我在 Ubuntu 17.04 上安装了 iptables-persistent,以便保留我添加的新规则。我已将更改提交到 /etc/iptables/rules.v4 - 该规则已添加sudo iptables -I INPUT 7 -s 192.168.1.0/24 -i enp37s0 -j ACCEPT。
但是,当我重新启动时,该规则已从 iptables 中清除。该netfilter-persistent.service服务似乎正在运行。重新启动它可以解决问题。有什么想法吗?
adam@numbersix:~$ sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
adam@numbersix:~$ sudo systemctl |grep netfilter
netfilter-persistent.service loaded active exited netfilter persistent configuration
adam@numbersix:~$ sudo systemctl restart netfilter-persistent.service
adam@numbersix:~$ sudo systemctl |grep netfilter
netfilter-persistent.service loaded active exited netfilter persistent configuration
adam@numbersix:~$ sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited**
答案1
使用以下方法保存当前规则:
sudo iptables-save > /etc/iptables.conf
然后通过以下方式加载它们:
iptables-restore < /etc/iptables.conf
您可以将其放入iptables-restore < /etc/iptables.conf您的/etc/rc.local启动器中以便自动加载。