- 积分
- 26
- 威望
-
- 金钱
-
- 注册时间
- 2011-6-18
- 在线时间
- 小时
- 最后登录
- 1970-1-1
|
重启 iptables 出现这个问题
- /etc/init.d/iptables restart
- Applying iptables firewall rules: iptables-restore v1.3.5: iptables-restore: una ble to initializetable ‘security’ Error occurred at line: 2 Try `iptables-restore -h’ or ‘iptables-restore –help’ for more information. [FAILED]
iptables内容:
- # Generated by iptables-save v1.3.5 on Wed Jan 16 02:43:43 2013
- *nat
- :PREROUTING ACCEPT [1402:289184]
- :POSTROUTING ACCEPT [90:5400]
- :OUTPUT ACCEPT [90:5400]
- COMMIT
- # Completed on Wed Jan 16 02:43:43 2013
- # Generated by iptables-save v1.3.5 on Wed Jan 16 02:43:43 2013
- *filter
- :INPUT ACCEPT [2865:438216]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [2295:495459]
- # 允许本地连接
- -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
- # 允许所有已经建立的和相关的连接
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- # 允许loopback!(不然会导致DNS无法正常关闭、memcached 连接失败等问题)
- -A INPUT -i lo -p all -j ACCEPT
- -A OUTPUT -o lo -p all -j ACCEPT
- -A INPUT -i eth0 -j ACCEPT
- # 允许所有本机向外的访问
- -A OUTPUT -j ACCEPT
- # 允许访问22端口
- -A INPUT -p tcp --syn --dport 22 -j ACCEPT
- -A OUTPUT -p tcp --syn --dport 22 -j ACCEPT
- # 允许访问80端口
- -A INPUT -p tcp --syn --dport 80 -j ACCEPT
- -A OUTPUT -p tcp --syn --dport 80 -j ACCEPT
- # 允许访问443端口
- -A INPUT -p tcp --dport 443 -j ACCEPT
- -A OUTPUT -p tcp --dport 443 -j ACCEPT
- # 允许Ping
- -A INPUT -p icmp -j ACCEPT
- -A OUTPUT -p icmp -j ACCEPT
- # 允许邮件服务的25端口
- -A INPUT -p tcp --syn --dport 25 -j ACCEPT
- -A OUTPUT -p tcp --syn --dport 25 -j ACCEPT
- # 允许FTP服务的21和20端口
- -A INPUT -p tcp --syn --dport 21 -j ACCEPT
- -A OUTPUT -p tcp --syn --dport 21 -j ACCEPT
- -A INPUT -p tcp --syn --dport 20 -j ACCEPT
- -A OUTPUT -p tcp --syn --dport 20 -j ACCEPT
- # 允许DNS服务的53端口
- -A INPUT -p tcp --dport 53 -j ACCEPT
- -A OUTPUT -p tcp --dport 53 -j ACCEPT
- # 丢弃坏的TCP包
- -A FORWARD -p TCP ! --syn -m state --state NEW -j DROP
- # 处理IP碎片数量,防止攻击,允许每秒100个
- -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
- # 设置ICMP包过滤,允许每秒1个包,限制触发条件是10个包.
- -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
- # 禁止非法连接
- -A FORWARD -m state --state INVALID -j DROP
- # 防止SYN攻击 轻量
- -N syn-flood
- -A INPUT -p tcp --syn -j syn-flood
- -A syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j RETURN
- -A syn-flood -j REJECT
- # 防止php-ddos对外udp发包
- -I OUTPUT -p udp --dport 53 -d 208.87.241.170 -j ACCEPT
- -A OUTPUT -p udp -j DROP
- # 拒绝非法连接
- -A INPUT -m state --state INVALID -j DROP
- -A OUTPUT -m state --state INVALID -j DROP
- # 禁止其他未允许的规则访问(注意:如果22端口未加入允许规则,SSH链接会直接断开。)
- -A INPUT -j REJECT
- -A FORWARD -j REJECT
- COMMIT
- # Completed on Wed Jan 16 02:43:43 2013
请问是什么问题引起的呢? |
|
发表于 2013-6-7 09:57:57
发表于 2013-6-7 11:27:26
