Ping

firewalld 導致 nmap 返回主機似乎已關閉

  • September 3, 2020

我有兩台機器,server1 和 server2。在 server2 上,我停止了 firewalld。

[root@server2 ~]# systemctl stop firewalld

從 server1,nmap 返回Host is up.

[root@server1 ~]$ nmap -sn server2

Starting Nmap 6.40 ( http://nmap.org ) at 2020-09-02 11:27 CDT
Nmap scan report for server2 (10.17.45.13)
Host is up (0.00045s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds

我在 server2 上啟用了 firewalld。

[root@server2 ~]# systemctl start firewalld

從 server1,nmap 返回Host seems down,因此server2上的 firewalld 導致 nmap 返回 Host 似乎已關閉。

[root@server1 ~]$ nmap -sn server2

Starting Nmap 6.40 ( http://nmap.org ) at 2020-09-02 11:29 CDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.01 seconds

在 server1 上,ping/echo/ICMP 有效。

[root@server1 ~]$ ping -c4 server2
PING server2 (10.17.45.13) 56(84) bytes of data.
64 bytes from server2 (10.17.45.13): icmp_seq=1 ttl=64 time=0.436 ms
64 bytes from server2 (10.17.45.13): icmp_seq=2 ttl=64 time=0.388 ms
64 bytes from server2 (10.17.45.13): icmp_seq=3 ttl=64 time=0.338 ms
64 bytes from server2 (10.17.45.13): icmp_seq=4 ttl=64 time=0.390 ms

--- server2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.338/0.388/0.436/0.034 ms

以下是server2 上public和區域的防火牆設置。dropicmp-block 為空意味著沒有 ICMP 類型被阻止,並且 icmp-block-inversion 設置no為允許所有 IMCP 流量。

[root@server2 ~]# firewall-cmd --zone=public --list-all
public (active)
 target: default
 icmp-block-inversion: no
 interfaces: eno16777984
 sources:
 services: ssh dhcpv6-client
 ports:
 protocols:
 masquerade: no
 forward-ports:
 source-ports:
 icmp-blocks:
 rich rules:

[root@server2 ~]# firewall-cmd --zone=drop --list-all
drop
 target: DROP
 icmp-block-inversion: no
 interfaces:
 sources:
 services:
 ports:
 protocols:
 masquerade: no
 forward-ports:
 source-ports:
 icmp-blocks:
 rich rules:

/var/log/firewalld當 nmap 返回時沒有記錄任何內容Host seems down

我不知道firewallcmd,但是Linux中的所有過濾都是由iptables完成的。因此,firewallcmd(如 ufw 等)是 iptables 的前端。

您始終可以通過命令 : 檢查核心中的活動規則iptables -L -nv,即使您完全禁用 iptables 服務(因為防火牆由 firewallcmd 管理)。如果您不禁用 iptables 服務(或 Debian 上的 netfilter-persistent),您可能會在兩個管理器之間發生衝突。

引用自:https://serverfault.com/questions/1032405