飞牛防火墙源端口不放行（连接跟踪）导致无法访问外网问题

Brill · 2026-3-18 22:15:00

系统版本：X86

设备环境：物理机、反代、V1.1.23；

BUG现象：

测试1：

防火墙入口默认全部禁止。出口默认放行。
curl -v -I https://www.baidu.com 无法访问
路由器抓包：
192.168.10.20:55432->baidu ip :443 NAS请求包发出
192.168.10.20:55432<-baidu ip :443 包截拦进不去NAS
测试2：

防火墙入口默认全部禁止，放行网页端口，放行1024-65535端口。出口默认放行。
curl -v -I https://www.baidu.com 正常访问

出现频率：必现

Brill · 2026-3-18 22:44:28

找了一下相应的问题，应该是类似：

https://club.fnnas.com/forum.php?mod=viewthread&tid=54719&extra=page%3D1

https://club.fnnas.com/forum.php?mod=viewthread&tid=12461

https://club.fnnas.com/forum.php?mod=viewthread&tid=28498&page=1#pid133636

文采差AI解释：

飞牛技术同学 · 2026-3-25 11:15:27

已联系正在排查尝试复现该情况

Brill · 2026-3-31 18:40:14

飞牛技术同学发表于 2026-3-25 11:15
已联系正在排查尝试复现该情况

啥时候修复呀，放通端口老被扫

Tion · 2026-4-1 11:43:17

我也是这样

Tion · 2026-4-1 11:46:05

飞牛技术同学发表于 2026-3-25 11:15
已联系正在排查尝试复现该情况

1. 问题简述
在飞牛 OS 网页端“防火墙/端口管理”中，将入站规则设为“默认拒绝”并仅放行特定业务端口（如 Lucky 的 xxxx/xxxx）后，会导致系统多个核心功能及插件失效。

2.具体故障现象
Lucky 插件异常：内置测速功能失败、轻面板（资源加载）无法打开（提示 i/o timeout）。

Lucky DDNS 功能失效：无法通过 API 查询公网 IP（提示连接超时）。

系统应用商店：无法刷新列表，无法下载或更新应用。

网络连通性限制：在 SSH 终端执行 curl 或 wget 外部域名（如百度）无响应，但 ping 物理网关（局域网、127）正常。

备注：外部通过已放行的端口（如 Lucky Web 服务）访问正常。

3.设备环境
蜗牛星际B款双网卡
聚合网口 2000Mb/s 轮询模式
物理机X86 系统版本 fnOS 1.1.26

Brill · 2026-4-9 23:12:03

飞牛技术同学发表于 2026-3-25 11:15
已联系正在排查尝试复现该情况

补充信息：

发现是在OVS模式出现的，关掉OVS后正常了；

开启OVS时防火墙也有报错：

Apr 09 22:26:57 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_ENABLE","data":{"UID":"huisc"},"uid":1000,"datetime":1775744817}
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:26:57 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:27:34 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_RULE_CHANGED","data":{"UID":"huisc"},"uid":1000,"datetime":1775744854}
Apr 09 22:29:46 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_RULE_CHANGED","data":{"UID":"huisc"},"uid":1000,"datetime":1775744986}
Apr 09 22:29:56 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_RULE_CHANGED","data":{"UID":"huisc"},"uid":1000,"datetime":1775744996}
Apr 09 22:46:19 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_RULE_CHANGED","data":{"UID":"huisc"},"uid":1000,"datetime":1775745979}
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: bpf_tc_opts has non-zero extra bytes
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: bpf_tc_opts has non-zero extra bytes
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: This filter block is shared. Please use the block index to manipulate the filters
Apr 09 22:46:20 DataCenter security_service[2279]: libbpf: Kernel error message: Exclusivity flag on, cannot modify
Apr 09 22:47:31 DataCenter TRIMEVENT[2279]: TRIMEVENT:{"from":"security","eventId":"FW_DISABLE","data":{"UID":"huisc"},"uid":1000,"datetime":1775746051}

Brill · 2026-4-9 23:12:59

Tion 发表于 2026-4-1 11:46
1. 问题简述
在飞牛 OS 网页端“防火墙/端口管理”中，将入站规则设为“默认拒绝”并仅放行特定业务端 ...

关掉OVS试试你是不是也正常了，好像是XDP 冲突

		自动登录	找回密码
密码			立即注册

飞牛防火墙源端口不放行（连接跟踪）导致无法访问外网问题

本帖子中包含更多资源

本帖子中包含更多资源

点评

点评

fnOS1.0上线纪念勋章