解决iptables Setting chains to policy ACCEPT: security raw nat[FAILED]filter

凉白开
Linux316,880字数 1307阅读4分21秒阅读模式

 

iptables

linode

在ttlsa迁移到靠谱云以前服务器用的是linode,目前还有一些站点依旧使用linode,算算看,我也是linode的忠实用户。有时候在重启iptables的时候总是会出现iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter ,想想没什么影响就放着,但是终究是我终究是个强迫症患者,决定修复他。文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

错误重现

[root@li254-129 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter 
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

错误原因

Linode官方在iptables里加了一个security的规则链,但是centos不支持,既然不支持,我就做点手脚吧。文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

 文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

解决iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter

找到如下case段,在raw后面加上security)段,修改后如下。文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/ 

# vim /etc/init.d/iptables 
for i in $tables; do
 echo -n "$i "
 case "$i" in
 raw)
 $IPTABLES -t raw -P PREROUTING $policy \
 && $IPTABLES -t raw -P OUTPUT $policy \
 || let ret+=1
 ;;
security)
 $IPTABLES -t filter -P INPUT $policy \
 && $IPTABLES -t filter -P OUTPUT $policy \
 && $IPTABLES -t filter -P FORWARD $policy \
 || let ret+=1
 ;;

 文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

重启iptables

[root@li254-129 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[  OK  ]filter 
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

 文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

呵呵,问题搞定了~文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/ 文章源自运维生存时间-https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/

weinxin
我的微信
微信公众号
扫一扫关注运维生存时间公众号,获取最新技术文章~
凉白开
  • 本文由 发表于 30/11/2014 01:00:33
  • 转载请务必保留本文链接:https://www.ttlsa.com/linux/iptables-setting-chains-to-policy-accept-security-raw-natfailedfilter/
  • iptables
  • linode
  • Linux
  • raw
  • security
评论  3  访客  3
    • Aceslup
      Aceslup 9
      2F

      没用过linode

      • bourne
        bourne 9
        1F

        # vim /etc/init.d/iptables
        for i in $tables; do
        echo -n "$i "
        case "$i" in
        raw)
        $IPTABLES -t raw -P PREROUTING $policy
        && $IPTABLES -t raw -P OUTPUT $policy
        || let ret+=1
        ;;
        security)
        $IPTABLES -t filter -P INPUT $policy
        && $IPTABLES -t filter -P OUTPUT $policy
        && $IPTABLES -t filter -P FORWARD $policy
        || let ret+=1
        ;;
        应该修改成这样吧 博主少了 security)

      评论已关闭!