CentOS 5.6上的IPtables问题

前端之家收集整理的这篇文章主要介绍了CentOS 5.6上的IPtables问题前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我在CentOS 5.6机器上遇到了IPtables的问题,以前工作正常,我不能完全确定何时开始发生这种情况,因为当我在端口上允许新的IP时我才注意到这个问题.

基本上,当我尝试停止,启动或重启时,我得到以下内容

  1. Flushing firewall rules: [ OK ]
  2. Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
  3. Unloading iptables modules: [ OK ]

出于某种原因,无论我做什么,我都无法重新配置规则.我已经尝试完全卸载IPtables(通过yum),但即使在系统重启后,它仍然只允许连接到问题开始之前打开的端口,并过滤其他所有内容.

我真的在我的智慧结束,iptables状态显示完全空链,但仍然没有外部连接的喜悦.

任何想法,将不胜感激.如果您希望我提供更多信息,请告诉我.

提前致谢,
山姆.

编辑:/ etc / sysconfig / iptables的内容(由于删除并重新安装了iptables,它基本上是空的).

  1. # Firewall configuration written by system-config-securitylevel
  2. # Manual customization of this file is not recommended.
  3. *filter
  4. :INPUT ACCEPT [0:0]
  5. :FORWARD ACCEPT [0:0]
  6. :OUTPUT ACCEPT [0:0]
  7. COMMIT

编辑2:

如果我运行/etc/init.d/iptables停止我得到:

  1. Flushing firewall rules: [ OK ]
  2. Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
  3. Unloading iptables modules: [ OK ]

而空的规则:

  1. $iptables -L -n -v
  2. Chain INPUT (policy ACCEPT 81 packets,6575 bytes)
  3. pkts bytes target prot opt in out source destination
  4.  
  5. Chain FORWARD (policy ACCEPT 0 packets,0 bytes)
  6. pkts bytes target prot opt in out source destination
  7.  
  8. Chain OUTPUT (policy ACCEPT 72 packets,4133 bytes)
  9. pkts bytes target prot opt in out source destination

但它仍然阻止和过滤端口.

同样,开始的结果是:

  1. /etc/init.d/iptables start
  2. Flushing firewall rules: [ OK ]
  3. Setting chains to policy ACCEPT: security raw nat mangle filter [Failed]
  4. Unloading iptables modules: [ OK ]
  5. Applying iptables firewall rules: [ OK ]
  6.  
  7. iptables -L -n -v
  8. Chain INPUT (policy DROP 0 packets,0 bytes)
  9. pkts bytes target prot opt in out source destination
  10. 207 54155 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  11. 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
  12. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
  13. 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
  14. 4 228 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
  15. 2 116 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
  16. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
  17. 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
  18. 2 128 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
  19. 0 0 ACCEPT tcp -- * * -sanitized- 0.0.0.0/0 tcp dpt:22
  20. 0 0 ACCEPT tcp -- * * 192.168.0.0/16 0.0.0.0/0 tcp dpt:22
  21. 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
  22. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 code 0
  23. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  24.  
  25. Chain FORWARD (policy DROP 0 packets,0 bytes)
  26. pkts bytes target prot opt in out source destination
  27. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  28. 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
  29. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
  30. 0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0
  31. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  32.  
  33. Chain OUTPUT (policy DROP 0 packets,0 bytes)
  34. pkts bytes target prot opt in out source destination
  35. 158 25662 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  36. 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
  37. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
  38. 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
  39. 33 2351 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

但我仍然无法连接SSH端口22(我使用的是串口控制台).

这个帖子有一个适合我的解决方案: http://forum.linode.com/viewtopic.php?t=6981&postdays=0&postorder=asc&start=0

解决方案是将以下行添加到/etc/init.d/iptables

  1. echo -n $"${IPTABLES}: Setting chains to policy $policy: "
  2. ret=0
  3. for i in $tables; do
  4. echo -n "$i "
  5. case "$i" in
  6. + security)
  7. + $IPTABLES -t filter -P INPUT $policy \
  8. + && $IPTABLES -t filter -P OUTPUT $policy \
  9. + && $IPTABLES -t filter -P FORWARD $policy \
  10. + || let ret+=1
  11. + ;;
  12. raw)
  13. $IPTABLES -t raw -P PREROUTING $policy \
  14. && $IPTABLES -t raw -P OUTPUT $policy \
  15. || let ret+=1
  16. ;;

猜你在找的CentOS相关文章