以下是我的 iptables 的配置,
[root@fabulous ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Dec 23 15:55:09 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
但是,当我重新启动它时,我收到如下错误,作为通知,失败的行是“COMMIT”。谁能帮忙指出错误在哪里吗?提前致谢。
[root@fabulous ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 20 failed
[FAILED]
最佳答案
我想说,这一行中缺少 -m TCP:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
您通常可以通过 iptables-restore 自行应用规则来获得一些线索:
iptables-restore < /etc/sysconfig/iptables
编辑:发现它,第 11 行
-A RH-Firewall-1-INPUT -p udp -m tcp --dport 53 -j ACCEPT
您正在为 tcp 模块指定 udp 协议(protocol)。您的意思可能是:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
关于linux - 无法使用 iptables-restore 应用防火墙规则,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25144598/