背景:1028中iptables服务默认并不完整,在使用之前需要重新安装。
安装iptables服务: apt-get install iptables-persisten
在安装过程中选择两次yes,即可
查看netfilter-persistent服务是否在运行 systemctl status netfilter-persistent
● netfilter-persistent.service - netfilter persistent configuration
Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2023-02-28 14:02:21 CST; 13min ago
Process: 251 ExecStart=/usr/sbin/netfilter-persistent start (code=exited, status=0/SUCCESS)
Main PID: 251 (code=exited, status=0/SUCCESS)
Feb 28 14:02:21 forlinx systemd[1]: Starting netfilter persistent configuration...
Feb 28 14:02:21 forlinx netfilter-persistent[251]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Feb 28 14:02:21 forlinx netfilter-persistent[251]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Feb 28 14:02:21 forlinx systemd[1]: Started netfilter persistent configuration.
设置转发服务并实现持久化:
root@forlinx:~
root@forlinx:~
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
对比前后配置文件的变化:
前:
root@forlinx:~
*nat
:PREROUTING ACCEPT [543:72796]
:INPUT ACCEPT [324:37885]
:OUTPUT ACCEPT [77:3640]
:POSTROUTING ACCEPT [77:3640]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
*mangle
后:
root@forlinx:~
*nat
:PREROUTING ACCEPT [71:8088]
:INPUT ACCEPT [52:5026]
:OUTPUT ACCEPT [6:214]
:POSTROUTING ACCEPT [5:145]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -o eno0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
......
可以发现在执行iptables持久化之后,增加了一条命令
| 
|小黑屋|
飞凌嵌入式
( 冀ICP备12004394号-1 )
