无聊人士

搬家==》www.soapui.cn
  BlogJava :: 首页 :: 新随笔 :: 联系 :: 聚合  :: 管理 ::
  32 随笔 :: 0 文章 :: 60 评论 :: 0 Trackbacks
在老版本Linux上启用iptables(禁止ipchains)
最近在RH 6.1、COSIX 3.1服务器上配置iptables,被ipchains弄得半死。

iptables需要加入ip_tables模块,但是由于ipchains从中作梗,每次都报错。
[root@cosix-31-oracle-01 /root]# iptables --list
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


开始以为是服务器上安装oracle8i时,降了gcc版本造成的,折腾好几天,无意中在google上用“init_module: Device or resource busy”做关键词google到某个maillist中的提示信息,恍然大悟

首先停掉ipchains服务
#chkconfig --level 345 ipchains off
# service ipchains stop
Flushing all chains: [  OK  ]
Removing user defined chains: [  OK  ]
Resetting built-in chains to the default ACCEPT policy:[  OK  ]
去掉ipchains的模块
# rmmod ipchains

使用vi编辑/etc/sysconfig/iptables文件(具体用哪个文件,要看/etc/rc.d/init.d/iptables脚本)。

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -p 50   -j ACCEPT
-A RH-Firewall-1-INPUT -p 51   -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/24  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 61.138.209.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 61.166.155.0/24 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521         -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -s 61.138.209.0/24 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

启动iptables服务
#service iptables start
Flushing all current rules and user defined chains: [  OK  ]
Clearing all current rules and user defined chains: [  OK  ]
Applying iptables firewall rules:
[  OK  ]
#chkconfig --level 345 iptables on



posted on 2005-11-21 18:58 mmwy 阅读(1558) 评论(0)  编辑  收藏 所属分类: 系统管理

只有注册用户登录后才能发表评论。
网站导航: