[英]debian 8 iptables-persistent
i have VPS Debian 8 jessie x64 stable release.我有 VPS Debian 8 jessie x64 稳定版。 After installation im trying to configure iptables (like in debian 7).
安装后,我尝试配置 iptables(如在 debian 7 中)。
apt-get install iptables-persistent
executed succesefully, some packets were installed.执行成功,安装了一些数据包。 but when im trying
但是当我尝试
service iptables-persistent start
im getting an error that says thar service iptables-persistent unrecognized我收到一个错误,说 thar service iptables-persistent unrecognized
halp!住手!
Persist IP Tables Debian/Ubuntu持久 IP 表 Debian/Ubuntu
To persist any changes you make to your iptables rules, do the following.要保留对 iptables 规则所做的任何更改,请执行以下操作。
Install iptables-persistent:安装 iptables-persistent:
sudo apt-get install -y iptables-persistent
Make any changes you want to your iptables rules, eg对 iptables 规则进行任何您想要的更改,例如
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
Then run然后运行
sudo dpkg-reconfigure -y iptables-persistent
The rules should persist after a reboot now.现在重新启动后规则应该仍然存在。
Extra Info额外信息
The dpkg-reconfigure just causes iptables-persistent to do again what it does at install, which is to save the current iptables into a file using a command just like: dpkg-reconfigure 只会导致 iptables-persistent 再次执行它在安装时所做的事情,即使用如下命令将当前 iptables 保存到文件中:
iptables-save >/etc/iptables/rules.v4
ip6tables-save >/etc/iptables/rules.v6
The iptables-persistent package causes the os to run something like the following on reboot. iptables-persistent 包使操作系统在重新启动时运行如下内容。
iptables-restore < /etc/iptables/rules.v4
ip6tables-restore < /etc/iptables/rules.v6
Hope this helps : )希望这可以帮助 : )
I just stumbled over OP's problem, too (and then his question);我也偶然发现了 OP 的问题(然后是他的问题); found the solution when looking at the package description for iptables-persistent .
查看 iptables-persistent的包描述时找到了解决方案。 The new interface seems to be netfilter-persistent, that is use eg:
新界面似乎是 netfilter-persistent,即使用,例如:
# invoke-rc.d netfilter-persistent save
At least that is what worked for me, HTH ...至少这对我有用,HTH ...
Update 8/7/16: It depends on the distro. 2016 年 8 月 7 日更新:这取决于发行版。 The following comment content was entered in ignorance of whether the OP distro has a netfilter-persistent package.
不知道 OP 发行版是否有 netfilter-persistent 包,输入了以下评论内容。 My apologies.
我很抱歉。 My laptop distro (Mint) does not contain the netfilter-persistent package while my servers distros (Ubuntu 15+) do.
我的笔记本电脑发行版 (Mint) 不包含 netfilter-persistent 包,而我的服务器发行版 (Ubuntu 15+) 包含。
Original answer: As Oliver correctly says, netfilter-persistent replaces iptables-persistent in Ubuntu.原始答案:正如 Oliver 正确所说,netfilter-persistent 替换了 Ubuntu 中的 iptables-persistent。 What worked with Ubuntu 15.04 was as follows:
适用于 Ubuntu 15.04 的内容如下:
Install it, then make sure it is running as a service: service --status-all | grep netfilter-persistent
安装它,然后确保它作为服务运行:
service --status-all | grep netfilter-persistent
service --status-all | grep netfilter-persistent
If not running as a service, start it once for all time with: invoke-rc.d netfilter-persistent start
如果不作为服务运行,请始终使用以下命令启动它:
invoke-rc.d netfilter-persistent start
Then you must place a script someplace that will run when the network or its interfaces stop.然后,您必须将脚本放置在网络或其接口停止时将运行的地方。 The important script content is simply:
invoke-rc.d netfilter-persistent save
重要的脚本内容很简单:
invoke-rc.d netfilter-persistent save
I put the script in /etc/network/if-post-down.d
directory.我将脚本放在
/etc/network/if-post-down.d
目录中。 Don't forget to chmod it to executable.不要忘记将其 chmod 为可执行文件。 If power outages are any likelihood, you could make a cron entry for the save command.
如果有可能断电,您可以为 save 命令创建一个 cron 条目。
iptables-persistent has been recommand on debian wiki many times . iptables-persistent 在 debian wiki 上被多次推荐。
to install it:安装它:
apt install iptables-persistent
iptables-persistent create the config files and use the package netfilter-persistent to reload or save iptables rules now iptables-persistent 创建配置文件并使用包 netfilter-persistent 现在重新加载或保存 iptables 规则
the iptables config files are at folder iptables 配置文件位于文件夹中
/etc/iptables/rules.v4
/etc/iptables/rules.v6
the main manage tool is:主要的管理工具是:
/usr/sbin/netfilter-persistent # you should be root or call sudo to use it
when you want to change iptable rules , edit the config files then reload iptables rules当你想改变 iptable 规则时,编辑配置文件然后重新加载 iptables 规则
netfilter-persistent reload
or you can use iptables -I INPUT ... to change iptables rules first then save it to config files或者您可以使用 iptables -I INPUT ... 先更改 iptables 规则,然后将其保存到配置文件
netfilter-persistent save
if you want to clear the iptables rules ,you can use flush command如果你想清除iptables规则,你可以使用flush命令
netfilter-persistent flush
The problem was in firewalld service.问题出在 firewalld 服务中。 This is some kind of new firewall daemon which conflicts with netfilter(iptables)-persistent.
这是一种与 netfilter(iptables)-persistent 冲突的新防火墙守护进程。
chkconfig firewalld off
and now all is working fine.现在一切正常。
Disclaimer: this is not best practice, just a temporary wworkaround.免责声明:这不是最佳实践,只是临时解决方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.