主页 / ubuntu / 问题 / 1243851
Accepted
catalin
Asked: 2020-05-27 05:18:14 +0800 CST

netfilter-persistent 和 iptables 故障

  • 772

希望在 ubuntu 18.04 上使用 iptables,我删除了 ufw 并安装了 iptables-persistent netfilter-persistent。编辑 /etc/iptables/rules.v4 并尝试启动 netfilter-persistent 服务。它正在工作,但最后的退出状态不是 0,可能是停止服务时出现问题。

iptables -nL 输出:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  192.168.1.129        0.0.0.0/0            tcp dpt:22
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

服务状态:

root@my-server:/etc/iptables# systemctl status netfilter-persistent
● netfilter-persistent.service - netfilter persistent configuration
   Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
   Active: active (exited) since Tue 2020-05-26 12:39:17 UTC; 19min ago
  Process: 4402 ExecStop=/usr/sbin/netfilter-persistent stop (code=exited, status=1/FAILURE)
  Process: 4408 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS)
 Main PID: 4408 (code=exited, status=0/SUCCESS)


May 26 12:39:17 my-webserver systemd[1]: Starting netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
May 26 12:39:17 my-webserver systemd[1]: Started netfilter persistent configuration.

journalctl -e -u netfilter-persistent.service

May 26 12:39:01 my-webserver systemd[1]: Started netfilter persistent configuration.
May 26 12:39:17 my-webserver systemd[1]: Stopping netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4402]: Automatic flush disabled; use '/usr/sbin/netfilter-persistent flush'
May 26 12:39:17 my-webserver systemd[1]: netfilter-persistent.service: Control process exited, code=exited status=1
May 26 12:39:17 my-webserver systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
May 26 12:39:17 my-webserver systemd[1]: Stopped netfilter persistent configuration.
May 26 12:39:17 my-webserver systemd[1]: Starting netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
May 26 12:39:17 my-webserver systemd[1]: Started netfilter persistent configuration.
iptables firewall

1 个回答

  1. Best Answer

    所以问题出在 systemctl 命令调用的脚本上。服务:

    /lib/systemd/system/netfilter-persistent.service

    服务文件使用“ stop ”参数调用/usr/sbin/netfilter-persistent脚本。

    剪辑:

    stop)
    if [ ${FLUSH_ON_STOP} -gt 0 ]; then
        run_plugins flush
    else
        echo "Automatic flush disabled; use '${0} flush'"
        exit 1
    fi
    ;;

    因此,它进入else条件并以状态1退出,回显“禁用自动刷新;使用 /usr/sbin/netfilter-persistent flush”。我不知道,这是否会在防火墙级别引起一些问题。

    • 1

相关问题