linux防火墙相关

最新推荐文章于 2024-07-03 10:14:47 发布
最新推荐文章于 2024-07-03 10:14:47 发布
阅读量338 收藏
点赞数
分类专栏: linux相关知识总结
原文链接:https://www.cnblogs.com/morgan363/p/11813092.html
版权

CentOS7 执行 service iptables save 报错 The service command supports only basic LSB actions xxxxxx

现象描述

在 CentOS 7.6.1810 下执行 service iptables save 命令,出现如下错误:

[root@test ~]# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

原因
从 CentOS 7.x 开始,CentOS 开始使用 systemd 服务来代替 daemon,原来管理系统启动和管理系统服务的相关命令全部由 systemctl 命令来代替。service 命令之保留了极少部分使用,大部分命令都要改用 systemctl 命令来使用。
在 RHEL 7 和 CentOS 7 中, firewalld 被引入来管理 iptables。

解决方案
首先停止防火墙:

systemctl stop firewalld
systemctl mask firewalld

在 CentOS 7 和 RHEL 7 中,没有 /etc/sysconfig/iptables 这个配置文件,也不能执行 service iptables restart 命令,需要通过安装 iptables-services 才有。

[root@test ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@test ~]# rpm -qa|grep iptables
iptables-1.4.21-28.el7.x86_64
[root@test ~]# yum -y install iptables-services

  然后就可以使用 service  iptables [start | stop | restart | save ....] 命令。

这样就可以保存防火墙规则了

[root@test ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@test ~]# ll /etc/sysconfig/iptables
-rw-------. 1 root root 6479 Nov  7 04:00 /etc/sysconfig/iptables

或者 使用如下命令

[root@test ~]# /usr/libexec/iptables/iptables.init save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

延伸知识

  CentOS 7 中没有 service iptables save 指令来保存防火墙规则,怎么处理的呢?
   解决办法:

systemctl stop firewalld             # 关闭防火墙
yum -y install iptables-services     # 安装 iptables 服务
systemctl enable iptables            # 设置 iptables 服务开机启动
systemctl start iptables             # 启动 iptables 服务
service iptables save                # 保存 iptables 配置
service iptables restart             # 重启 iptables 服务

[root@test ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 14s ago
  Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 85040 (code=exited, status=0/SUCCESS)

Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables...
Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [  OK  ]
Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables.

[root@test ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 24s ago
  Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 85040 (code=exited, status=0/SUCCESS)

Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables...
Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [  OK  ]
Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables.

注意: firewalld 和 iptables 两种不同的防火墙规则的配置方式,不能同时启动。

示例1: 使用 systemctl start firewalld 启动的防火墙

[root@docker01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-11-07 04:20:58 EST; 2min 5s ago
     Docs: man:firewalld(1)
 Main PID: 86122 (firewalld)
    Tasks: 2
   Memory: 21.6M
   CGroup: /system.slice/firewalld.service
           └─86122 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT' failed...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' f...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?).
Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name.
Hint: Some lines were ellipsized, use -l to show in full.

[root@docker01 ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2019-11-07 04:20:57 EST; 3min 23s ago
  Process: 86123 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
  Process: 85907 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 85907 (code=exited, status=0/SUCCESS)

Nov 07 04:18:38 docker01 systemd[1]: Starting IPv4 firewall with iptables...
Nov 07 04:18:38 docker01 systemd[1]: Started IPv4 firewall with iptables.
Nov 07 04:20:57 docker01 systemd[1]: Stopping IPv4 firewall with iptables...
Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Setting chains to policy ACCEPT: filter [  OK  ]
Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Flushing firewall rules: [  OK  ]
Nov 07 04:20:57 docker01 systemd[1]: Stopped IPv4 firewall with iptables.

示例2: 使用 service iptables start 启动的防火墙

[root@docker01 ~]# service iptables start
Redirecting to /bin/systemctl start iptables.service
[root@docker01 ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Thu 2019-11-07 04:31:00 EST; 5s ago
  Process: 87000 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
  Process: 87101 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 87101 (code=exited, status=0/SUCCESS)

Nov 07 04:31:00 docker01 systemd[1]: Starting IPv4 firewall with iptables...
Nov 07 04:31:00 docker01 iptables.init[87101]: iptables: Applying firewall rules: [  OK  ]
Nov 07 04:31:00 docker01 systemd[1]: Started IPv4 firewall with iptables.

[root@docker01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2019-11-07 04:29:12 EST; 2min 7s ago
     Docs: man:firewalld(1)
  Process: 86122 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 86122 (code=exited, status=0/SUCCESS)

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?).
Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name.
Nov 07 04:29:11 docker01 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Nov 07 04:29:12 docker01 systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
爱吃猫的鱼666
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
linux防火墙 中文版.pdf
06-03
linux防火墙 中文版.pdf
Linux防火墙思维导图.xmind
05-23
linux防火墙知识:利用思维导图的形式(包括举例),一张图进行全部详解 1.何为防火墙?2.防火墙的分类 3.iptables原理 4.防火墙顺序 5.iptables语法规则
centos7安装docker报错iptables v1.4.21: Couldn‘t load target `DOCKER-ISOLATION‘
weixin_38879931的博客
07-01 3756
最近在学习docker过程中,第一步docker启动,就遇到了问题,按照官网步骤安装完成后,进行启动,报错:iptables v1.4.21: Couldn’t load target `DOCKER-ISOLATION’,具体如下: 刚开始,将防火墙进行关闭,确实能够启动 但是总觉得,问题不在这里,经过查找发现,在centos7中,使用firewall代替了iptables,解决本次问题,还是将firewall关掉,启用iptables 问题解决!记录一下,以便于日后学习...
docker 端口映射错误解决方法
weixin_33696822的博客
04-12 263
今天搞了半天shipyard,在网页上打开时无法显示容器和镜像,最后发现是docker端口映射错误,由于防火墙未关闭: 4月 12 18:51:29 localhost firewalld[757]: 2018-04-12 18:51:29 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -C POSTROUT...
WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER
SB_YYGY_FHVK的博客
02-13 9518
WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLAT firewall-cmd --permanent --zone=trusted --change-interface=docker0 firewall-cmd --permanent --zone=trusted --add-port=4...
firewall导致docker启动失败问题小记
最新发布
qq_29269479的博客
07-03 239
docker0网卡在trusted (active)的zone里,为啥会在这个zone里也没人操作,所以不明白,不理解。看来是重启大法好使,具体为什么reload之后没有生效就不深究了。那就把docker0网卡改到他应该在的dockerzone里。和journalctl -xe报错信息差不错。/var/log/messages日志信息。试了一下重启firewalld服务。可以看出防火墙规则有一个疑问点。根据报错信息是防火墙在捣鬼。查看防火墙zone规则。具体报错还是和上面一样。
记一次docker启动失败问题
YHD1996的博客
02-20 687
问题是怎么出现的不太清楚,过年回来发现公司测试服务器死机了, 重新启动服务器发现docker启动不了 ,问题解决了再次记录一下。
利用linux防火墙实现IP访问控制
09-28
自己总结的linuxe下通过linux防火墙软件实现对ip源目地址的访问控制,希望可以帮助到需要的朋友
Linux防火墙-firewalld
01-09
1、基本使用 启动: systemctl start firewalld 查看状态: systemctl status firewalld 停止: systemctl disable firewalld 禁用: systemctl stop firewalld 2、Centos7操作 1、启动一个服务 ...
linux防火墙设置
05-22
简单 好用 linux防火墙设置命令 linux防火墙设置命令 linux防火墙设置命令 linux防火墙设置命令 简单 好用
Centos7安装Docker后无法启动:Failed to program NAT chain: INVALID_ZONE: docker
得未曾有 心净踊跃
01-19 6478
现象 安装Docker官方给出的文档进行安装,都没有什么问题: 直到我执行sudo systemctl start docker时, 报错: Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details. 接着我执行systemctl status docker.se
linux7启动防火墙命令,Linux 7.7 中查看防火墙,关闭,开启命令
weixin_35033679的博客
04-29 526
[root@yuandong2019 ~]# systemctl stop firewalld.service[root@yuandong2019 ~]# systemctl disable firewalld.service[root@yuandong2019 ~]# systemctl status firewalld.service● firewalld.service - firewall...
Centos7防火墙操作
weixin_30627381的博客
03-06 551
启动防火墙:systemctl start firewalld.service 关闭防火墙:systemctl stop firewalld.service 重启防火墙:systemctl restart firewalld.service 显示防火墙服务状态:systemctl status firewalld.service 在开机时启用防火墙服务:systemctl ena...
CentOS 安装Tomcat
天河有尽后为涯,星海无边前作岸。
07-09 349
这里的解压缩方式与 Windows 的解压缩方式是一个概念,都是将文件解压到指定文件夹然后运行。这种方式相比rpm方式要繁琐一点,因为有解压缩这一步骤,但对系统的侵入性是最低的,因此一般也称为绿色安装。这里使用安装 Tomcat 作为示例。
Docker 启动RabbitMQ 服务,外部不能正常访问
zhouzhiwengang的专栏
08-01 4086
重点关注错误日志2022-06-18000401WARNINGCOMMAND_FAILED'/usr/sbin/iptables-w10-DFORWARD-idocker0-odocker0-jDROP'failediptablesBadrule(doesamatchingruleexistinthatchain?3、修改docker.service服务,禁用修改iptables.核心指令tail/var/log/firewalld。...
CentOS7 firewall-cmd Docker报错iptables failed: iptables --wait -t filter -A DOCKER
evandeng2009
03-27 5661
CentOS7关闭 firewalld 情况下创建运行重启带映射宿主机端口的容器没问题。一旦开启了 firewalld 之后尝试docker restart container就报如下错误: Error response from daemon: driver failed programming external connectivity on endpoint grafana (7c185cc...
学习笔记之iptables(二)
Ghost_02的博客
01-14 680
1.linux防火墙的显示扩展 前面的有关防火墙的博客地址点击打开链接
Linux防火墙相关命令
07-20
Linux 防火墙命令有以下几个常用的: - `iptables`:linux 下常用的防火墙命令,可以用来设置规则、查看现有规则等。 - `firewall-cmd` :常用于CentOS/Fedora 系统的防火墙命令。 - `ufw`: Ubuntu系统下的防火墙...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值