UFW Deny没有真正起作用

4

我尝试使用以下命令阻止来自我的服务器的IP地址: 

sudo ufw deny from 15.15.15.51

我重新启动服务器并检查规则: 

sudo ufw status -v

返回的是: 

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
2323/tcp                   ALLOW       Anywhere
Anywhere                   DENY        15.15.15.51
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
2323/tcp (v6)              ALLOW       Anywhere (v6)

检查后,IP仍然可以访问我的服务器,它不会丢弃连接。可能会发生什么?

networking  webserver 
raphadko
source

Answers:

4

找到答案后回答我自己的问题:我发现问题在于订购。拒绝规则应该先行,我必须显示编号的规则: 

sudo ufw status numbered

然后删除规则: 

sudo ufw delete 4

然后先添加: 

sudo ufw insert 1 deny from 15.15.15.51

然后重新加载 

sudo ufw reload

现在它正在运作。

raphadko
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.