在老版本Linux上启用iptables（禁止ipchains）

最近在RH 6.1、COSIX 3.1服务器上配置iptables，被ipchains弄得半死。

iptables需要加入ip_tables模块，但是由于ipchains从中作梗，每次都报错。
[root@cosix-31-oracle-01 /root]# iptables --list
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod /lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o failed
/lib/modules/2.4.18-5smp/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

开始以为是服务器上安装oracle8i时，降了gcc版本造成的，折腾好几天，无意中在google上用“init_module: Device or resource busy”做关键词google到某个maillist中的提示信息，恍然大悟

首先停掉ipchains服务
#chkconfig --level 345 ipchains off
# service ipchains stop
Flushing all chains: [ OK ]
Removing user defined chains: [ OK ]
Resetting built-in chains to the default ACCEPT policy:[ OK ]
去掉ipchains的模块
# rmmod ipchains

使用vi编辑/etc/sysconfig/iptables文件（具体用哪个文件，要看/etc/rc.d/init.d/iptables脚本）。

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -j ACCEPT
-A RH-Firewall-1-INPUT -p 50   -j ACCEPT
-A RH-Firewall-1-INPUT -p 51   -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 61.138.209.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 61.166.155.0/24 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521         -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -s 61.138.209.0/24 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

启动iptables服务
#service iptables start
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules:
[ OK ]
#chkconfig --level 345 iptables on

在老版本Linux上启用iptables（禁止ipchains）

你可能感兴趣的:(在老版本Linux上启用iptables（禁止ipchains）)