Domain-Name-System
將 dns 埠添加到 iptables 但它沒有打開 CentOS 7
我將dns伺服器埠添加到iptables,當我檢查它時,甚至命名服務也在監聽它,
netstat
但是當我從外部檢查埠時它已關閉。iptables -n -L => 輸出:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
netstat -lnp => 輸出:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 11222/named tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 652/master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1357/nginx: master tcp 0 0 123.123.123.123:53 0.0.0.0:* LISTEN 11222/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 11222/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 585/sshd tcp6 0 0 ::1:953 :::* LISTEN 11222/named tcp6 0 0 ::1:25 :::* LISTEN 652/master tcp6 0 0 :::3306 :::* LISTEN 10529/mysqld tcp6 0 0 :::80 :::* LISTEN 1357/nginx: master tcp6 0 0 :::53 :::* LISTEN 11222/named tcp6 0 0 :::22 :::* LISTEN 585/sshd udp 0 0 123.123.123.123:53 0.0.0.0:* 11222/named udp 0 0 127.0.0.1:53 0.0.0.0:* 11222/named udp6 0 0 :::53 :::* 11222/named Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 11177 652/master private/verify unix 2 [ ACC ] STREAM LISTENING 11180 652/master public/flush unix 2 [ ACC ] STREAM LISTENING 11183 652/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 11186 652/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 27726 10529/mysqld /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 11189 652/master private/smtp unix 2 [ ACC ] STREAM LISTENING 11192 652/master private/relay unix 2 [ ACC ] STREAM LISTENING 11195 652/master public/showq unix 2 [ ACC ] STREAM LISTENING 11198 652/master private/error unix 2 [ ACC ] STREAM LISTENING 11201 652/master private/retry unix 2 [ ACC ] STREAM LISTENING 11204 652/master private/discard unix 2 [ ACC ] STREAM LISTENING 11272 325/acpid /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 11207 652/master private/local unix 2 [ ACC ] STREAM LISTENING 11210 652/master private/virtual unix 2 [ ACC ] STREAM LISTENING 11213 652/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 11216 652/master private/anvil unix 2 [ ACC ] STREAM LISTENING 11219 652/master private/scache unix 2 [ ACC ] STREAM LISTENING 14096 1082/php-fpm: maste /run/php-fpm/php-fpm.sock unix 2 [ ACC ] STREAM LISTENING 11151 652/master public/pickup unix 2 [ ACC ] STREAM LISTENING 9051 1/systemd /var/run/dbus/system_bus_socket unix 2 [ ACC ] SEQPACKET LISTENING 13690 1/systemd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 13253 1/systemd /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 7127 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 11155 652/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 11158 652/master public/qmgr unix 2 [ ACC ] STREAM LISTENING 11162 652/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 11165 652/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 11168 652/master private/bounce unix 2 [ ACC ] STREAM LISTENING 11171 652/master private/defer unix 2 [ ACC ] STREAM LISTENING 11174 652/master private/trace
任何想法如何解決這個問題?
要修復,您必須執行以下操作:
iptables-save > temp.ruleset vi temp.ruleset
找到帶有 的行
-j REJECT
,只有一個。將它向下移動兩行,在兩個 udp 規則下方。
保存
:wq
。重新載入編輯的規則集
iptables-restore < temp.ruleset
請在將來添加規則
iptables -I (rule position number)
而不是 withiptables -A
,因為您正在使用此輸入拒絕規則阻止任何低於它的內容將被阻止。