由于希望在 ubuntu 18.04 上使用 iptables,我删除了 ufw 并安装了 iptables-persistent netfilter-persistent。编辑了 /etc/iptables/rules.v4 并尝试启动 netfilter-persistent 服务。它正在运行,但最后的退出状态不是 0,可能是在停止服务时出了问题。
iptables -nL 输出:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 192.168.1.129 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
服务状态:
root@my-server:/etc/iptables# systemctl status netfilter-persistent
● netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2020-05-26 12:39:17 UTC; 19min ago
Process: 4402 ExecStop=/usr/sbin/netfilter-persistent stop (code=exited, status=1/FAILURE)
Process: 4408 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS)
Main PID: 4408 (code=exited, status=0/SUCCESS)
May 26 12:39:17 my-webserver systemd[1]: Starting netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
May 26 12:39:17 my-webserver systemd[1]: Started netfilter persistent configuration.
journalctl -e -u netfilter-persistent.service
May 26 12:39:01 my-webserver systemd[1]: Started netfilter persistent configuration.
May 26 12:39:17 my-webserver systemd[1]: Stopping netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4402]: Automatic flush disabled; use '/usr/sbin/netfilter-persistent flush'
May 26 12:39:17 my-webserver systemd[1]: netfilter-persistent.service: Control process exited, code=exited status=1
May 26 12:39:17 my-webserver systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'.
May 26 12:39:17 my-webserver systemd[1]: Stopped netfilter persistent configuration.
May 26 12:39:17 my-webserver systemd[1]: Starting netfilter persistent configuration...
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
May 26 12:39:17 my-webserver netfilter-persistent[4408]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
May 26 12:39:17 my-webserver systemd[1]: Started netfilter persistent configuration.
答案1
因此问题出在由 systemctl 命令调用的脚本上。服务:
/lib/systemd/system/netfilter-persistent.service
服务文件正在调用/usr/sbin/netfilter-持久性脚本与“停止“ 争论。
剪辑:
stop)
if [ ${FLUSH_ON_STOP} -gt 0 ]; then
run_plugins flush
else
echo "Automatic flush disabled; use '${0} flush'"
exit 1
fi
;;
因此,它进入别的条件并退出状态1回显“自动刷新已禁用;使用 /usr/sbin/netfilter-persistent flush”。我不知道这是否会在防火墙级别引起一些问题。