centos7重启iptables时失败,通过systemctl status iptables.service查看错误信息,内容如下所示:
# *systemctl status iptables.service
— iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2018-01-10 05:11:42 EST; 4s ago
Process: 3994 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 5236 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
Main PID: 5236 (code=exited, status=1/FAILURE)
Jan 10 05:11:42 master.example.com systemd[1]: Starting IPv4 firewall with i....
Jan 10 05:11:42 master.example.com iptables.init[5236]: iptables: Applying fi...
Jan 10 05:11:42 master.example.com iptables.init[5236]: Error occurred at lin...
Jan 10 05:11:42 master.example.com iptables.init[5236]: Try `iptables-restore...
Jan 10 05:11:42 master.example.com iptables.init[5236]: [FAILED]
Jan 10 05:11:42 master.example.com systemd[1]: iptables.service: main proces...E
Jan 10 05:11:42 master.example.com systemd[1]: Failed to start IPv4 firewall....
Jan 10 05:11:42 master.example.com systemd[1]: Unit iptables.service entered....
Jan 10 05:11:42 master.example.com systemd[1]: iptables.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
上面的错误是在启动ipv4 firewall时失败,可尝试关闭firewalld服务在重启iptables:
# service iptables save
# systemctl stop firewalld -- 关闭firewalld服务
# systemctl disable firewalld --设置开机禁用firewalld
# systemctl start iptables -- 启动iptables
# systemctl status iptables --确认iptables状态
# systemctl enable iptables -- 设置iptables开机启动
# systemctl status firewalld --确认firewalld服务
除了使用上述的方法以外,启动失败的原因也可能是iptables的规则配置错误。
可以check下/etc/sysconfig/iptables文件。