我正在尝试设置我的服务器,以便只能从 localhost 访问端口 5432(Postgres)。所以我拒绝了一切,并添加了端口 5432,但是我无法连接到它。
这是我的 UFW 配置:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
127.0.0.1 5432 ALLOW IN 127.0.0.1
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 ALLOW OUT Anywhere
22 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
33434:33524/udp ALLOW OUT Anywhere
127.0.0.1 5432 ALLOW OUT 127.0.0.1
80 (v6) ALLOW OUT Anywhere (v6)
22 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
33434:33524/udp (v6) ALLOW OUT Anywhere (v6)
和 netstat:
$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::55056 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
只是为了确认确实是 ufw 阻止了连接,因为如果我禁用它,它就可以正常工作。知道我缺少什么吗?
从您的 netstat 中,我们可以看到只提到了 5432 端口(即 tcp6 线路正在侦听
:::5432
。这表明您的程序仅在侦听IPv6
。您的防火墙只允许IPv4
。有两种选择,一种是您允许 IPv6 地址::1
(IPv6
相当于 localhost)连接到防火墙中的该服务,另一个是让您的程序监听IPv4
. 最好的可能是两者都做。