防火墙配置：允许本地回环接口流量

2025-06-08 10:24:13 +08:00 · 2025-03-10 10:50:44 +08:00 · 2025-03-10 10:50:44 +08:00 · 4a3b00dea5
commit 4a3b00dea5
parent cfd2e19417
1 changed files with 2 additions and 0 deletions
--- a/install.sh
+++ b/install.sh
@ -401,6 +401,7 @@ flush ruleset
 table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
+        iifname "lo" accept
        ct state established,related accept
        ip saddr { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } accept
        tcp dport 22 accept
@ -423,6 +424,7 @@ EOF
        systemctl enable nftables 2>/dev/null || log "WARN" "无法启用 nftables 服务"
    else
        iptables -F && iptables -t nat -F || { log "ERROR" "清理 IPv4 规则失败"; exit 1; }
+        iptables -A INPUT -i lo -j ACCEPT
        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
        iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT