CentOS 5.6上的IPtables问题

前端之家收集整理的这篇文章主要介绍了CentOS 5.6上的IPtables问题前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我在CentOS 5.6机器上遇到了IPtables的问题,以前工作正常,我不能完全确定何时开始发生这种情况,因为当我在端口上允许新的IP时我才注意到这个问题.

基本上,当我尝试停止,启动或重启时,我得到以下内容

Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
Unloading iptables modules: [  OK  ]

出于某种原因,无论我做什么,我都无法重新配置规则.我已经尝试完全卸载IPtables(通过yum),但即使在系统重启后,它仍然只允许连接到问题开始之前打开的端口,并过滤其他所有内容.

我真的在我的智慧结束,iptables状态显示完全空链,但仍然没有外部连接的喜悦.

任何想法,将不胜感激.如果您希望我提供更多信息,请告诉我.

提前致谢,
山姆.

编辑:/ etc / sysconfig / iptables的内容(由于删除并重新安装了iptables,它基本上是空的).

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

编辑2:

如果我运行/etc/init.d/iptables停止我得到:

Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
Unloading iptables modules: [  OK  ]

而空的规则:

$iptables -L -n -v
Chain INPUT (policy ACCEPT 81 packets,6575 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 72 packets,4133 bytes)
 pkts bytes target     prot opt in     out     source               destination

但它仍然阻止和过滤端口.

同样,开始的结果是:

/etc/init.d/iptables start
Flushing firewall rules: [  OK  ]
Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
Unloading iptables modules: [  OK  ]
Applying iptables firewall rules: [  OK  ]

iptables -L -n -v
Chain INPUT (policy DROP 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  207 54155 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    4   228 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 
    2   116 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143 
    1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993 
    2   128 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:995 
    0     0 ACCEPT     tcp  --  *      *       -sanitized-          0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       192.168.0.0/16       0.0.0.0/0           tcp dpt:22 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 code 0 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     all  --  lo     lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets,0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  158 25662 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 reject-with tcp-reset 
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
   33  2351 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

但我仍然无法连接SSH端口22(我使用的是串口控制台).

这个帖子有一个适合我的解决方案: http://forum.linode.com/viewtopic.php?t=6981&postdays=0&postorder=asc&start=0

解决方案是将以下行添加到/etc/init.d/iptables

echo -n $"${IPTABLES}: Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
        echo -n "$i "
        case "$i" in
+           security)
+               $IPTABLES -t filter -P INPUT $policy \
+                   && $IPTABLES -t filter -P OUTPUT $policy \
+                   && $IPTABLES -t filter -P FORWARD $policy \
+                   || let ret+=1
+               ;;
            raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
                    || let ret+=1
                ;;

猜你在找的CentOS相关文章