我的 UFW 规则(这里有漏洞吗?)

我的 UFW 规则(这里有漏洞吗?)

有人能帮我看一下下面的输出吗?我的 UFW 处于拒绝/拒绝状态,规则如下。但是,如果我打开 Ubuntu Server 并使用 Windows XP VM,并让 Instant Messenger 在 Windows XP 中运行很长时间,它有时仍会连接几秒钟并发送/接收消息。我的配置中是否存在漏洞?

我感谢您的帮助

我的 UFW 规则(这里有漏洞吗?)

root@myubuntuserver1204:~#  iptables -L -v

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
2449K 2659M ufw-before-logging-input  all  --  any    any     anywhere             anywhere            
2449K 2659M ufw-before-input  all  --  any    any     anywhere             anywhere            
 5100  195K ufw-after-input  all  --  any    any     anywhere             anywhere            
 5038  186K ufw-after-logging-input  all  --  any    any     anywhere             anywhere            
 5038  186K ufw-reject-input  all  --  any    any     anywhere             anywhere            
 5038  186K ufw-track-input  all  --  any    any     anywhere             anywhere            

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-before-logging-forward  all  --  any    any     anywhere             anywhere            
    0     0 ufw-before-forward  all  --  any    any     anywhere             anywhere            
    0     0 ufw-after-forward  all  --  any    any     anywhere             anywhere            
    0     0 ufw-after-logging-forward  all  --  any    any     anywhere             anywhere            
    0     0 ufw-reject-forward  all  --  any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
2201K  163M ufw-before-logging-output  all  --  any    any     anywhere             anywhere            
2201K  163M ufw-before-output  all  --  any    any     anywhere             anywhere            
 358K   29M ufw-after-output  all  --  any    any     anywhere             anywhere            
 358K   29M ufw-after-logging-output  all  --  any    any     anywhere             anywhere            
 358K   29M ufw-reject-output  all  --  any    any     anywhere             anywhere            
 358K   29M ufw-track-output  all  --  any    any     anywhere             anywhere            

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:netbios-ns
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:netbios-dgm
    0     0 ufw-skip-to-policy-input  tcp  --  any    any     anywhere             anywhere             tcp dpt:netbios-ssn
    0     0 ufw-skip-to-policy-input  tcp  --  any    any     anywhere             anywhere             tcp dpt:microsoft-ds
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:bootps
    0     0 ufw-skip-to-policy-input  udp  --  any    any     anywhere             anywhere             udp dpt:bootpc
    0     0 ufw-skip-to-policy-input  all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-user-forward  all  --  any    any     anywhere             anywhere            

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   22  2230 ACCEPT     all  --  lo     any     anywhere             anywhere            
  203  175K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 ufw-logging-deny  all  --  any    any     anywhere             anywhere             state INVALID
    0     0 DROP       all  --  any    any     anywhere             anywhere             state INVALID
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp destination-unreachable
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp source-quench
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp time-exceeded
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp parameter-problem
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp spt:bootps dpt:bootpc
    0     0 ufw-not-local  all  --  any    any     anywhere             anywhere            
    0     0 ACCEPT     udp  --  any    any     anywhere             224.0.0.251          udp dpt:mdns
    0     0 ACCEPT     udp  --  any    any     anywhere             239.255.255.250      udp dpt:1900
    0     0 ufw-user-input  all  --  any    any     anywhere             anywhere            

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   22  2230 ACCEPT     all  --  any    lo      anywhere             anywhere            
  209 28984 ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
   29  1798 ufw-user-output  all  --  any    any     anywhere             anywhere            

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  any    any     anywhere             anywhere             state INVALID limit: avg 3/min burst 10
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type LOCAL
    0     0 RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
    0     0 RETURN     all  --  any    any     anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 10
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   19  1140 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW
   10   658 ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:51413
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:51413
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:https
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:6881
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:6881
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             multiport dports 2234:2239
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:2242
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:2240
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:4444
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             multiport dports 6881:6891
    0     0 DROP       udp  --  any    any     anywhere             anywhere             multiport dports 6881:6891
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:4662
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:4672
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:domain
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:domain
    0     0 DROP       tcp  --  any    any     anywhere             anywhere             tcp dpt:ipp /* 'dapp_CUPS' */
    0     0 DROP       udp  --  any    any     anywhere             anywhere             udp dpt:ipp /* 'dapp_CUPS' */

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

相关内容