内容纲要
ubuntu安装了docker 安全组是全开放的
systemctl status iptables
ufw status返回都是关闭的 但是启动的服务有监听无法访问
可能默认很多端口无法访问,就算关闭防火墙
root@instance:~# systemctl status iptables
○ iptables.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/iptables.service; alias)
Active: inactive (dead)
Docs: man:netfilter-persistent(8)
root@instance:~# ufw status
Status: inactive
root@instance:~# nc -zv 147.86.123.116 3389
nc: connect to 147.86.123.116 port 3389 (tcp) failed: No route to host
最后的方案
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -F
root@instance:~# nc -zv 147.86.123.116 3389
Connection to 147.86.123.116 3389 port [tcp/ms-wbt-server] succeeded!
执行允许,可以访问了
平常用的centos,对于这个感到很离谱….
然后我又显得蛋疼,觉得防火墙直接卸载,以后编辑甲骨文的安全组就行
apt-get remove iptables
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
bridge-utils containerd libip6tc2 pigz runc ubuntu-fan
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
docker.io iptables iptables-persistent ufw
0 upgraded, 0 newly installed, 4 to remove and 0 not upgraded.
After this operation, 116 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 228533 files and directories currently installed.)
Removing docker.io (20.10.21-0ubuntu1~22.04.2) ...
'/usr/share/docker.io/contrib/nuke-graph-directory.sh' -> '/var/lib/docker/nuke-graph-directory.sh'
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
Removing iptables-persistent (1.0.16) ...
Removing ufw (0.36.1-4build1) ...
Skip stopping firewall: ufw (not enabled)
Removing iptables (1.8.7-1ubuntu5) ...
Processing triggers for man-db (2.10.2-1) ...没注意看然后 docker.io iptables iptables-persistent ufw都被卸载了
溜溜球 docker也炸了 docker 依赖iptables
然后重新安装 docker啥的毫无反应
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
乖乖安装防火墙 重新来一遍…..
apt-get install ufw
近期评论