CentOS7 執行 service iptables save 報錯 The service command supports only basic LSB actions xxxxxx

時間  2020-12-27
標籤 python docker spa rest code blog get 欄目 Tomcat 简体版
原文   原文鏈接

 

現象描述

      在 CentOS 7.6.1810 下執行 service iptables save 命令,出現以下錯誤:python

[root@test ~]# service iptables save The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

 

緣由

      從 CentOS 7.x 開始,CentOS 開始使用 systemd 服務來代替 daemon,原來管理系統啓動和管理系統服務的相關命令所有由 systemctl 命令來代替。service 命令之保留了極少部分使用,大部分命令都要改用 systemctl 命令來使用。docker

     在 RHEL 7 和 CentOS 7 中, firewalld 被引入來管理 iptables。spa

 

解決方案

      首先中止防火牆:rest

systemctl stop firewalld
systemctl mask firewalld

  

      在 CentOS 7 和 RHEL 7 中,沒有 /etc/sysconfig/iptables 這個配置文件,也不能執行 service iptables restart 命令,須要經過安裝 iptables-services 纔有。code

[root@test ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@test ~]# rpm -qa|grep iptables iptables-1.4.21-28.el7.x86_64 [root@test ~]# yum -y install iptables-services

      而後就能夠使用 service  iptables [start | stop | restart | save ....] 命令。blog

# 這樣就能夠保存防火牆規則了
[root@test ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@test ~]# ll /etc/sysconfig/iptables -rw-------. 1 root root 6479 Nov  7 04:00 /etc/sysconfig/iptables

# 或者 使用以下命令
[root@test ~]# /usr/libexec/iptables/iptables.init save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

 

 

延伸知識

      CentOS 7 中沒有 service iptables save 指令來保存防火牆規則,怎麼處理的呢?ip

       解決辦法:get

systemctl stop firewalld # 關閉防火牆 yum -y install iptables-services # 安裝 iptables 服務 systemctl enable iptables # 設置 iptables 服務開機啓動 systemctl start iptables  # 啓動 iptables 服務 service iptables save  # 保存 iptables 配置 service iptables restart  # 重啓 iptables 服務

 

[root@test ~]# systemctl status iptables  iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 14s ago Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 85040 (code=exited, status=0/SUCCESS) Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables... Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [ OK ] Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables. [root@test ~]# service iptables status Redirecting to /bin/systemctl status iptables.service  iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 24s ago Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 85040 (code=exited, status=0/SUCCESS) Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables... Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [ OK ] Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables.

 

 注意:  firewalld 和 iptables 兩種不一樣的防火牆規則的配置方式,不能同時啓動。it

 

示例1: 使用 systemctl start firewalld 啓動的防火牆io

[root@docker01 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-11-07 04:20:58 EST; 2min 5s ago Docs: man:firewalld(1) Main PID: 86122 (firewalld) Tasks: 2 Memory: 21.6M CGroup: /system.slice/firewalld.service └─86122 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT' failed...t chain?). Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' f...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?). Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?). Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name. Hint: Some lines were ellipsized, use -l to show in full.  [root@docker01 ~]# service iptables status Redirecting to /bin/systemctl status iptables.service ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: inactive (dead) since Thu 2019-11-07 04:20:57 EST; 3min 23s ago Process: 86123 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS) Process: 85907 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 85907 (code=exited, status=0/SUCCESS) Nov 07 04:18:38 docker01 systemd[1]: Starting IPv4 firewall with iptables... Nov 07 04:18:38 docker01 systemd[1]: Started IPv4 firewall with iptables. Nov 07 04:20:57 docker01 systemd[1]: Stopping IPv4 firewall with iptables... Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Setting chains to policy ACCEPT: filter [ OK ] Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Flushing firewall rules: [ OK ] Nov 07 04:20:57 docker01 systemd[1]: Stopped IPv4 firewall with iptables.

 

 示例2: 使用 service iptables start 啓動的防火牆

[root@docker01 ~]# service iptables start Redirecting to /bin/systemctl start iptables.service [root@docker01 ~]# service iptables status Redirecting to /bin/systemctl status iptables.service  iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: active (exited) since Thu 2019-11-07 04:31:00 EST; 5s ago Process: 87000 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS) Process: 87101 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 87101 (code=exited, status=0/SUCCESS) Nov 07 04:31:00 docker01 systemd[1]: Starting IPv4 firewall with iptables... Nov 07 04:31:00 docker01 iptables.init[87101]: iptables: Applying firewall rules: [ OK ] Nov 07 04:31:00 docker01 systemd[1]: Started IPv4 firewall with iptables. [root@docker01 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Thu 2019-11-07 04:29:12 EST; 2min 7s ago Docs: man:firewalld(1) Process: 86122 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 86122 (code=exited, status=0/SUCCESS) Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).
Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?). Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name. Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?). Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name. Nov 07 04:29:11 docker01 systemd[1]: Stopping firewalld - dynamic firewall daemon... Nov 07 04:29:12 docker01 systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程