查看问题详情
| 编号 | 项目 | 分类 | 查看权限 | 报告日期 | 最后更新 |
|---|---|---|---|---|---|
| 0000476 | Anolis OS 8 | iptables | public | 2021-11-04 14:22 | 2021-11-17 14:23 |
| 报告员 | anolis_account | 分派给 | LoongsonHFD | ||
| 优先级 | high | 严重性 | major | 出现频率 | always |
| 状态 | assigned | 处理状况 | open | ||
| 平台 | 龙芯 | 操作系统 | Anolis OS | 操作系统版本 | Anolis OS 8.4 |
| 标题 | 0000476: [Anolis OS 8.4][loongarch64]iptables增加设定规则丢弃icmp协议的包,ping localhost依然可以ping通 | ||||
| 描述 | iptables增加设定规则丢弃icmp协议的包,下边INPUT改成OUTPUT也是一样的 iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP ping localhost依然可以ping通 # uname -a Linux localhost.localdomain 4.19.190-2.1.an8.loongarch64 #1 SMP Tue Sep 28 06:19:17 UTC 2021 loongarch64 loongarch64 loongarch64 GNU/Linux [root@localhost tmp]# rpm -q iptables iptables-1.8.4-17.0.1.an8.loongarch64 | ||||
| 问题重现步骤 | 1.iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP [root@localhost tmp]# iptables -nL Chain INPUT (policy ACCEPT) target prot opt source destination DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 2.ping localhost,预期不可以ping通,但实际仍然可以 [root@localhost tmp]# ping localhost PING localhost(localhost (::1)) 56 data bytes 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.088 ms 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.021 ms | ||||
| 标签 | 没加标签. | ||||
|
|
经过测试发现是host文件中localhost写法导致的问题。目前openanolis loongarch预览版中/etc/hosts文件中的内容如下: [root@localhost ~]# more /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@localhost ~]# 在iptables写入丢弃icmp协议包,ping的时候,走的是ipv6. [root@localhost ~]# ping localhost PING localhost(localhost (::1)) 56 data bytes 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.046 ms 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.016 ms 将hosts文件修改为: 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 可以看到iptables规则已经生效。 [root@localhost ~]# ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. ^C --- localhost ping statistics --- 11 packets transmitted, 0 received, 100% packet loss, time 10237ms |
|
|
好的 那就不是问题了 |
| 日期 | 用户名 | 字段 | 更改 |
|---|---|---|---|
| 2021-11-04 14:22 | anolis_account | 新建问题 | |
| 2021-11-05 10:15 | jacobwang | 分派给 | => LoongsonHFD |
| 2021-11-05 10:15 | jacobwang | 状态 | 新建 => 已分配 |
| 2021-11-05 10:32 | LoongsonHFD | 分派给 | LoongsonHFD => |
| 2021-11-05 10:41 | jacobwang | 分派给 | => LoongsonHFD |
| 2021-11-16 16:15 | streamlet_hy | 注释已添加: 0000715 | |
| 2021-11-17 14:23 | anolis_account | 注释已添加: 0000735 |
