1Panel
1Panel copied to clipboard
1Panel-dev
[Bug] The ufw firewall of the debain12 system disables ping, and will become pingable after restarting the ufw service or restarting the server.
Contact Information
No response
1Panel Version
1.10.22
Problem Description
debain12系统的ufw防火墙禁ping,会在重启ufw服务或重启服务器后变为可ping的状态
Steps to Reproduce
- 启用禁ping,测试无法ping通服务器,正常;
- 重启ufw服务,禁ping状态一直保持开启,测试可以ping通服务器,异常;
- 重启服务器,禁ping状态一直保持开启,测试可以ping通服务器,异常;
The expected correct result
No response
Related log output
No response
Additional Information
No response
感谢反馈,我们先在 Debian 12 服务器中验证一下上述问题,并测试一下兼容性。
可以复现吗,我试用了其他的服务器,安装Debian 12,测试是一样的结果
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
Thanks for the feedback, we will first verify the above problem in the Debian 12 server and test the compatibility.
Can it be reproduced? I tried other servers and installed Debian 12. The test results are the same.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
The problem has been reproduced in the development environment. It seems that after the firewall is restarted, sysctl.conf does not take effect normally. Manually executing sysctl -p will solve the problem.
开发环境已经复现该问题,看起来是防火墙重启后,sysctl.conf 没有正常生效,手动执行 sysctl -p 就好使了。
好的,确定问题就好,目前重新开关一下禁ping选项也是可以的
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
This problem has been reproduced in the development environment. It seems that after the firewall is restarted, sysctl.conf does not take effect normally. Manually executing sysctl -p will work.
Okay, just confirm the problem. Now you can turn on and off the ping ban option again.
开发环境已经复现该问题,看起来是防火墙重启后,sysctl.conf 没有正常生效,手动执行 sysctl -p 就好使了。
好的,确定问题就好,目前重新开关一下禁ping选项也是可以的
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
This problem has been reproduced in the development environment. It seems that after the firewall is restarted, sysctl.conf does not take effect normally. Manually executing sysctl -p will work.
Okay, just confirm the problem. It is also possible to turn the ping ban option on again.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
Does it mean that it will be automatically changed to 0 after restarting ufw?
After restart
The switch detected is still on.
问题描述: 当前禁 ping 修改的是 /etc/sysctl.conf 文件,但是 ufw 里面存在一个 /etc/ufw/sysctl.conf, 重启 ufw 后,如果这俩文件内容有不一致的情况, /etc/ufw/sysctl.conf 会覆盖 /etc/sysctl.conf 生效
解决办法:找到 /etc/ufw/sysctl.conf 文件,编辑 net/ipv4/icmp_echo_ignore_all=1 然后重启即可
具体参考 https://www.cnblogs.com/guangdelw/p/17315109.html
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
Problem description: Currently, the /etc/sysctl.conf file that is prohibited from ping is modified, but there is a /etc/ufw/sysctl.conf in ufw. After restarting ufw, if the contents of the two files are inconsistent, /etc/ufw/sysctl.conf Will overwrite /etc/sysctl.conf to take effect
Solution: Find the /etc/ufw/sysctl.conf file, edit net/ipv4/icmp_echo_ignore_all=1 and then restart