为什么防火墙中的IP规则无法删除?
1panel最新版
无论怎么点删除,提示删除成功。IP确一直都在,刷新啥的都一样。
截图看一下 sudo ufw status verbose
这两个ip都是cf的ip,但无法查到具体来自哪里的请求,网站日志也查不到
root@ECS-WEB:~# sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
Anywhere DENY IN 104.18.7.192
Anywhere REJECT IN 79.110.62.145 # by Fail2Ban after 0 attempts against sshd
Anywhere REJECT IN 85.209.11.27 # by Fail2Ban after 0 attempts against sshd
Anywhere REJECT IN 77.242.86.114 # by Fail2Ban after 0 attempts against sshd
Anywhere REJECT IN 183.81.169.238 # by Fail2Ban after 0 attempts against sshd
Anywhere REJECT IN 156.54.179.52 # by Fail2Ban after 0 attempts against sshd
Anywhere REJECT IN 63.142.218.239 # by Fail2Ban after 0 attempts against sshd
Anywhere DENY IN 104.21.62.169
Anywhere DENY IN 104.18.6.192
39668/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
3306/tcp ALLOW IN Anywhere
3000/tcp ALLOW IN Anywhere
39668/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
3306/tcp (v6) ALLOW IN Anywhere (v6)
3000/tcp (v6) ALLOW IN Anywhere (v6)
104.18.7.192 DENY OUT Anywhere
104.18.6.192 DENY OUT Anywhere
root@ECS-WEB:~#
通过捕获ip网络流量 sudo tcpdump -i ens17 host 104.18.7.192 只看到如下信息
10:43:38.895693 IP ECS-WEB.37278 > 104.18.7.192.https: Flags [P.], seq 8915553:8923069, ack 396788, win 65535, options [nop,nop,TS val 1250334869 ecr 2607635172], length 7516
10:43:38.897014 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8904213, win 22400, options [nop,nop,TS val 2607635172 ecr 1250334852], length 0
10:43:38.897017 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8905409, win 22400, options [nop,nop,TS val 2607635172 ecr 1250334852], length 0
10:43:38.897079 IP ECS-WEB.37278 > 104.18.7.192.https: Flags [P.], seq 8923069:8926613, ack 396788, win 65535, options [nop,nop,TS val 1250334870 ecr 2607635172], length 3544
10:43:38.899891 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8906797, win 22400, options [nop,nop,TS val 2607635177 ecr 1250334854], length 0
10:43:38.899895 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8907417, win 22400, options [nop,nop,TS val 2607635177 ecr 1250334854], length 0
10:43:38.899976 IP ECS-WEB.37278 > 104.18.7.192.https: Flags [P.], seq 8926613:8929197, ack 396788, win 65535, options [nop,nop,TS val 1250334873 ecr 2607635177], length 2584
10:43:38.901645 IP 104.18.7.192.https > ECS-WEB.37278: Flags [P.], seq 396788:397341, ack 8907417, win 22400, options [nop,nop,TS val 2607635179 ecr 1250334854], length 553
10:43:38.901836 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8908805, win 22400, options [nop,nop,TS val 2607635179 ecr 1250334855], length 0
10:43:38.901885 IP ECS-WEB.37278 > 104.18.7.192.https: Flags [P.], seq 8929197:8931205, ack 397341, win 65535, options [nop,nop,TS val 1250334875 ecr 2607635179], length 2008
10:43:38.901909 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8909677, win 22400, options [nop,nop,TS val 2607635179 ecr 1250334855], length 0
10:43:38.902420 IP 104.18.7.192.https > ECS-WEB.37278: Flags [P.], seq 397341:397906, ack 8909677, win 22400, options [nop,nop,TS val 2607635180 ecr 1250334855], length 565
10:43:38.903744 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8911065, win 22400, options [nop,nop,TS val 2607635180 ecr 1250334859], length 0
10:43:38.903748 IP 104.18.7.192.https > ECS-WEB.37278: Flags [.], ack 8912453, win 22400, options [nop,nop,TS val 2607635180 ecr 1250334859], length 0
不知道这两cf的ip到底哪里来的 禁也禁不掉,一直占用大量带宽。