ubuntu gufw防火墙阻塞已建立的连接
缪远航
gufw默认的设置对已建立的连接,不起作用。只会阻塞新的连接。通过修改可以禁用新连接和旧连接。
/etc/ufw/before.rules
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# quickly process packets for which we already have a connection
#默认不阻塞关联和已建立的连接
#-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#改成这样也会阻塞已建立的连接
-A ufw-before-input -m conntrack --ctstate -j ACCEPT
-A ufw-before-output -m conntrack --ctstate -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate -j ACCEPT
类似资料: