我正在尝试在我的 CentOS 6 服务器上配置 Samba,以便只有 3 个 IP 地址可以访问 Samba 共享。由于某种原因,我的 iptable 配置错误。我检查了第 11-15 行,每行都有问题,我认为这是同一个问题。有人可以看到我的问题吗?
[user_sa@host ~]$ sudo cat -n /etc/sysconfig/iptables
1 # Firewall configuration written by system-config-firewall
2 # Manual customization of this file is not recommended.
3 *filter
4 :INPUT ACCEPT [0:0]
5 :FORWARD ACCEPT [0:0]
6 :OUTPUT ACCEPT [0:0]
7 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
8 -A INPUT -p icmp -j ACCEPT
9 -A INPUT -i lo -j ACCEPT
10 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
11 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
12 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
13 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
14 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
15 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
16 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
17 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
18 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
19 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
20 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
21 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
22 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
23 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
24 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
25 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
26 -A INPUT -j REJECT --reject-with icmp-host-prohibited
27 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
28 COMMIT
[user_sa@host ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 11 failed
[FAILED]
您正在使用未定义的链 (
RH-Firewall-1-INPUT
)。似乎您
ACCEPT
从某个网站复制/粘贴了规则,却不了解它的实际作用。这……不是个好主意。无论新信息的来源如何,请始终尝试自己进行研究,以了解这些命令在使用它们之前的实际作用。