现象描述

在 CentOS 7.6.1810 下执行 service iptables save 命令,出现如下错误:

[root@test ~]# service iptables save

The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

原因

从 CentOS 7.x 开始,CentOS 开始使用 systemd 服务来代替 daemon,原来管理系统启动和管理系统服务的相关命令全部由 systemctl 命令来代替。service 命令之保留了极少部分使用,大部分命令都要改用 systemctl 命令来使用。

在 RHEL 7 和 CentOS 7 中, firewalld 被引入来管理 iptables。

解决方案

首先停止防火墙:

systemctl stop firewalld

systemctl mask firewalld

  

在 CentOS 7 和 RHEL 7 中,没有 /etc/sysconfig/iptables 这个配置文件,也不能执行 service iptables restart 命令,需要通过安装 iptables-services 才有。

[root@test ~]# cat /etc/redhat-release

CentOS Linux release 7.6.1810 (Core)

[root@test ~]# rpm -qa|grep iptables

iptables-1.4.21-28.el7.x86_64

[root@test ~]# yum -y install iptables-services

然后就可以使用 service  iptables [start | stop | restart | save ....] 命令。

# 这样就可以保存防火墙规则了

[root@test ~]# service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

[root@test ~]# ll /etc/sysconfig/iptables

-rw-------. 1 root root 6479 Nov  7 04:00 /etc/sysconfig/iptables

# 或者 使用如下命令

[root@test ~]# /usr/libexec/iptables/iptables.init save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

延伸知识

CentOS 7 中没有 service iptables save 指令来保存防火墙规则,怎么处理的呢?

解决办法:

systemctl stop firewalld             # 关闭防火墙

yum -y install iptables-services     # 安装 iptables 服务

systemctl enable iptables            # 设置 iptables 服务开机启动

systemctl start iptables             # 启动 iptables 服务

service iptables save                # 保存 iptables 配置

service iptables restart             # 重启 iptables 服务
[root@test ~]# systemctl status iptables

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 14s ago

  Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

 Main PID: 85040 (code=exited, status=0/SUCCESS)

Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables...

Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [  OK  ]

Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables.

[root@test ~]# service iptables status

Redirecting to /bin/systemctl status iptables.service

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: active (exited) since Thu 2019-11-07 04:09:20 EST; 24s ago

  Process: 85040 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

 Main PID: 85040 (code=exited, status=0/SUCCESS)

Nov 07 04:09:20 test systemd[1]: Starting IPv4 firewall with iptables...

Nov 07 04:09:20 test iptables.init[85040]: iptables: Applying firewall rules: [  OK  ]

Nov 07 04:09:20 test systemd[1]: Started IPv4 firewall with iptables.

 注意:  firewalld 和 iptables 两种不同的防火墙规则的配置方式,不能同时启动。

 

示例1: 使用 systemctl start firewalld 启动的防火墙

[root@docker01 ~]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: active (running) since Thu 2019-11-07 04:20:58 EST; 2min 5s ago

     Docs: man:firewalld(1)

 Main PID: 86122 (firewalld)

    Tasks: 2

   Memory: 21.6M

   CGroup: /system.slice/firewalld.service

           └─86122 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -i docker0 ! -o docker0 -j ACCEPT' failed...t chain?).

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' f...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?).

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?).

Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name.

Hint: Some lines were ellipsized, use -l to show in full.

[root@docker01 ~]# service iptables status

Redirecting to /bin/systemctl status iptables.service

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: inactive (dead) since Thu 2019-11-07 04:20:57 EST; 3min 23s ago

  Process: 86123 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)

  Process: 85907 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

 Main PID: 85907 (code=exited, status=0/SUCCESS)

Nov 07 04:18:38 docker01 systemd[1]: Starting IPv4 firewall with iptables...

Nov 07 04:18:38 docker01 systemd[1]: Started IPv4 firewall with iptables.

Nov 07 04:20:57 docker01 systemd[1]: Stopping IPv4 firewall with iptables...

Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Setting chains to policy ACCEPT: filter [  OK  ]

Nov 07 04:20:57 docker01 iptables.init[86123]: iptables: Flushing firewall rules: [  OK  ]

Nov 07 04:20:57 docker01 systemd[1]: Stopped IPv4 firewall with iptables.

示例2: 使用 service iptables start 启动的防火墙

[root@docker01 ~]# service iptables start

Redirecting to /bin/systemctl start iptables.service

[root@docker01 ~]# service iptables status

Redirecting to /bin/systemctl status iptables.service

● iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)

   Active: active (exited) since Thu 2019-11-07 04:31:00 EST; 5s ago

  Process: 87000 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)

  Process: 87101 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

 Main PID: 87101 (code=exited, status=0/SUCCESS)

Nov 07 04:31:00 docker01 systemd[1]: Starting IPv4 firewall with iptables...

Nov 07 04:31:00 docker01 iptables.init[87101]: iptables: Applying firewall rules: [  OK  ]

Nov 07 04:31:00 docker01 systemd[1]: Started IPv4 firewall with iptables.

[root@docker01 ~]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: inactive (dead) since Thu 2019-11-07 04:29:12 EST; 2min 7s ago

     Docs: man:firewalld(1)

  Process: 86122 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)

 Main PID: 86122 (code=exited, status=0/SUCCESS)

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j DOCKER ! --ds...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -j DOCKER' failed: iptables: N...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED...t chain?).

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-ISOLATION-STAGE-1' failed: ipta...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Ba...t chain?).

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed: iptables: No chain/target...that name.

Nov 07 04:21:00 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed: iptables: Bad rule...t chain?).

Nov 07 04:21:01 docker01 firewalld[86122]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed: iptables: No chai...that name.

Nov 07 04:29:11 docker01 systemd[1]: Stopping firewalld - dynamic firewall daemon...

Nov 07 04:29:12 docker01 systemd[1]: Stopped firewalld - dynamic firewall daemon.

Hint: Some lines were ellipsized, use -l to show in full.

CentOS7 执行 service iptables save 报错 The service command supports only basic LSB actions xxxxxx的更多相关文章

  1. 3.centos 7执行service iptables save报错问题

    1.报错 [root@localhost ~]# service iptables save The service command supports only basic LSB actions ( ...

  2. 解决 service iptables save 报错 please try to use systemctl

    本文档根据 service iptables save 报错 please try to use systemctl 提供解决方案.报错 [root@Jaking ~]# service iptabl ...

  3. The service command supports only basic LSB actions (start, stop, restart, try-restart, reload,force-reload, status)

    # service iptables save The service command supports only basic LSB actions (start, stop, restart, t ...

  4. centos7 service iptables save 报错

    解决办法: 1.systemctl stop firewalld 2.yum install iptables-services 3.systemctl  restart iptables 4.ser ...

  5. 防火墙centos7执行 service iptables status报错问题完美解决

    在centos7 执行防火墙命令时 service iptables status 报错如下: 解决方案 : 1.systemctl start firewalld.service(开启防火墙) 2. ...

  6. service mysqld start 报错:service mysqld start 报错 090517 13:34:15 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. 090Can't open the mysql.plugin table. Please run mysql

    service mysqld start 报错 090517 13:34:15 [ERROR] Can't open the mysql.plugin table. Please run mysql_ ...

  7. centos7中没有service iptables save指令来保存防火墙规则

    1.任意运行一条iptables防火墙规则配置命令: iptables -P OUTPUT ACCEPT 2.对iptables服务进行保存: service iptables save 如果上述命令 ...

  8. centos .7x service iptables save 错误解决方案

    保存转发规则的时候,发现service iptables save 无效,而且报错[root@localhost bin]# service iptables saveThe service comm ...

  9. 解决service iptables save出错please try to use systemctl

    # service iptables save The service command supports only basic LSB actions (start, stop, restart, t ...

随机推荐

  1. 6 年前,只会 JSP 和 Servlet 就可以找到工作

    这篇文章在去年就已经构思了,不过一直都没有整理出来,今天终于完成了这篇文章,所以发上来给大家看一看,都是一些个人的小感慨,我的观点可能不是非常的完善,大家也可以一起讨论. 找工作之难,难于上青天 五六 ...

  2. 官网安装Python包太慢?教你三种下载安装方式-PiP、conda、轮子,教你三种Pytorch的下载安装方式,保证你再也不用出现Error

    上一期我们介绍了CUDA下载安装以及其总结,这一期教大家如何在Anaconda中使用CUDA来进行加速.神经网络依赖cuDNN的下载安装,以及下载和安装Pytorch-GPU安装包的三种方式(cond ...

  3. 逆向工程,生成pojo、xml、mapper

    package com.how2java; import java.io.File; import java.io.InputStream; import java.util.ArrayList; i ...

  4. 【Oracle】SQL对某字段模糊查询,哪种方案最快?

    问题:有一张表hy_test,查找其字段name中包含ufo的记录数,下面哪种方案最快? A.select count(*) from hy_test where name like '%ufo%' ...

  5. leetcode刷题-79单词搜索

    题目 给定一个二维网格和一个单词,找出该单词是否存在于网格中. 单词必须按照字母顺序,通过相邻的单元格内的字母构成,其中“相邻”单元格是那些水平相邻或垂直相邻的单元格.同一个单元格内的字母不允许被重复 ...

  6. js去掉最右边的逗号

    str=(str.substring(str.length-1)==',')?str.substring(0,str.length-1):str;

  7. Fragment时长统计那些事

    注:本文同步发布于微信公众号:stringwu的互联网杂谈 frament时长统计那些事 页面停留时长作为应用统计的北极星指标里的重要指标之一,统计用户在某个页面的停留时长则变得很重要.而Fragme ...

  8. get、post请求方式区别

    1.get请求只有请求头,没有请求体,它的参数只能写在url里面,post请求数据放在请求体里面 (HTTP协议:两台电脑交互url请求头Request Headers:一些额外的信息,比如用的什么浏 ...

  9. Python爬虫实战练习:爬取美团旅游景点评论数据

    前言 本文的文字及图片来源于网络,仅供学习.交流使用,不具有任何商业用途,如有问题请及时联系我们以作处理. 今年的国庆节还有半个月就要来了,相信很多的小伙伴还是非常期待这个小长假的.国庆节是一年中的小 ...

  10. Hashmap,Set,Map,List,ArrayList的区别

    表格: 类型 默认容量 加载因子[1] 扩容增量 底层实现 是否安全及同步方式 Vector 10 1 2倍 Object数组 安全,synchronized ArrayList 10 1 1.5倍( ...