是否需要打开防火墙端口?
gqqnbig opened this issue · 2 comments
gqqnbig commented
~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere DENY IN 83.237.17.0/24
Anywhere DENY IN 45.77.149.0/24
Anywhere DENY IN 178.159.37.0/24
Anywhere DENY IN 37.115.223.0/24
Anywhere DENY IN 207.180.255.0/24
Anywhere DENY IN 42.117.48.0/24
Anywhere DENY IN 213.152.162.0/24
Anywhere DENY IN 5.227.15.0/24
22/tcp ALLOW IN Anywhere
22 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
123/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
123/udp (v6) ALLOW IN Anywhere (v6)
~$
我的防火墙设置如上,理应无法连接,但实际上却可以。请问ss脚本是否凌驾于ufw,还是ufw可能某些地方没设置对?
233boy commented
@gqqnbig
您好!那是因为脚本设置了自动 iptables 防火墙放行 SS 端口,ufw 也同样是使用 iptables,所以才会造成你觉得 ss 脚本凌驾于 ufw 之上的感觉。
但,新 ss脚本,0.23 版本开始,脚本移除了自动打开 iptables 端口,
所以你必须要手动设置放行 SS端口才能正常使用了。
gqqnbig commented
谢谢。手动打开端口好一点,因为我需要限制只有某些IP才能访问ss。