Linux
為 Samba 共享配置 IPTABLE 的問題
我正在嘗試在我的 CentOS 6 伺服器上配置 Samba,以便只有 3 個 IP 地址可以訪問 Samba 共享。由於某種原因,我的 iptable 配置錯誤。我檢查了第 11-15 行,每行都有問題,我認為這是同一個問題。有人可以看到我的問題嗎?
[user_sa@host ~]$ sudo cat -n /etc/sysconfig/iptables 1 # Firewall configuration written by system-config-firewall 2 # Manual customization of this file is not recommended. 3 *filter 4 :INPUT ACCEPT [0:0] 5 :FORWARD ACCEPT [0:0] 6 :OUTPUT ACCEPT [0:0] 7 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 8 -A INPUT -p icmp -j ACCEPT 9 -A INPUT -i lo -j ACCEPT 10 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT 11 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT 12 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT 13 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT 14 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT 15 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT 16 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT 17 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT 18 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT 19 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT 20 -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT 21 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT 22 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT 23 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT 24 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT 25 -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT 26 -A INPUT -j REJECT --reject-with icmp-host-prohibited 27 -A FORWARD -j REJECT --reject-with icmp-host-prohibited 28 COMMIT [user_sa@host ~]$ sudo service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: iptables-restore: line 11 failed [FAILED]
4 :INPUT ACCEPT [0:0] 5 :FORWARD ACCEPT [0:0] 6 :OUTPUT ACCEPT [0:0] (snip) 11 -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
您正在使用未定義的鏈 (
RH-Firewall-1-INPUT
)。似乎您
ACCEPT
從某個網站複製/粘貼了規則,卻不了解它的實際作用。這……不是個好主意。無論新資訊的來源如何,請始終嘗試自己進行研究,以了解這些命令在使用它們之前的實際作用。