启用防火墙后无法访问GitLab（操作系统：Ubuntu 16.04）描述_Ubuntu_Gitlab_Firewall_Sysadmin_Ufw

启用防火墙后无法访问GitLab（操作系统：Ubuntu 16.04）描述

ubuntu gitlab

启用防火墙后无法访问GitLab（操作系统：Ubuntu 16.04）描述,ubuntu,gitlab,firewall,sysadmin,ufw,Ubuntu,Gitlab,Firewall,Sysadmin,Ufw,几天前，我安装了GitLab，它似乎工作得很好，但当我今天尝试连接时，它打印了一个502错误（加载时间太长）！！如前所述，它在禁用防火墙的情况下工作得非常好：）代码：输出： 2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused 2017-09-04_09:18

几天前，我安装了GitLab，它似乎工作得很好，但当我今天尝试连接时，它打印了一个502错误（加载时间太长）

！！如前所述，它在禁用防火墙的情况下工作得非常好：）

代码：

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

已经试过了在尝试和研究之后，我发现它在禁用防火墙的情况下工作得非常好，所以我查找了所需的端口并允许它们通过

ufw allow "rule"

这是我现在打开的端口：

ufw status

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

我现在尝试了一些方法，但我不知道为什么它不起作用

gitlab-ctl reconfigure

效果很好（已经有10次了）

我还多次重新启动服务器（并且每次都可以连接到gitlab，但只能使用禁用的ufw）

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

我的配置代码：

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

ufw的怪异行为也许很重要，我不知道

当我安装openvpn时，我不得不向/etc/ufw/before.rules添加内容

代码：

输出（仅相关内容）：

当我这样做的时候

ufw reload

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

但是当我跑的时候

ufw enable

紧接着，它就工作了，防火墙在那之后是活动的

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

因为这是我在stackoverflow上问的第一个问题（是的，我知道如何使用google，而且我自己从来没有启动过线程；），我希望我提供了足够的信息（如果不只是告诉我的话），并且有人能抽出时间帮我

提前谢谢大家,

保罗

编辑：当我在之前注释掉OpenVPN规则时，它会起作用。规则

u在之前推荐OpenVPN规则。规则解决了问题，我想知道如何在不阻止gitlab的情况下启用伪装。

u在之前推荐OpenVPN规则。规则解决了问题，我想知道如何在没有刹车的情况下启用伪装