我最近注意到我的系统日志中出现大量重复的 UFW 阻止。这让我很惊讶,因为我没有设置 UFW 规则:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
有谁更熟悉 Ubuntu/Linux 上的防火墙配置吗,请告诉我为什么我会收到这些条目?
Apr 7 20:01:04 mhcUBN kernel: [18234.747861] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3586 DF PROTO=2
Apr 7 20:03:09 mhcUBN kernel: [18359.541595] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3587 DF PROTO=2
Apr 7 20:05:14 mhcUBN kernel: [18484.335607] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3588 DF PROTO=2
Apr 7 20:07:19 mhcUBN kernel: [18609.129970] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3589 DF PROTO=2
Apr 7 20:09:24 mhcUBN kernel: [18733.923467] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3590 DF PROTO=2
Apr 7 20:10:01 mhcUBN CRON[31522]: (mhc) CMD ("/home/mhc/.scripts/Customization/Powersaving/battmonitor")
Apr 7 20:11:29 mhcUBN kernel: [18858.717504] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3591 DF PROTO=2
Apr 7 20:13:34 mhcUBN kernel: [18983.510575] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3592 DF PROTO=2
Apr 7 20:15:39 mhcUBN kernel: [19108.306349] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3593 DF PROTO=2
Apr 7 20:17:01 mhcUBN CRON[582]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Apr 7 20:17:44 mhcUBN kernel: [19233.100675] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3594 DF PROTO=2
Apr 7 20:19:49 mhcUBN kernel: [19357.893801] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3595 DF PROTO=2
Apr 7 20:20:01 mhcUBN CRON[1272]: (mhc) CMD ("/home/mhc/.scripts/Customization/Powersaving/battmonitor")
Apr 7 20:21:54 mhcUBN kernel: [19482.686449] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3596 DF PROTO=2
Apr 7 20:23:59 mhcUBN kernel: [19607.480499] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3597 DF PROTO=2
Apr 7 20:26:04 mhcUBN kernel: [19732.274979] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3598 DF PROTO=2
Apr 7 20:28:09 mhcUBN kernel: [19857.068910] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3599 DF PROTO=2
Apr 7 20:30:01 mhcUBN CRON[3484]: (mhc) CMD ("/home/mhc/.scripts/Customization/Powersaving/battmonitor")
Apr 7 20:30:14 mhcUBN kernel: [19981.862231] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3600 DF PROTO=2
Apr 7 20:32:19 mhcUBN kernel: [20106.657165] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3601 DF PROTO=2
Apr 7 20:34:24 mhcUBN kernel: [20231.450561] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3602 DF PROTO=2
Apr 7 20:36:29 mhcUBN kernel: [20356.244475] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3603 DF PROTO=2
Apr 7 20:38:34 mhcUBN kernel: [20481.038479] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3604 DF PROTO=2
Apr 7 20:40:01 mhcUBN CRON[5702]: (mhc) CMD ("/home/mhc/.scripts/Customization/Powersaving/battmonitor")
Apr 7 20:40:39 mhcUBN kernel: [20605.832618] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3605 DF PROTO=2
Apr 7 20:42:44 mhcUBN kernel: [20730.626727] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3606 DF PROTO=2
Apr 7 20:44:49 mhcUBN kernel: [20855.419706] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3607 DF PROTO=2
Apr 7 20:46:54 mhcUBN kernel: [20980.214309] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3608 DF PROTO=2
Apr 7 20:48:59 mhcUBN kernel: [21105.008870] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:0e:ef:71:fe:08:00 SRC=192.168.178.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=3609 DF PROTO=2
我发现这些线程指向多播问题:
http://ubuntuforums.org/showthread.php?t=1886913
https://bbs.archlinux.org/viewtopic.php?id=142525
https://issues.apache.org/jira/browse/TS-775
我绝不是网络专家,也不太明白到底发生了什么。如果有人能“翻译”这些内容,让我明白到底发生了什么,我会非常高兴。
答案1
我相信您的本地网络上有一些服务正在宣传自己或寻找客户。是您的“默认拒绝传入”规则阻止了此流量。您的情况看起来很像我在我的家庭网络上看到的持续噪音,是由多播 DNS我的路由器中的服务器。
mDNS 多播到 224.0.0.251,所以这不是你的。你有一个多播到 224.0.0.1,一个通用“所有主机”地址。无法告诉您那是什么,但是从子网地址(xxx1)我猜测您的路由器就是源头。
答案2
我的猜测是本地路由器询问是否有任何主机有兴趣接收多播 - 无需担心(请参阅[1])
您可以使用此命令阻止创建新的日志条目(对我而言,在 13.10 64 位上有效):
sudo ufw deny from 192.168.178.1 to 224.0.0.1
我不能说这是否会产生负面影响你的联网设备。
如果你想查看 UFW 防火墙规则,请输入
sudo ufw status numbered
如果你想摆脱它,请写
sudo ufw delete 3
如果要删除的规则是规则编号 3,则在规则列表中向上进行操作。