|
在ttlsa迁移到靠谱云以前服务器用的是linode,目前还有一些站点依旧使用linode,算算看,我也是linode的忠实用户。有时候在重启iptables的时候总是会出现iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter ,想想没什么影响就放着,但是终究是我终究是个强迫症患者,决定修复他。
错误重现
[root@li254-129 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
错误原因
Linode官方在iptables里加了一个security的规则链,但是centos不支持,既然不支持,我就做点手脚吧。
解决iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
找到如下case段,在raw后面加上security)段,修改后如下。 # vim /etc/init.d/iptables
for i in $tables; do
echo -n "$i "
case "$i" in
raw)
$IPTABLES -t raw -P PREROUTING $policy \
&& $IPTABLES -t raw -P OUTPUT $policy \
|| let ret+=1
;;
security)
$IPTABLES -t filter -P INPUT $policy \
&& $IPTABLES -t filter -P OUTPUT $policy \
&& $IPTABLES -t filter -P FORWARD $policy \
|| let ret+=1
;;
重启iptables
[root@li254-129 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[ OK ]filter
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
呵呵,问题搞定了~ |
发表于 2023-7-16 00:00:00
