主页 / server / 问题 / 733015
Accepted
Andrew
Asked: 2015-11-01 11:19:00 +0800 CST

为 Samba 共享配置 IPTABLE 的问题

  • 772

我正在尝试在我的 CentOS 6 服务器上配置 Samba,以便只有 3 个 IP 地址可以访问 Samba 共享。由于某种原因,我的 iptable 配置错误。我检查了第 11-15 行,每行都有问题,我认为这是同一个问题。有人可以看到我的问题吗?

[user_sa@host ~]$ sudo cat -n /etc/sysconfig/iptables
     1  # Firewall configuration written by system-config-firewall
     2  # Manual customization of this file is not recommended.
     3  *filter
     4  :INPUT ACCEPT [0:0]
     5  :FORWARD ACCEPT [0:0]
     6  :OUTPUT ACCEPT [0:0]
     7  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
     8  -A INPUT -p icmp -j ACCEPT
     9  -A INPUT -i lo -j ACCEPT
    10  -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    11  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    12  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
    13  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
    14  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
    15  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    16  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    17  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
    18  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
    19  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
    20  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    21  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    22  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
    23  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
    24  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
    25  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    26  -A INPUT -j REJECT --reject-with icmp-host-prohibited
    27  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    28  COMMIT
[user_sa@host ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules: iptables-restore: line 11 failed
                                                       [FAILED]
linux

1 个回答

  1. Best Answer
    4  :INPUT ACCEPT [0:0]
5  :FORWARD ACCEPT [0:0]
6  :OUTPUT ACCEPT [0:0]
(snip)    
11  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

    您正在使用未定义的链 ( RH-Firewall-1-INPUT)。

    似乎您ACCEPT从某个网站复制/粘贴了规则,却不了解它的实际作用。这……不是个好主意。无论新信息的来源如何,请始终尝试自己进行研究,以了解这些命令在使用它们之前的实际作用。

    • 4

相关问题