLOW Anywhere
23 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
32270 (v6) ALLOW Anywhere (v6)
34088 (v6) DENY Anywhere (v6)
9091 (v6) ALLOW Anywhere (v6)
plexmediaserver-all (v6) ALLOW Anywhere (v6)
Samba (v6) ALLOW Anywhere (v6)
9200 (v6) ALLOW Anywhere (v6)
9300 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
5601 (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
但出于某种原因,我的 ufw 日志看起来像这样:
Jul 22 11:00:26 mini kernel: [426858.470272] [UFW BLOCK] IN=enp2s0 OUT=br-aae4e8ac78a0 MAC=e0:d5:5e:9d:54:37:14:f6:d8:9e:17:09:08:00 SRC=10.10.0.153 DST=172.18.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45918 DF PROTO=TCP SPT=43326 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0
我的docker容器监听正确的地址:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1962/docker-proxy
tcp6 0 0 :::8080 :::* LISTEN 1969/docker-proxy
我的iptables -xvnL | grep 8080样子是这样的:
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8080
这个问题直到几周前才出现。发生了什么?我应该在配置中添加什么吗?这个防火墙配置工具不是应该“简单”吗?