我正在尝试将 iptables 更改为以下内容
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:30000
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
当我运行 /sbin/iptables-restore < /etc/iptables.up.rules 命令时,我收到以下消息:
iptables-restore:第 1 行失败
有人能给我一些建议吗?谢谢
答案1
您发布的是 的输出iptables -L,并且不是 iptables 的有效格式。您需要做的是使用iptables-save获取格式正确的规则集的副本。
答案2
您能告诉我们 /etc/iptables.up.rules 第 1 行的内容吗?看来该文件被覆盖为非 /sbin/iptables-save 格式。
另一个选择是您需要使用 sudo 来执行恢复命令。