Debian
在 Debian 中重啟後 iptables 沒有恢復新規則
我嘗試了許多類似的問題,如下所示,在我的例子中,我在VirtualBox中使用了帶有****Debian OS的 VM :
- https://serverfault.com/questions/129086/how-to-start-stop-iptables-on-ubuntu
- 為什麼重啟我的 Debian 系統時 iptables 規則會消失?
- https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
我試圖
iptables用這些命令刷新規則:sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT跟隨這些命令:
sudo iptables -t nat -F sudo iptables -t mangle -F sudo iptables -F sudo iptables -X我試圖:
iptables-save > /etc/iptables/rules.v4 iptables-save > /etc/iptables/rules.v6當我重新啟動機器時,它又回到了舊規則……我仍然有相同的規則。我嘗試使用
iptables-save,我收到了這些消息。# Generated by iptables-save v1.4.21 on Wed Mar 28 03:44:14 2018 *nat :PREROUTING ACCEPT [127:23299] :INPUT ACCEPT [14:1996] :OUTPUT ACCEPT [32:1947] :POSTROUTING ACCEPT [32:1947] :OUTPUT_direct - [0:0] :POSTROUTING_ZONES - [0:0] :POSTROUTING_ZONES_SOURCE - [0:0] :POSTROUTING_direct - [0:0] :POST_public - [0:0] :POST_public_allow - [0:0] :POST_public_deny - [0:0] :POST_public_log - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_ZONES_SOURCE - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES_SOURCE -A PREROUTING -j PREROUTING_ZONES -A OUTPUT -j OUTPUT_direct -A POSTROUTING -j POSTROUTING_direct -A POSTROUTING -j POSTROUTING_ZONES_SOURCE -A POSTROUTING -j POSTROUTING_ZONES -A POSTROUTING_ZONES -g POST_public -A POST_public -j POST_public_log -A POST_public -j POST_public_deny -A POST_public -j POST_public_allow -A PREROUTING_ZONES -g PRE_public -A PRE_public -j PRE_public_log -A PRE_public -j PRE_public_deny -A PRE_public -j PRE_public_allow COMMIT # Completed on Wed Mar 28 03:44:14 2018 # Generated by iptables-save v1.4.21 on Wed Mar 28 03:44:14 2018 *mangle :PREROUTING ACCEPT [4925:1051078] :INPUT ACCEPT [4925:1051078] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4791:1080206] :POSTROUTING ACCEPT [4791:1080206] :FORWARD_direct - [0:0] :INPUT_direct - [0:0] :OUTPUT_direct - [0:0] :POSTROUTING_direct - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_ZONES_SOURCE - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES_SOURCE -A PREROUTING -j PREROUTING_ZONES -A INPUT -j INPUT_direct -A FORWARD -j FORWARD_direct -A OUTPUT -j OUTPUT_direct -A POSTROUTING -j POSTROUTING_direct -A PREROUTING_ZONES -g PRE_public -A PRE_public -j PRE_public_log -A PRE_public -j PRE_public_deny -A PRE_public -j PRE_public_allow COMMIT # Completed on Wed Mar 28 03:44:14 2018 # Generated by iptables-save v1.4.21 on Wed Mar 28 03:44:14 2018 *security :INPUT ACCEPT [4826:1030935] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4814:1084121] :FORWARD_direct - [0:0] :INPUT_direct - [0:0] :OUTPUT_direct - [0:0] -A INPUT -j INPUT_direct -A FORWARD -j FORWARD_direct -A OUTPUT -j OUTPUT_direct COMMIT # Completed on Wed Mar 28 03:44:14 2018 # Generated by iptables-save v1.4.21 on Wed Mar 28 03:44:14 2018 *raw :PREROUTING ACCEPT [4949:1054264] :OUTPUT ACCEPT [4815:1084545] :OUTPUT_direct - [0:0] :PREROUTING_direct - [0:0] -A PREROUTING -j PREROUTING_direct -A OUTPUT -j OUTPUT_direct COMMIT # Completed on Wed Mar 28 03:44:14 2018 # Generated by iptables-save v1.4.21 on Wed Mar 28 03:44:14 2018 *filter :INPUT ACCEPT [2653:591941] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2649:609004] COMMIT # Completed on Wed Mar 28 03:44:14 2018我想要的就像下面的規則。我已將我的設置
rules.v4為這些命令:# Generated by iptables-save v1.4.21 on Tue Mar 27 02:48:59 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Tue Mar 27 02:48:59 2018但是每當我重新啟動系統時,我總是得到以前的規則……
我的配置可能出了什麼問題?我錯過了什麼嗎?
我已經嘗試解除安裝
iptables-persistent並重新安裝它,但我仍然得到相同的規則……
使用以下命令保存 IPV6 表:
ip6tables-save > /etc/iptables/rules.v6要恢復 IPV6 表,請使用:
ip6tables-restore < /etc/iptables/rules.v6該命令
iptables-save僅iptables-restore用於管理 IPV4 表。見
man iptables-save:iptables-save — dump iptables rules to stdout ip6tables-save — dump iptables rules to stdout和
man iptables-restoreiptables-restore — Restore IP Tables ip6tables-restore — Restore IPv6 Tables