\u5728update-alternatives –config iptables\u547d\u4ee4\u4e2d\uff0c\u5c06iptables-legacy\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u9009\u9879\u3002<\/p>\n
$ <\/span>sudo <\/span>update-alternatives --config<\/span> iptables\r\nalternative iptables (<\/span>\/usr\/sbin\/iptables \u3092\u63d0\u4f9b)<\/span> \u306b\u306f 2 \u500b\u306e\u9078\u629e\u80a2\u304c\u3042\u308a\u307e\u3059\u3002\r\n\r\n \u9078\u629e\u80a2 \u30d1\u30b9 \u512a\u5148\u5ea6 \u72b6\u614b\r\n------------------------------------------------------------<\/span>\r\n*<\/span> 0 \/usr\/sbin\/iptables-nft 20 \u81ea\u52d5\u30e2\u30fc\u30c9\r\n 1 \/usr\/sbin\/iptables-legacy 10 \u624b\u52d5\u30e2\u30fc\u30c9\r\n 2 \/usr\/sbin\/iptables-nft 20 \u624b\u52d5\u30e2\u30fc\u30c9\r\n\r\n\u73fe\u5728\u306e\u9078\u629e [<\/span>*<\/span>]<\/span> \u3092\u4fdd\u6301\u3059\u308b\u306b\u306f <Enter>\u3001\u3055\u3082\u306a\u3051\u308c\u3070\u9078\u629e\u80a2\u306e\u756a\u53f7\u306e\u30ad\u30fc\u3092\u62bc\u3057\u3066\u304f\u3060\u3055\u3044: 1\r\nupdate-alternatives: \/usr\/sbin\/iptables (<\/span>iptables)<\/span> \u3092\u63d0\u4f9b\u3059\u308b\u305f\u3081\u306b\u30de\u30cb\u30e5\u30a2\u30eb\u30e2\u30fc\u30c9\u3067 \/usr\/sbin\/iptables-legacy \u3092\u4f7f\u3044\u307e\u3059\r\n\r\n$ <\/span>sudo <\/span>reboot\r\n<\/code><\/pre>\n\u7a81\u7136\u4e0b\u7ed3\u8bba\u3002 xi\u00e0<\/h2>\n\n- \n
Debian 10\u306fiptables v1.8\u7cfb\u3092\u63a1\u7528\uff0enftables API\u3092\u4f7f\u3046iptables-nft\u3068\u65e7\u6765\u306eiptables-legacy\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\uff0e<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u30c7\u30d5\u30a9\u30eb\u30c8\u306fiptables-nft\u3060\u304c\uff0cDocker\u306fiptables-legacy\u3092\u4f7f\u3046\uff0e<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u3053\u306e\u72b6\u614b\u3067\uff0cufw\u306a\u3069\u3092\u4f7f\u3063\u3066iptables-nft\u3067\u5b9a\u7fa9\u3092\u8a2d\u5b9a\u3059\u308b\u3068\uff0ciptables-legacy\u306e\u5b9a\u7fa9\u306f\u7121\u8996\u3055\u308c\u308b\uff08\u3088\u3046\u3060\uff09\uff0e\u305d\u306e\u7d50\u679c\uff0c\u5916\u90e8\u3068\u306e\u901a\u4fe1\u304c\u3067\u304d\u306a\u3044\uff0e<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u305d\u3053\u3067\uff0ciptables-legacy\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u306b\u5909\u66f4\u3057\uff0c\u5b9a\u7fa9\u3092legacy\u5074\u306b\u5bc4\u305b\u3066\u5bfe\u51e6\u3059\u308b\uff0e<\/ul>\n\u8be6\u7ec6\u89e3\u91ca<\/h2>\nufw\u548ciptables<\/h3>\n
ufw\uff08Uncomplicated Firewall\uff09\u662f\u4e00\u79cd\u7b80\u5355\u6613\u7528\u7684\u9632\u706b\u5899\u7ba1\u7406\u5de5\u5177\uff0c\u53ea\u9700\u7f16\u5199ufw allow 22\/tcp\u7b49\u547d\u4ee4\u5373\u53ef\u5b9e\u73b0\u7aef\u53e3\u5f00\u653e\u3002<\/p>\n
\u5728\u5185\u90e8\uff0c\u5b83\u7684\u5b9a\u4f4d\u7c7b\u4f3c\u4e8eiptables\uff08Netfilter\uff09\u7684\u5305\u88c5\u5668\uff0c\u53ef\u4ee5\u8ba9\u60a8\u5fd8\u8bb0iptables\u6613\u5fd8\u7684\u547d\u4ee4\u4f53\u7cfb\u3002\u6211\u8ba4\u4e3a\u5b83\u6700\u521d\u662f\u4e3aUbuntu\u8bbe\u8ba1\u7684\u5de5\u5177\uff0c\u4f46\u662f\u4ece\u5f88\u65e9\u4ee5\u524d\u5f00\u59cb\u4e5f\u53ef\u4ee5\u5728Debian\u4e0a\u4f7f\u7528\u3002<\/p>\n
iptables v1.8\u652f\u6301nftables API\u3002<\/h3>\n
\u76ee\u524d\u6b63\u5728\u6d4b\u8bd5\u4e2d\u7684Debian GNU\/Linux 10 (buster)\u4e2d\uff0ciptables\u5df2\u4ece1.6\u7248\u672c\u5347\u7ea7\u52301.8\u7248\u672c\u3002<\/p>\n
iptables 1.8.0 release [LWN.net]<\/ul>\n\u5728iptables 1.8\u4e2d\uff0c\u65b0\u589e\u4e86\u4f7f\u7528nftables Kernel API1\u7684iptables-nft\u5de5\u5177\uff0c\u65e7\u6709\u7684\u5de5\u5177\u53ef\u4ee5\u4f7f\u7528iptables-legacy\u6765\u8fdb\u884c\u64cd\u4f5c\u3002<\/p>\n
iptables\u662fDebian 10\u7684\u9ed8\u8ba4\u8bbe\u7f6e\uff0c\u5176\u4e2d\u6709\u4e00\u4e2a\u6307\u5411iptables-nft\u7684\u7b26\u53f7\u94fe\u63a5\u3002ufw\u7b49\u4f7f\u7528\u8fd9\u4e2a\u9ed8\u8ba4\u8bbe\u7f6e\u3002<\/p>\n
$ <\/span>ls<\/span> -l<\/span> \/usr\/sbin\/iptables\r\nlrwxrwxrwx 1 root root 26 2\u6708 17 11:44 \/usr\/sbin\/iptables -> \/etc\/alternatives\/iptables\r\n$ <\/span>ls<\/span> -l<\/span> \/etc\/alternatives\/iptables\r\nlrwxrwxrwx 1 root root 22 2\u6708 18 22:53 \/etc\/alternatives\/iptables -> \/usr\/sbin\/iptables-nft\r\n<\/code><\/pre>\nDocker\u4f7f\u7528iptables-legacy\u3002<\/h3>\n
\u4e00\u65b9\u9762\uff0cDocker\u5728\u5904\u7406iptables-nft\u65f6\u9047\u5230\u4e86\u95ee\u9898\uff0c\u56e0\u6b64\u4e0d\u7ba1\u9ed8\u8ba4\u8bbe\u7f6e\u5982\u4f55\uff0c\u5fc5\u987b\u8fdb\u884c\u4fee\u6b63\u4ee5\u59cb\u7ec8\u4f7f\u7528iptables-legacy\u3002<\/p>\n
\n- \n
Docker doesn’t work with iptables v1.8.1 \u00b7 Issue #38099 \u00b7 moby\/moby<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
debian has iptables-legacy and iptables-nft now by myobie \u00b7 Pull Request #2285 \u00b7 docker\/libnetwork<\/ul>\nufw + Docker = \u4f7f\u7528iptables-nft + iptables-legacy<\/h3>\n
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5982\u679c\u4f7f\u7528\u9ed8\u8ba4\u8bbe\u7f6e\u7684ufw\u548cDocker\uff0c\u4f1a\u5b58\u5728iptables-nft\u548ciptables-legacy\u4e24\u4e2a\u5b9a\u4e49\u3002<\/p>\n
$ <\/span>sudo <\/span>iptables-nft -L<\/span>\r\nChain INPUT (<\/span>policy DROP)<\/span>\r\ntarget prot opt source <\/span>destination\r\nufw-before-logging-input all --<\/span> anywhere anywhere\r\nufw-before-input all --<\/span> anywhere anywhere\r\nufw-after-input all --<\/span> anywhere anywhere\r\nufw-after-logging-input all --<\/span> anywhere anywhere\r\nufw-reject-input all --<\/span> anywhere anywhere\r\nufw-track-input all --<\/span> anywhere anywhere\r\n\uff08\u7701\u7565\uff09\r\n\r\n$ <\/span>sudo <\/span>iptables-legacy -L<\/span>\r\nChain INPUT (<\/span>policy ACCEPT)<\/span>\r\ntarget prot opt source <\/span>destination\r\n\r\nChain FORWARD (<\/span>policy DROP)<\/span>\r\ntarget prot opt source <\/span>destination\r\nDOCKER-USER all --<\/span> anywhere anywhere\r\nDOCKER-ISOLATION-STAGE-1 all --<\/span> anywhere anywhere\r\nACCEPT all --<\/span> anywhere anywhere ctstate RELATED,ESTABLISHED\r\nDOCKER all --<\/span> anywhere anywhere\r\n\uff08\u7701\u7565\uff09\r\n<\/code><\/pre>\n\u4ece\u8fd9\u91cc\u5f00\u59cb\uff0c\u53ea\u80fd\u505a\u51fa\u63a8\u6d4b\uff0c\u4f46\u636e\u63a8\u6d4b\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u53ea\u6709 iptables-nft \u7684\u5b9a\u4e49\u624d\u4f1a\u751f\u6548\u3002\u56e0\u6b64\uff0c\u5c3d\u7ba1 Docker \u5df2\u7ecf\u4e3a\u6211\u4eec\u66f4\u6539\u4e86\u5b9a\u4e49\uff0c\u4f46\u5374\u65e0\u6cd5\u751f\u6548\uff0c\u5bfc\u81f4\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u3002<\/p>\n
\u5f53\u4f7f\u7528ping\u547d\u4ee4\u6307\u5b9aIP\u5730\u5740\u65f6\u53ef\u4ee5\u6b63\u5e38\u901a\u4fe1\uff0c\u4f46\u5f53\u6307\u5b9a\u4e3b\u673a\u540d\u65f6\u65e0\u6cd5\u89e3\u6790DNS\u7684\u60c5\u51b5\u3002<\/p>\n
$ <\/span>sudo <\/span>docker run -it<\/span> --rm<\/span> busybox\r\n\/ # ping github.com<\/span>\r\nping: bad address 'github.com'<\/span>\r\n\/ # ping 192.30.255.112<\/span>\r\nPING 192.30.255.112 (<\/span>192.30.255.112)<\/span>: 56 data bytes\r\n64 bytes from 192.30.255.112: seq<\/span>=<\/span>0 ttl<\/span>=<\/span>49 time<\/span>=<\/span>133.961 ms\r\n64 bytes from 192.30.255.112: seq<\/span>=<\/span>1 ttl<\/span>=<\/span>49 time<\/span>=<\/span>134.677 ms\r\n<\/code><\/pre>\n\u5904\u7406\u65b9\u6cd5\uff1a\u5c06iptables-legacy\u8bbe\u7f6e\u4e3a\u9ed8\u8ba4\u9009\u9879\u3002<\/h3>\n
\u55ef\uff0c\u5173\u4e8e\u89e3\u51b3\u65b9\u6cd5\uff0c\u6211\u4eec\u5efa\u8bae\u5927\u5bb6\u90fd\u4f7f\u7528iptables-legacy\uff0c\u5305\u62ecufw\u5728\u5185\u3002<\/p>\n
\u6b63\u5982\u5728 moby\/moby\u7684Issue\u8bc4\u8bba\u4e2d\u63d0\u5230\u7684\u90a3\u6837\uff0cDocker \u4e0e iptables v1.8.1 \u4e0d\u517c\u5bb9\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u628a\u9ed8\u8ba4\u7684 iptables \u66f4\u6539\u4e3a iptables-legacy\u3002<\/p>\n
$ <\/span>sudo <\/span>update-alternatives --config<\/span> iptables\r\nalternative iptables (<\/span>\/usr\/sbin\/iptables \u3092\u63d0\u4f9b)<\/span> \u306b\u306f 2 \u500b\u306e\u9078\u629e\u80a2\u304c\u3042\u308a\u307e\u3059\u3002\r\n\r\n \u9078\u629e\u80a2 \u30d1\u30b9 \u512a\u5148\u5ea6 \u72b6\u614b\r\n------------------------------------------------------------<\/span>\r\n*<\/span> 0 \/usr\/sbin\/iptables-nft 20 \u81ea\u52d5\u30e2\u30fc\u30c9\r\n 1 \/usr\/sbin\/iptables-legacy 10 \u624b\u52d5\u30e2\u30fc\u30c9\r\n 2 \/usr\/sbin\/iptables-nft 20 \u624b\u52d5\u30e2\u30fc\u30c9\r\n\r\n\u73fe\u5728\u306e\u9078\u629e [<\/span>*<\/span>]<\/span> \u3092\u4fdd\u6301\u3059\u308b\u306b\u306f <Enter>\u3001\u3055\u3082\u306a\u3051\u308c\u3070\u9078\u629e\u80a2\u306e\u756a\u53f7\u306e\u30ad\u30fc\u3092\u62bc\u3057\u3066\u304f\u3060\u3055\u3044: 1\r\nupdate-alternatives: \/usr\/sbin\/iptables (<\/span>iptables)<\/span> \u3092\u63d0\u4f9b\u3059\u308b\u305f\u3081\u306b\u30de\u30cb\u30e5\u30a2\u30eb\u30e2\u30fc\u30c9\u3067 \/usr\/sbin\/iptables-legacy \u3092\u4f7f\u3044\u307e\u3059\r\n<\/code><\/pre>\n\u53ea\u9700\u8981\u91cd\u65b0\u542f\u52a8\u5c31\u5b8c\u6210\u4e86\u3002<\/p>\n
\u5373\u4f7fiptables-nft\u5b9a\u4e49\u4ecd\u7136\u5b58\u5728\uff0c\u4f46\u4f5c\u4e3a\u9ed8\u8ba4\u9009\u62e9\u7684\u662fiptables-legacy\uff0c\u56e0\u6b64legacy\u5c06\u4f18\u5148\u4f7f\u7528\u3002<\/p>\n
\u8bf7\u53c2\u8003<\/h2>\n\n- \n
Debian — buster \u306e iptables \u30d1\u30c3\u30b1\u30fc\u30b8\u306b\u95a2\u3059\u308b\u8a73\u7d30<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
iptables 1.8.0 release [LWN.net]<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
Docker doesn’t work with iptables v1.8.1 \u00b7 Issue #38099 \u00b7 moby\/moby<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
debian has iptables-legacy and iptables-nft now by myobie \u00b7 Pull Request #2285 \u00b7 docker\/libnetwork<\/ul>\nAPI\u81ea\u4f53\u4ece2014\u5e741\u6708\u53d1\u5e03\u7684Linux Kernel 3.13\u7248\u672c\u5f00\u59cb\u63d0\u4f9b\u3002
\n\u539f\u672ciptables-nft\u5e94\u8be5\u53ef\u4ee5\u4f7f\u7528\u76f8\u540c\u7684\u547d\u4ee4\uff0c\u4f46\u662f\u51fa\u73b0\u4e86\u4e00\u4e9b\u95ee\u9898\u3002\u5728Pull request\u4e2d\u53ef\u4ee5\u770b\u5230\u7c7b\u4f3c\u4e8e\u201c\u7ffb\u8bd1\u5668\u53ef\u80fd\u6709bug\uff0c\u6ca1\u6709\u5b8c\u5168\u8ddf\u8fdb\u5230\u4f4d?\u201d\u7684\u8bc4\u8bba\u3002
\n\u5173\u4e8enftables\u652f\u6301\uff0c\u65e9\u5728\u5f88\u4e45\u4ee5\u524d\u5c31\u6709\u76f8\u5173\u7684\u95ee\u9898\u63d0\u51fa\uff08[feature request] nftables support \u00b7 Issue #26824 \u00b7 moby\/moby\uff09\u3002<\/section>\n","protected":false},"excerpt":{"rendered":"\u7a81\u7136\u5904\u7406\u65b9\u6cd5 \u5728update-alternatives –config iptables\u547d\u4ee4\u4e2d\uff0c\u5c06 […]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[227],"class_list":["post-27255","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-227"],"yoast_head":"\n
Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898 - Blog - Silicon Cloud<\/title>\n<meta name=\"description\" content=\"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-\u5904\u7406docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898-2\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898\" \/>\n<meta property=\"og:description\" content=\"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-\u5904\u7406docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-01T08:05:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-11T17:40:53+00:00\" \/>\n<meta name=\"author\" content=\"\u65b0, \u97f5\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u65b0, \u97f5\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/\",\"name\":\"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-09-01T08:05:39+00:00\",\"dateModified\":\"2025-08-11T17:40:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/4ba4019495123db3038fd0809e6959c9\"},\"description\":\"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/4ba4019495123db3038fd0809e6959c9\",\"name\":\"\u65b0, \u97f5\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d484b6c6e4ae82e8a9efea989e1d2af46d9b6ef128101e63b18f559fca0ae627?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d484b6c6e4ae82e8a9efea989e1d2af46d9b6ef128101e63b18f559fca0ae627?s=96&d=mm&r=g\",\"caption\":\"\u65b0, \u97f5\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/yunxin\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898 - Blog - Silicon Cloud","description":"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-\u5904\u7406docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898-2\/","og_locale":"zh_CN","og_type":"article","og_title":"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898","og_description":"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-\u5904\u7406docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898-2\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-09-01T08:05:39+00:00","article_modified_time":"2025-08-11T17:40:53+00:00","author":"\u65b0, \u97f5","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u65b0, \u97f5","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"1 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/","name":"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-09-01T08:05:39+00:00","dateModified":"2025-08-11T17:40:53+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/4ba4019495123db3038fd0809e6959c9"},"description":"\u5173\u4e8eDebian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u7684\u6280\u672f\u6587\u7ae0","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"Debian 10(buster) + ufw + Docker: \u5904\u7406Docker\u5bb9\u5668\u65e0\u6cd5\u4e0e\u5916\u90e8\u901a\u4fe1\u7684\u95ee\u9898"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/4ba4019495123db3038fd0809e6959c9","name":"\u65b0, \u97f5","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d484b6c6e4ae82e8a9efea989e1d2af46d9b6ef128101e63b18f559fca0ae627?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d484b6c6e4ae82e8a9efea989e1d2af46d9b6ef128101e63b18f559fca0ae627?s=96&d=mm&r=g","caption":"\u65b0, \u97f5"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/yunxin\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/debian-10buster-ufw-docker-%e5%a4%84%e7%90%86docker%e5%ae%b9%e5%99%a8%e6%97%a0%e6%b3%95%e4%b8%8e%e5%a4%96%e9%83%a8%e9%80%9a%e4%bf%a1%e7%9a%84%e9%97%ae%e9%a2%98-2\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/27255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=27255"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/27255\/revisions"}],"predecessor-version":[{"id":91026,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/27255\/revisions\/91026"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=27255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=27255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=27255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}