尝试向 Synology DSM 7.2 上的 iptables 添加 LOG 规则时出现以下错误:
iptables:没有该名称的链/目标/匹配。
验证 LOG 模块是否加载、规则是否有效、链是否存在等等。
似乎不可能添加这条规则,我也不明白为什么。
我尝试了很多可能的根本原因,但似乎没有任何帮助。
root@server:~# iptables -v -I INPUT_FIREWALL 1 -m limit --limit 2/min -j LOG --log-prefix '--Firewall--' --log-level notice
LOG all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 2/min burst 5 LOG flags 0 level 5 prefix "--Firewall--"
LOG all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 2/min burst 5 LOG flags 0 level 5 prefix "--Firewall--"
iptables: No chain/target/match by that name.
root@server:/ha# cat /proc/net/ip_tables_targets
MARK
DNAT
SNAT
REDIRECT
DNAT
SNAT
MASQUERADE
LOG
ERROR
root@server:/ha# cat /proc/net/ip_tables_names
mangle
nat
filter
root@server:~# iptables -V
iptables v1.8.3 (legacy)
root@server:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 5893 packets, 356K bytes)
pkts bytes target prot opt in out source destination
15M 3850M DOS_PROTECT all -- * * 0.0.0.0/0 0.0.0.0/0
342K 83M INPUT_FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
176K 28M FORWARD_FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
1066K 148M DEFAULT_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 329K packets, 82M bytes)
pkts bytes target prot opt in out source destination
Chain DEFAULT_FORWARD (1 references)
pkts bytes target prot opt in out source destination
1064K 147M DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
1064K 147M DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
1783 520K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
280K 97M DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
782K 50M ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
280K 97M ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.3 tcp dpt:8883
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
782K 50M DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
1064K 147M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
782K 50M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
1064K 147M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOS_PROTECT (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1000/sec burst 5
0 0 DROP icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain FORWARD_FIREWALL (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
164K 26M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 3478,10001
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 6789,8080,8443,8880
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT_FIREWALL (1 references)
pkts bytes target prot opt in out source destination
218K 47M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
97901 30M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 3478,10001
4352 236K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 6789,8080,8443,8880
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:514
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0
19888 4919K DROP all -- * * 0.0.0.0/0 0.0.0.0/0