ufw가 활성화된 경우 호스트 이름/도메인을 ping할 수 없습니다.

ufw가 활성화된 경우 도메인/호스트 이름을 ping할 수 없는 이유는 무엇입니까?

[root@ip-172-31-23-37 ec2-user]# ping google.com
ping: google.com: Name or service not known
[root@ip-172-31-23-37 ec2-user]# ufw disable
Firewall stopped and disabled on system startup
[root@ip-172-31-23-37 ec2-user]# ping google.com
PING google.com (74.125.24.100) 56(84) bytes of data.
64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=1 ttl=100 time=2.14 ms
64 bytes from 74.125.24.100 (74.125.24.100): icmp_seq=2 ttl=100 time=2.19 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.149/2.170/2.192/0.051 ms
[root@ip-172-31-23-37 ec2-user]# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
[root@ip-172-31-23-37 ec2-user]# ping google.com
ping: google.com: Name or service not known

command 를 사용하여 정의된 것을 제외하고 모든 나가는 트래픽이 비활성화되었습니다 ufw default deny outgoing. ufw 상태:

80                         ALLOW OUT   Anywhere
443                        ALLOW OUT   Anywhere
3306                       ALLOW OUT   Anywhere
2465                       ALLOW OUT   Anywhere
3306/tcp                   ALLOW OUT   Anywhere
3306/udp                   ALLOW OUT   Anywhere
127.0.0.1 3306             ALLOW OUT   Anywhere
80 (v6)                    ALLOW OUT   Anywhere (v6)
443 (v6)                   ALLOW OUT   Anywhere (v6)
3306 (v6)                  ALLOW OUT   Anywhere (v6)
2465 (v6)                  ALLOW OUT   Anywhere (v6)
3306/tcp (v6)              ALLOW OUT   Anywhere (v6)
3306/udp (v6)              ALLOW OUT   Anywhere (v6)

/etc/ufw/before.rules이미 파일 에 ICMP를 허용하도록 설정했습니다.

# allow outbound icmp
-A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT