Nikk's questions

所以我有两个输入链，input并且dyn是动态生成的。

然而，由于 的原因，规则dyn不起作用input。我尝试过设置inputto的优先级1，甚至设置todyn的优先级。依然没有。0-200

当我刷新input规则时，然后就dyn可以了。

我在这里做错了什么？

sudo nft list ruleset
table inet filter {
chain input {
    type filter hook input priority filter + 1; policy accept;
    iif "lo" accept
    ct state established,related accept
    tcp dport 299 ip saddr 3x.xx.xx.xx accept
    icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, 148, 149 } accept
    ip6 saddr fe80::/10 icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, mld2-listener-report, 151, 152, 153 } accept
    counter packets 10 bytes 5255 drop
}

chain dyn {
    type filter hook input priority filter; policy accept;
    iif "lo" accept
    ct state established,related accept
    ip saddr 2x.xx.xx.xx udp dport 8999 log prefix "dyn" accept
    ip6 saddr xxx:xxxx:xxxx:xxxx::9999 udp dport 8999 log prefix "dyn" accept
    ip saddr 2x.xx.xx.xx tcp dport 7999 log prefix "dyn" accept
    ip6 saddr xxx:xxxx:xxxx:xxxx::9999 tcp dport 7999 log prefix "dyn" accept
    ip saddr 2x.xx.xx.xx icmp type echo-request log prefix "dyn" accept
    ip6 saddr xxx:xxxx:xxxx:xxxx::9999 icmp type echo-request log prefix "dyn"
    ip saddr 2x.xx.xx.xx tcp dport 6999 log prefix "dyn" accept
    ip6 saddr xxx:xxxx:xxxx:xxxx::aaaa tcp dport 6999 log prefix "dyn" accept
}
}

auditd -n继续为以下内容编写和使用资源。它是什么，这个脚本是否有必要不断地写东西？

我正在运行 Cenots 7 和 Plex Onyx……如果不需要，我真的很想卸载它。

type=NETFILTER_CFG msg=audit(1487879713.783:1316): table=filter family=2 entries=52
type=SYSCALL msg=audit(1487879713.783:1316): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=0 a2=40 a3=21ff8a0 items=0 ppid=18408 pid=18469 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ip$
type=NETFILTER_CFG msg=audit(1487879713.790:1317): table=filter family=10 entries=52
type=SYSCALL msg=audit(1487879713.790:1317): arch=c000003e syscall=54 success=yes exit=0 a0=3 a1=29 a2=40 a3=190ce50 items=0 ppid=18408 pid=18470 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="i$
type=NETFILTER_CFG msg=audit(1487879713.795:1318): table=filter family=2 entries=66
type=SYSCALL msg=audit(1487879713.795:1318): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=a75050 items=0 ppid=18408 pid=18471 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ipt$
type=NETFILTER_CFG msg=audit(1487879713.802:1319): table=filter family=2 entries=67
type=SYSCALL msg=audit(1487879713.802:1319): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=b74500 items=0 ppid=18408 pid=18472 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ipt$
type=NETFILTER_CFG msg=audit(1487879713.810:1320): table=filter family=2 entries=68
type=SYSCALL msg=audit(1487879713.810:1320): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=18db680 items=0 ppid=18408 pid=18473 auid=10000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4 comm="ip$
type=NETFILTER_CFG msg=audit(1487879713.817:1321): table=filter family=10 entries=66

更改端口后。

并重新启动 SSH 服务，它对我来说失败了。

我跑的时候得到了以下信息systemctl status sshd.service：

sshd.service: main process exited, code=exited, status=255/n/a
Unit sshd.service entered failed state.
sshd.service failed.

有关如何解决此问题的任何建议（此处为 newb）？