我的服务器中有一个规则集,如下所示:
table inet firewall {
chain INBOUND {
type filter hook input priority filter; policy drop;
ct state established,related accept
ct state invalid drop
iif "lo" counter packets 0 bytes 0 accept
ip protocol icmp limit rate 4/second accept
ip6 nexthdr ipv6-icmp limit rate 4/second accept
ip protocol igmp limit rate 4/second accept
tcp dport 22 accept
log
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
}
chain OUTBOUND {
type filter hook output priority filter; policy drop;
oif "lo" counter packets 35 bytes 1946 accept
tcp dport 22 accept
}
}
即使应该打开端口,我也无法从端口 22 上的 ssh 连接。如果我输入:
$ nft flush ruleset
,则 22 端口允许连接。
我做错了什么?