以下是我的iptables的配置,
[root@fabulous ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Dec 23 15:55:09 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
然而,当我重新启动它时,我收到如下错误,作为通知,失败的行是“COMMIT”。任何人都可以帮助指出错误在哪里?提前谢谢。
[root@fabulous ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 20 failed
[FAILED]
答案 0 :(得分:3)
我想说这行中缺少-m TCP:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
您通常可以通过iptables-restore
iptables-restore < /etc/sysconfig/iptables
编辑:发现它,第11行
-A RH-Firewall-1-INPUT -p udp -m tcp --dport 53 -j ACCEPT
您正在为tcp模块指定udp proto。你可能意味着:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
答案 1 :(得分:0)
我遇到了同样的问题,因为
答案 2 :(得分:-1)
我有同样的问题,因为我在COMMIT之前有一个空格。你必须删除那个空间,一切都会完美运行(我希望你)。 Elias Missaoui。