我正在尝试在 CentOS 6 服务器上配置 Samba,以便只有 3 个 IP 地址可以访问 Samba 共享。由于某种原因,我的 iptable 配置是错误的。我检查了第 11-15 行,每行都有问题,我认为是同一个问题。有人能看到我的问题吗?
[user_sa@host ~]$ sudo cat -n /etc/sysconfig/iptables
1 # Firewall configuration written by system-config-firewall
2 # Manual customization of this file is not recommended.
3 *filter
4 :INPUT ACCEPT [0:0]
5 :FORWARD ACCEPT [0:0]
6 :OUTPUT ACCEPT [0:0]
7 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
8 -A INPUT -p icmp -j ACCEPT
9 -A INPUT -i lo -j ACCEPT
10 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
11 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
12 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
13 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
14 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
15 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
16 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
17 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
18 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
19 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
20 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
21 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
22 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
23 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
24 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
25 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
26 -A INPUT -j REJECT --reject-with icmp-host-prohibited
27 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
28 COMMIT
[user_sa@host ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 11 failed
[FAILED]
答案1
4 :INPUT ACCEPT [0:0]
5 :FORWARD ACCEPT [0:0]
6 :OUTPUT ACCEPT [0:0]
(snip)
11 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
您正在使用未定义的链 ( RH-Firewall-1-INPUT
)。
看起来你ACCEPT
从某个网站复制粘贴了这些规则,却没有理解它们到底是干什么的。这……不是一个好主意。无论新信息的来源是什么,在使用命令之前,一定要自己尝试研究,了解它们到底是干什么的。