Domain-Name-System
啟用 ufw 時無法 ping 任何主機名/域
為什麼啟用 ufw 後我無法 ping 任何域/主機名?
[root@ip-172-31-23-37 ec2-user]# ping google.com ping: google.com: Name or service not known [root@ip-172-31-23-37 ec2-user]# ufw disable Firewall stopped and disabled on system startup [root@ip-172-31-23-37 ec2-user]# ping google.com PING google.com (74.125.24.100) 56(84) bytes of data. 64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=1 ttl=100 time=2.14 ms 64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=2 ttl=100 time=2.19 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 2.149/2.170/2.192/0.051 ms [root@ip-172-31-23-37 ec2-user]# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup [root@ip-172-31-23-37 ec2-user]# ping google.com ping: google.com: Name or service not known
除了使用命令定義之外,我已禁用所有傳出流量
ufw default deny outgoing
。ufw狀態:80 ALLOW OUT Anywhere 443 ALLOW OUT Anywhere 3306 ALLOW OUT Anywhere 2465 ALLOW OUT Anywhere 3306/tcp ALLOW OUT Anywhere 3306/udp ALLOW OUT Anywhere 127.0.0.1 3306 ALLOW OUT Anywhere 80 (v6) ALLOW OUT Anywhere (v6) 443 (v6) ALLOW OUT Anywhere (v6) 3306 (v6) ALLOW OUT Anywhere (v6) 2465 (v6) ALLOW OUT Anywhere (v6) 3306/tcp (v6) ALLOW OUT Anywhere (v6) 3306/udp (v6) ALLOW OUT Anywhere (v6)
我已經設置接受 icmp 到
/etc/ufw/before.rules
文件# allow outbound icmp -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
您尚未允許出站 DNS 流量,因此無法將名稱解析為 IP 地址。