解决iptables Setting chains to policy ACCEPT: security raw nat[FAILED]filter

linode

在ttlsa迁移到靠谱云以前服务器用的是linode，目前还有一些站点依旧使用linode，算算看，我也是linode的忠实用户。有时候在重启iptables的时候总是会出现iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter ，想想没什么影响就放着，但是终究是我终究是个强迫症患者，决定修复他。

错误重现

[root@li254-129 ~]# service iptables restartiptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter iptables: Flushing firewall rules:                         [  OK  ]iptables: Unloading modules:                               [  OK  ]iptables: Applying firewall rules:                         [  OK  ]

错误原因

Linode官方在iptables里加了一个security的规则链，但是centos不支持，既然不支持，我就做点手脚吧。

解决iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter

找到如下case段,在raw后面加上security)段，修改后如下。

# vim /etc/init.d/iptables for i in $tables; do echo -n "$i " case "$i" in raw) $IPTABLES -t raw -P PREROUTING $policy / && $IPTABLES -t raw -P OUTPUT $policy / || let ret+=1 ;;security) $IPTABLES -t filter -P INPUT $policy / && $IPTABLES -t filter -P OUTPUT $policy / && $IPTABLES -t filter -P FORWARD $policy / || let ret+=1 ;;

重启iptables

[root@li254-129 ~]# service iptables restartiptables: Setting chains to policy ACCEPT: security raw nat[  OK  ]filter iptables: Flushing firewall rules:                         [  OK  ]iptables: Unloading modules:                               [  OK  ]iptables: Applying firewall rules:                         [  OK  ]

呵呵，问题搞定了~