是否需要打开防火墙端口？

Question

是否需要打开防火墙端口？

gqqnbig opened this issue 4 years ago · 2 comments

~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   DENY IN     83.237.17.0/24
Anywhere                   DENY IN     45.77.149.0/24
Anywhere                   DENY IN     178.159.37.0/24
Anywhere                   DENY IN     37.115.223.0/24
Anywhere                   DENY IN     207.180.255.0/24
Anywhere                   DENY IN     42.117.48.0/24
Anywhere                   DENY IN     213.152.162.0/24
Anywhere                   DENY IN     5.227.15.0/24
22/tcp                     ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
123/udp                    ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
22 (v6)                    ALLOW IN    Anywhere (v6)
80/tcp (v6)                ALLOW IN    Anywhere (v6)
443/tcp (v6)               ALLOW IN    Anywhere (v6)
123/udp (v6)               ALLOW IN    Anywhere (v6)

~$

我的防火墙设置如上，理应无法连接，但实际上却可以。请问ss脚本是否凌驾于ufw，还是ufw可能某些地方没设置对？

Answer 1 · 2022-02-04T05:55:51.000Z

@gqqnbig
您好！那是因为脚本设置了自动 iptables 防火墙放行 SS 端口，ufw 也同样是使用 iptables，所以才会造成你觉得 ss 脚本凌驾于 ufw 之上的感觉。

但，新 ss脚本，0.23 版本开始，脚本移除了自动打开 iptables 端口，

所以你必须要手动设置放行 SS端口才能正常使用了。

Answer 2 · 2022-02-11T15:05:52.000Z

谢谢。手动打开端口好一点，因为我需要限制只有某些IP才能访问ss。