Linux 无法使用iptables还原应用防火墙规则
以下是我的iptables的配置Linux 无法使用iptables还原应用防火墙规则,linux,shell,linux-kernel,iptables,Linux,Shell,Linux Kernel,Iptables,以下是我的iptables的配置 [root@fabulous ~]# vi /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Mon Dec 23 15:55:09 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall
[root@fabulous ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Dec 23 15:55:09 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
然而,当我重新启动它时,我得到如下错误,作为一个通知,失败的行是“提交”。谁能帮我指出错误在哪里?提前谢谢
[root@fabulous ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 20 failed
[FAILED]
我想说,这一行中缺少
-m TCP
:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
您通常可以通过iptables restore
自己应用规则获得一些线索:
iptables-restore < /etc/sysconfig/iptables
您正在为tcp模块指定udp协议。你可能是说:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
我也有同样的问题,那是因为我在提交之前有一个空间。您必须删除该空间,所有内容都将完美运行(我希望您如此)。Elias Missaoui。我也有同样的问题,因为
Hi@leucos,当我更新行
-A RH-Firewall-1-INPUT-m state-state NEW-m tcp-p tcp-dport 21-j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT