ufw 允许来自 IP 地址范围的端口并拒绝其他端口

ufw 允许来自 IP 地址范围的端口并拒绝其他端口

我在用着Ubuntu 14.04.3 LTS

root@alexus:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
2376/tcp                   ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
2376/tcp (v6)              ALLOW IN    Anywhere (v6)

root@alexus:~# 

我使用以下规则允许从特定 IP 到端口 9150 的通信:

root@alexus:~# ufw allow proto tcp from Y.Y.Y.Y to any port 9150
Rule added
root@alexus:~#

但是,我可以从远程主机连接到端口 9150:

[alexus@wcmisdlin02 Desktop]$ nmap -v X.X.X.X -p 9150 -P0

Starting Nmap 6.40 ( http://nmap.org ) at 2015-09-28 10:45 EDT
Initiating Parallel DNS resolution of 1 host. at 10:45
Completed Parallel DNS resolution of 1 host. at 10:45, 0.10s elapsed
Initiating Connect Scan at 10:45
Scanning X.X.X.X [1 port]
Discovered open port 9150/tcp on X.X.X.X
Completed Connect Scan at 10:45, 0.11s elapsed (1 total ports)
Nmap scan report for X.X.X.X
Host is up (0.11s latency).
PORT     STATE SERVICE
9150/tcp open  unknown

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
[alexus@wcmisdlin02 Desktop]$ 

如何配置ufw以仅允许从特定 IP 地址/范围连接到端口 9150,而不允许从其他 IP 地址/范围连接到端口 9150?

* 更新 *

root@alexus:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
2376/tcp                   ALLOW IN    Anywhere
9150/tcp                   ALLOW IN    Y.Y.Y.Y
9150/tcp                   DENY IN     Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
2376/tcp (v6)              ALLOW IN    Anywhere (v6)
9150/tcp (v6)              DENY IN     Anywhere (v6)

root@alexus:~# 

答案1

删除以下规则后:

22/tcp (v6) 允许任何地方 (v6)

ufw开始 netfilter。

相关内容