我有一台通过 HTTPS 托管 restful 服务的服务器。我已按如下方式设置了 UFW:
user@server:~$ sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
因此它应该允许所有 HTTPS 连接。但是,有时当客户端进行多次快速连续连接时,UFW 会阻止它们。
user@server:~$ cat /var/log/ufw.log | grep BLOCK | tail
Nov 29 15:02:11 server kernel: [ 2695.510376] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=60467 DF PROTO=TCP SPT=32123 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 15:02:11 server kernel: [ 2695.538273] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=60469 DF PROTO=TCP SPT=32126 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 15:02:11 server kernel: [ 2695.545677] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=60471 DF PROTO=TCP SPT=32124 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 15:02:11 server kernel: [ 2695.546473] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=60473 DF PROTO=TCP SPT=32125 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 15:02:11 server kernel: [ 2695.546900] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=60475 DF PROTO=TCP SPT=32127 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 15:02:11 server kernel: [ 2695.782249] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=83 TOS=0x00 PREC=0x00 TTL=121 ID=27041 DF PROTO=TCP SPT=32123 DPT=443 WINDOW=378 RES=0x00 ACK PSH FIN URGP=0
Nov 29 15:02:25 server kernel: [ 2709.850336] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=83 TOS=0x00 PREC=0x00 TTL=121 ID=59805 DF PROTO=TCP SPT=32126 DPT=443 WINDOW=378 RES=0x00 ACK PSH FIN URGP=0
Nov 29 15:02:43 server kernel: [ 2727.821278] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=83 TOS=0x00 PREC=0x00 TTL=53 ID=48661 DF PROTO=TCP SPT=32131 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0
仅当出现以下流量突发时才会发生这种情况:
xx.xx.xx.xx - - [29/Nov/2021:15:01:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:01:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 5182 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:01:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:01:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:01:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 5182 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:11 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:11 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:11 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:11 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:11 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:44 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:44 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:44 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:44 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:42 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4972 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:47 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:47 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:47 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:47 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:47 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:48 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:48 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:48 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:02:48 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 374 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:05:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:05:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:05:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 5182 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:05:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 4903 "-" "okhttp/3.14.9"
xx.xx.xx.xx - - [29/Nov/2021:15:05:45 +0000] "POST /MyAPI/doWork/ HTTP/1.1" 200 5182 "-" "okhttp/3.14.9"
是否有可能阻止 UFW 这样做?
我不是 iptables 专家,但似乎有些规则带有限制。我不确定这是否是导致问题的原因,但它们肯定都直接来自 UFW。以下是 的输出iptables -v -n -x -L:
Chain INPUT (policy DROP 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
415392 733209937 ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
415392 733209937 ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
19847 35666218 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
19847 35666218 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
19847 35666218 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
19847 35666218 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4 packets, 280 bytes)
pkts bytes target prot opt in out source destination
312279 36416414 ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
312279 36416414 ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
16031 1176867 ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
16031 1176867 ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
16031 1176867 ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
16031 1176867 ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
1 40 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
82 6813 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
2452 204587 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
205497 387613737 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
113 6588 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
113 6588 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
926 66054 ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
925 64664 ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
82 10488 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
82 5743 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
2452 204587 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
155111 15748513 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
229 16406 ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
45 2384 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
45 2384 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
926 66054 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
188 12756 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
37 3370 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
2 108 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
921 64464 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
编辑:
添加被阻止的特定 IP 的完整日志以包括审计行。
cat ufw.log | grep CLIENT.IP
Nov 29 16:00:14 server kernel: [ 6178.504254] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=27580 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK FIN URGP=0
Nov 29 16:00:14 server kernel: [ 6178.504263] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=27580 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.733987] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13970 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.734039] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13970 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.742917] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13974 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.742943] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13974 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.893083] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27581 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.893115] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27581 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.915281] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27199 DF PROTO=TCP SPT=64752 DPT=443 WINDOW=360 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.915314] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27199 DF PROTO=TCP SPT=64752 DPT=443 WINDOW=360 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.947972] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=41365 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=1003 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.948004] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=41365 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=1003 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.951350] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=17364 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=401 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.951379] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=17364 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=401 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:16 server kernel: [ 6179.679941] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27582 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:16 server kernel: [ 6179.679968] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27582 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:20 server kernel: [ 6184.407553] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27584 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:20 server kernel: [ 6184.407579] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27584 DF PROTO=TCP SPT=64750 DPT=443 WINDOW=1539 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:53 server kernel: [ 6217.594359] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=15646 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:53 server kernel: [ 6217.594397] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=15646 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:01:00 server kernel: [ 6224.389153] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=40585 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=345 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:01:00 server kernel: [ 6224.389187] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=40585 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=345 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:01:23 server kernel: [ 6247.359229] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=21101 DF PROTO=TCP SPT=64771 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:01:23 server kernel: [ 6247.359287] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=21101 DF PROTO=TCP SPT=64771 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:01:42 server kernel: [ 6266.470287] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=1563 DF PROTO=TCP SPT=64772 DPT=443 WINDOW=352 RES=0x00 ACK FIN URGP=0
Nov 29 16:01:42 server kernel: [ 6266.470328] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=1563 DF PROTO=TCP SPT=64772 DPT=443 WINDOW=352 RES=0x00 ACK FIN URGP=0
Nov 29 16:02:02 server kernel: [ 6285.692541] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=1564 DF PROTO=TCP SPT=64772 DPT=443 WINDOW=352 RES=0x00 ACK FIN URGP=0
Nov 29 16:02:02 server kernel: [ 6285.692584] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=1564 DF PROTO=TCP SPT=64772 DPT=443 WINDOW=352 RES=0x00 ACK FIN URGP=0
Nov 29 16:09:45 server kernel: [ 6749.404864] [UFW AUDIT] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=58119 DF PROTO=TCP SPT=64788 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
答案1
如果我们获取已发布的输出cat ufw.log | grep CLIENT.IP并根据客户端端口号将其重新分组为单独的会话,我们将获得:
Nov 29 16:00:15 server kernel: [ 6178.733987] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13970 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.734039] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13970 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.947972] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=41365 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=1003 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.948004] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=41365 DF PROTO=TCP SPT=64753 DPT=443 WINDOW=1003 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.742917] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13974 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.742943] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13974 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:15 server kernel: [ 6178.951350] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=17364 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=401 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.951379] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=17364 DF PROTO=TCP SPT=64754 DPT=443 WINDOW=401 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.915281] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27199 DF PROTO=TCP SPT=64752 DPT=443 WINDOW=360 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:15 server kernel: [ 6178.915314] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=27199 DF PROTO=TCP SPT=64752 DPT=443 WINDOW=360 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:00:53 server kernel: [ 6217.594359] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=15646 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:00:53 server kernel: [ 6217.594397] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=15646 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Nov 29 16:01:00 server kernel: [ 6224.389153] [UFW AUDIT INVALID] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=40585 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=345 RES=0x00 ACK PSH FIN URGP=0
Nov 29 16:01:00 server kernel: [ 6224.389187] [UFW BLOCK] IN=ens4 OUT= MAC=xx:xx:xx:... SRC=CLIENT.IP DST=SERVER.IP LEN=75 TOS=0x00 PREC=0x00 TTL=121 ID=40585 DF PROTO=TCP SPT=64762 DPT=443 WINDOW=345 RES=0x00 ACK PSH FIN URGP=0
现在,观察一下,似乎存在一些序列不一致的情况,一些 ACK FIN 数据包出现在 RST 数据包之后,并且始终具有非常不同的 TTL(生存时间)。所有这些数据包都是在 TCP 会话已关闭并被遗忘之后出现的。
我对此一无所知okhttp,但如果以某种方式使用套接字共享,则关闭套接字时可能会出现时间问题。
另请参阅另一个答案这里,但我会复制相关部分,并稍微改述一下:
对于 TCP 连接,Linux 倾向于使用“半双工”关闭序列,其中会话的任一方都可以通过单个双向 FIN-ACK 握手(将连接置于 CLOSE_WAIT 状态)来启动连接终止,而不是完整的 4 向 FIN-ACK 握手。经常发生的情况是,尤其是在中间有路由器的情况下,一方认为会话已关闭,而另一方却不认为。您的服务器计算机已终止并忘记了会话,因此将数据包视为无效的新会话打开数据包并阻止它们。通常不会造成任何损害,实际会话运行良好。在这种情况下,不寻常的是 RST(重置)数据包先于一些 FIN-ACK 数据包。