Por que não consigo pingar nenhum domínio/nome de host quando o ufw está ativado?
[root@ip-172-31-23-37 ec2-user]# ping google.com
ping: google.com: Name or service not known
[root@ip-172-31-23-37 ec2-user]# ufw disable
Firewall stopped and disabled on system startup
[root@ip-172-31-23-37 ec2-user]# ping google.com
PING google.com (74.125.24.100) 56(84) bytes of data.
64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=1 ttl=100 time=2.14 ms
64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=2 ttl=100 time=2.19 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.149/2.170/2.192/0.051 ms
[root@ip-172-31-23-37 ec2-user]# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
[root@ip-172-31-23-37 ec2-user]# ping google.com
ping: google.com: Name or service not known
Desabilitei todo o tráfego de saída, exceto definido usando o comando ufw default deny outgoing. estado ufw:
80 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
3306 ALLOW OUT Anywhere
2465 ALLOW OUT Anywhere
3306/tcp ALLOW OUT Anywhere
3306/udp ALLOW OUT Anywhere
127.0.0.1 3306 ALLOW OUT Anywhere
80 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
3306 (v6) ALLOW OUT Anywhere (v6)
2465 (v6) ALLOW OUT Anywhere (v6)
3306/tcp (v6) ALLOW OUT Anywhere (v6)
3306/udp (v6) ALLOW OUT Anywhere (v6)
Já configurei para aceitar icmp no /etc/ufw/before.rulesarquivo
# allow outbound icmp
-A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
Você não permitiu o tráfego DNS de saída, portanto, os nomes não podem ser resolvidos para endereços IP.