Linux

為 Samba 共享配置 IPTABLE 的問題

  • October 31, 2015

我正在嘗試在我的 CentOS 6 伺服器上配置 Samba,以便只有 3 個 IP 地址可以訪問 Samba 共享。由於某種原因,我的 iptable 配置錯誤。我檢查了第 11-15 行,每行都有問題,我認為這是同一個問題。有人可以看到我的問題嗎?

[user_sa@host ~]$ sudo cat -n /etc/sysconfig/iptables
    1  # Firewall configuration written by system-config-firewall
    2  # Manual customization of this file is not recommended.
    3  *filter
    4  :INPUT ACCEPT [0:0]
    5  :FORWARD ACCEPT [0:0]
    6  :OUTPUT ACCEPT [0:0]
    7  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    8  -A INPUT -p icmp -j ACCEPT
    9  -A INPUT -i lo -j ACCEPT
   10  -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
   11  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
   12  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
   13  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
   14  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
   15  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
   16  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
   17  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
   18  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
   19  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
   20  -A RH-Firewall-1-INPUT -s 192.168.1.115/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
   21  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
   22  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
   23  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
   24  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
   25  -A RH-Firewall-1-INPUT -s 192.168.1.116/32 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
   26  -A INPUT -j REJECT --reject-with icmp-host-prohibited
   27  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
   28  COMMIT
[user_sa@host ~]$ sudo service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules: iptables-restore: line 11 failed
                                                      [FAILED]
4  :INPUT ACCEPT [0:0]
5  :FORWARD ACCEPT [0:0]
6  :OUTPUT ACCEPT [0:0]
(snip)    
11  -A RH-Firewall-1-INPUT -s 192.168.1.114/32 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

您正在使用未定義的鏈 ( RH-Firewall-1-INPUT)。

似乎您ACCEPT從某個網站複製/粘貼了規則,卻不了解它的實際作用。這……不是個好主意。無論新資訊的來源如何,請始終嘗試自己進行研究,以了解這些命令在使用它們之前的實際作用。

引用自:https://serverfault.com/questions/733015