在 Ubuntu 24.04 系统上,我在 UFW 中设置了三条规则,以打开 TCP 端口 22、80 和 443,默认情况下所有其他端口均关闭输入。然后我切换到 iptables-persistent,在此过程中卸载了 UFW。我同意安装脚本提示将现有规则保存在 /etc/iptables/rules.v4 中。
现在,我看不到“iptables-save”命令列出的旧规则,但它们仍然有效。例如,我从外部扫描了我的服务器端口,只有 TCP 端口 22、80 和 443 显示为打开。为什么会这样?我如何访问这些旧规则进行编辑?
注意:自安装 iptables-persistent 以来,我还没有重新启动过。
我的 iptables-save 输出:
:PREROUTING ACCEPT [638408:727075544]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 1.2.3.4/24 -j DROP
COMMIT
# Completed on Tue Sep 17 15:04:19 2024
# Generated by iptables-save v1.8.10 (nf_tables) on Tue Sep 17 15:04:19 2024
*filter
:INPUT ACCEPT [427165:399385173]
:FORWARD ACCEPT [213445:327993299]
:OUTPUT ACCEPT [399285:703946799]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
COMMIT
# Completed on Tue Sep 17 15:04:19 2024
# Generated by iptables-save v1.8.10 (nf_tables) on Tue Sep 17 15:04:19 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [9466:640884]
-A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Sep 17 15:04:19 2024
|