Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]

电工

linode的 vps  iptables启动报错

之前他们提供的解决方法如下：
cd /etc/init.d
mv iptables ~/iptables.bak
wget http://epoxie.net/12023.txt && cat 12023.txt | tr -d '\r' > iptables
chmod +x iptables
rm -rf 12023.txt

Now, "iptables" should now start successfully:

service iptables restart

现在  http://epoxie.net/12023.txt  这个已经404了 各位有何解决办法么？

谢谢

cnweb

楼下来

Kokgog

1. 
   
2. #!/bin/sh
   
3. #
   
4. # iptables        Start iptables firewall
   
5. #
   
6. # chkconfig: 2345 08 92
   
7. # description:        Starts, stops and saves iptables firewall
   
8. #
   
9. # config: /etc/sysconfig/iptables
   
10. # config: /etc/sysconfig/iptables-config
    
11. 
    
12. # Source function library.
    
13. . /etc/init.d/functions
    
14. 
    
15. IPTABLES=iptables
    
16. IPTABLES_DATA=/etc/sysconfig/$IPTABLES
    
17. IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
    
18. IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
    
19. PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
    
20. VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
    
21. 
    
22. if [ ! -x /sbin/$IPTABLES ]; then
    
23.     echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
    
24.     exit 0
    
25. fi
    
26. 
    
27. if lsmod 2>/dev/null | grep -q ipchains ; then
    
28.     echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
    
29.     exit 1
    
30. fi
    
31. 
    
32. # Old or new modutils
    
33. /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
    
34.     && NEW_MODUTILS=1 \
    
35.     || NEW_MODUTILS=0
    
36. 
    
37. # Default firewall configuration:
    
38. IPTABLES_MODULES=""
    
39. IPTABLES_MODULES_UNLOAD="yes"
    
40. IPTABLES_SAVE_ON_STOP="no"
    
41. IPTABLES_SAVE_ON_RESTART="no"
    
42. IPTABLES_SAVE_COUNTER="no"
    
43. IPTABLES_STATUS_NUMERIC="yes"
    
44. 
    
45. # Load firewall configuration.
    
46. [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
    
47. 
    
48. rmmod_r() {
    
49.     # Unload module with all referring modules.
    
50.     # At first all referring modules will be unloaded, then the module itself.
    
51.     local mod=$1
    
52.     local ret=0
    
53.     local ref=
    
54. 
    
55.     # Get referring modules.
    
56.     # New modutils have another output format.
    
57.     [ $NEW_MODUTILS = 1 ] \
    
58.         && ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
    
59.         || ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
    
60. 
    
61.     # recursive call for all referring modules
    
62.     for i in $ref; do
    
63.         rmmod_r $i
    
64.         let ret+=$?;
    
65.     done
    
66. 
    
67.     # Unload module.
    
68.     # The extra test is for 2.6: The module might have autocleaned,
    
69.     # after all referring modules are unloaded.
    
70.     if grep -q "^${mod}" /proc/modules ; then
    
71.         modprobe -r $mod > /dev/null 2>&1
    
72.         let ret+=$?;
    
73.     fi
    
74. 
    
75.     return $ret
    
76. }
    
77. 
    
78. flush_n_delete() {
    
79.     # Flush firewall rules and delete chains.
    
80.     [ -e "$PROC_IPTABLES_NAMES" ] || return 1
    
81. 
    
82.     # Check if firewall is configured (has tables)
    
83.     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    
84.     [ -z "$tables" ] && return 1
    
85. 
    
86.     echo -n $"Flushing firewall rules: "
    
87.     ret=0
    
88.     # For all tables
    
89.     for i in $tables; do
    
90.         # Flush firewall rules.
    
91.         $IPTABLES -t $i -F;
    
92.         let ret+=$?;
    
93. 
    
94.         # Delete firewall chains.
    
95.         $IPTABLES -t $i -X;
    
96.         let ret+=$?;
    
97. 
    
98.         # Set counter to zero.
    
99.         $IPTABLES -t $i -Z;
    
100.         let ret+=$?;
     
101.     done
     
102. 
     
103.     [ $ret -eq 0 ] && success || failure
     
104.     echo
     
105.     return $ret
     
106. }
     
107. 
     
108. set_policy() {
     
109.     # Set policy for configured tables.
     
110.     policy=$1
     
111. 
     
112.     # Check if iptable module is loaded
     
113.     [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
     
114. 
     
115.     # Check if firewall is configured (has tables)
     
116.     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
     
117.     [ -z "$tables" ] && return 1
     
118. 
     
119.     echo -n $"Setting chains to policy $policy: "
     
120.     ret=0
     
121.     for i in $tables; do
     
122.         echo -n "$i "
     
123.         case "$i" in
     
124.            security)
     
125.                     $IPTABLES -t security -P INPUT $policy \
     
126.                     && $IPTABLES -t security -P OUTPUT $policy \
     
127.                     && $IPTABLES -t security -P FORWARD $policy \
     
128.                    || let ret+=1
     
129.                 ;;
     
130.             raw)
     
131.                 $IPTABLES -t raw -P PREROUTING $policy \
     
132.                     && $IPTABLES -t raw -P OUTPUT $policy \
     
133.                     || let ret+=1
     
134.                 ;;
     
135.             filter)
     
136.                 $IPTABLES -t filter -P INPUT $policy \
     
137.                     && $IPTABLES -t filter -P OUTPUT $policy \
     
138.                     && $IPTABLES -t filter -P FORWARD $policy \
     
139.                     || let ret+=1
     
140.                 ;;
     
141.             nat)
     
142.                 $IPTABLES -t nat -P PREROUTING $policy \
     
143.                     && $IPTABLES -t nat -P POSTROUTING $policy \
     
144.                     && $IPTABLES -t nat -P OUTPUT $policy \
     
145.                     || let ret+=1
     
146.                 ;;
     
147.             mangle)
     
148.                 $IPTABLES -t mangle -P PREROUTING $policy \
     
149.                     && $IPTABLES -t mangle -P POSTROUTING $policy \
     
150.                     && $IPTABLES -t mangle -P INPUT $policy \
     
151.                     && $IPTABLES -t mangle -P OUTPUT $policy \
     
152.                     && $IPTABLES -t mangle -P FORWARD $policy \
     
153.                     || let ret+=1
     
154.                 ;;
     
155.             *)
     
156.                 let ret+=1
     
157.                 ;;
     
158.         esac
     
159.     done
     
160. 
     
161.     [ $ret -eq 0 ] && success || failure
     
162.     echo
     
163.     return $ret
     
164. }
     
165. 
     
166. start() {
     
167.     # Do not start if there is no config file.
     
168.     [ -f "$IPTABLES_DATA" ] || return 1
     
169. 
     
170.     echo -n $"Applying $IPTABLES firewall rules: "
     
171. 
     
172.     OPT=
     
173.     [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
     
174. 
     
175.     $IPTABLES-restore $OPT $IPTABLES_DATA
     
176.     if [ $? -eq 0 ]; then
     
177.         success; echo
     
178.     else
     
179.         failure; echo; return 1
     
180.     fi
     
181.    
     
182.     # Load additional modules (helpers)
     
183.     if [ -n "$IPTABLES_MODULES" ]; then
     
184.         echo -n $"Loading additional $IPTABLES modules: "
     
185.         ret=0
     
186.         for mod in $IPTABLES_MODULES; do
     
187.             echo -n "$mod "
     
188.             modprobe $mod > /dev/null 2>&1
     
189.             let ret+=$?;
     
190.         done
     
191.         [ $ret -eq 0 ] && success || failure
     
192.         echo
     
193.     fi
     
194.    
     
195.     touch $VAR_SUBSYS_IPTABLES
     
196.     return $ret
     
197. }
     
198. 
     
199. stop() {
     
200.     # Do not stop if iptables module is not loaded.
     
201.     [ -e "$PROC_IPTABLES_NAMES" ] || return 1
     
202. 
     
203.     flush_n_delete
     
204.     set_policy ACCEPT
     
205.    
     
206.     if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
     
207.         echo -n $"Unloading $IPTABLES modules: "
     
208.         ret=0
     
209.         rmmod_r ${IPV}_tables
     
210.         let ret+=$?;
     
211.         rmmod_r ${IPV}_conntrack
     
212.         let ret+=$?;
     
213.         [ $ret -eq 0 ] && success || failure
     
214.         echo
     
215.     fi
     
216.    
     
217.     rm -f $VAR_SUBSYS_IPTABLES
     
218.     return $ret
     
219. }
     
220. 
     
221. save() {
     
222.     # Check if iptable module is loaded
     
223.     [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
     
224. 
     
225.     # Check if firewall is configured (has tables)
     
226.     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
     
227.     [ -z "$tables" ] && return 1
     
228. 
     
229.     echo -n $"Saving firewall rules to $IPTABLES_DATA: "
     
230. 
     
231.     OPT=
     
232.     [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
     
233. 
     
234.     ret=0
     
235.     TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
     
236.         && chmod 600 "$TMP_FILE" \
     
237.         && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
     
238.         && size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
     
239.         || ret=1
     
240.     if [ $ret -eq 0 ]; then
     
241.         if [ -e $IPTABLES_DATA ]; then
     
242.             cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
     
243.                 && chmod 600 $IPTABLES_DATA.save \
     
244.                 || ret=1
     
245.         fi
     
246.         if [ $ret -eq 0 ]; then
     
247.             cp -f $TMP_FILE $IPTABLES_DATA \
     
248.                 && chmod 600 $IPTABLES_DATA \
     
249.                 || ret=1
     
250.         fi
     
251.     fi
     
252.     [ $ret -eq 0 ] && success || failure
     
253.     echo
     
254.     rm -f $TMP_FILE
     
255.     return $ret
     
256. }
     
257. 
     
258. status() {
     
259.     tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
     
260. 
     
261.     # Do not print status if lockfile is missing and iptables modules are not
     
262.     # loaded.
     
263.     # Check if iptable module is loaded
     
264.     if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
     
265.         echo $"Firewall is stopped."
     
266.         return 1
     
267.     fi
     
268. 
     
269.     # Check if firewall is configured (has tables)
     
270.     if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
     
271.         echo $"Firewall is not configured. "
     
272.         return 1
     
273.     fi
     
274.     if [ -z "$tables" ]; then
     
275.         echo $"Firewall is not configured. "
     
276.         return 1
     
277.     fi
     
278. 
     
279.     NUM=
     
280.     [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
     
281.     VERBOSE=
     
282.     [ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
     
283.     COUNT=
     
284.     [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
     
285. 
     
286.     for table in $tables; do
     
287.         echo $"Table: $table"
     
288.         $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
     
289.     done
     
290. 
     
291.     return 0
     
292. }
     
293. 
     
294. restart() {
     
295.     [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
     
296.     stop
     
297.     start
     
298. }
     
299. 
     
300. case "$1" in
     
301.     start)
     
302.         stop
     
303.         start
     
304.         RETVAL=$?
     
305.         ;;
     
306.     stop)
     
307.         [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
     
308.         stop
     
309.         RETVAL=$?
     
310.         ;;
     
311.     restart)
     
312.         restart
     
313.         RETVAL=$?
     
314.         ;;
     
315.     condrestart)
     
316.         [ -e "$VAR_SUBSYS_IPTABLES" ] && restart
     
317.         ;;
     
318.     status)
     
319.         status
     
320.         RETVAL=$?
     
321.         ;;
     
322.     panic)
     
323.         flush_n_delete
     
324.         set_policy DROP
     
325.         RETVAL=$?
     
326.         ;;
     
327.     save)
     
328.         save
     
329.         RETVAL=$?
     
330.         ;;
     
331.     *)
     
332.         echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
     
333.         exit 1
     
334.         ;;
     
335. esac
     

复制代码

windywinter

http://epoxie.net/12023.txt
是什么

电工

楼上大哥，对菜鸟能不能说的明白点。。

windywinter

原帖由 电工 于 2011-12-13 14:55 发表
楼上大哥，对菜鸟能不能说的明白点。。

改用http://epoxie.net/14867.txt