请教IPTABLES 无法停止问题

yangjie_sz

各位老大，最近在设置IPTABLES 规则时遇到一个棘手问题，（IPTABLES SAVE 如下），启用规则是没有问题的，就是在停止或重启规则时候，在UNLOAD MODULE 的时候就定住不动了，等了很久很久都不行，GOOGLE了一下，有类似的问题是由于设置了无效的规则导致的，可是我检查了几遍了，都没发现问题，还望各位老大帮解决解决，先谢谢各位了！



# Generated by iptables-save v1.2.11 on Mon Nov 30 16:14:00 2009
*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REFW - [0:0]
:REDFW - [0:0]
-A PREROUTING -j REDFW
-A POSTROUTING -j MASQUERADE
-A REDFW -s 192.168.1.133 -p tcp -m mac --mac-source 00:19:B9:47:70:28 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.143 -p tcp -m mac --mac-source 00:13:20:B2:ED:48 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.161 -p tcp -m mac --mac-source 00:0D:61:EC:7B:FF -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.156 -p tcp -m mac --mac-source 00:0D:61:E8:82:47 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.155 -p tcp -m mac --mac-source 00:13:20:B2:EC:B5 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.23 -p tcp -m mac --mac-source 00:133:F5:59:3E -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.195 -p tcp -m mac --mac-source 00:1C:25C:0B:2E -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.36 -p tcp -m mac --mac-source 00:50:04:BF:AF:78 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.71 -p tcp -m mac --mac-source 00:01:6C:42:86:27 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.163 -p tcp -m mac --mac-source 00:19:B9:47:E4F -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.250 -p tcp -m mac --mac-source 00:03:0D:CC:A4:B7 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.185 -p tcp -m mac --mac-source 00:19:B9:47:6B:F7 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.165 -p tcp -m mac --mac-source 00:25:11:E7:81:9E -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.138 -p tcp -m mac --mac-source 00:01:6C:4B:F1:47 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.106 -p tcp -m mac --mac-source 00:14:2A:5B:20:43 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.201 -p tcp -m mac --mac-source 00:14:C2:5F:4D:8A -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.193 -p tcp -m mac --mac-source 00:133:F5:34:F4 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.176 -p tcp -m mac --mac-source 00:01:6C:AA:29:17 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.128 -p tcp -m mac --mac-source 00:13:20:EC:FD:F6 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.144 -p tcp -m mac --mac-source 00:E0:4C:12:37:86 -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.149 -p tcp -m mac --mac-source 00:19:B9:47:70:1F -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.161 -p tcp -m mac --mac-source 00:0D:61:EC:7B:FF -m tcp --dport 80 -j REDIRECT --to-ports 8088
-A REDFW -s 192.168.1.89 -p tcp -m mac --mac-source 00:19:B9:47:6D:F5 -m tcp --dport 80 -j REDIRECT --to-ports 8088
COMMIT
# Completed on Mon Nov 30 16:14:00 2009
# Generated by iptables-save v1.2.11 on Mon Nov 30 16:14:00 2009
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FORFW - [0:0]
:INPUTFW - [0:0]
:MAC - [0:0]
ORTFW - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i bond0 -p icmp -j ACCEPT
-A INPUT -i bond0 -p tcp -j ACCEPT
-A INPUT -i bond0 -p udp -j ACCEPT
-A INPUT -j INPUTFW
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -j FORFW
-A FORFW -s 192.168.1.89 -p tcp -m mac --mac-source 00:19:B9:47:6D:F5 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.149 -p tcp -m mac --mac-source 00:19:B9:47:70:1F -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.143 -p tcp -m mac --mac-source 00:13:20:B2:ED:48 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.128 -p tcp -m mac --mac-source 00:13:20:EC:FD:F6 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.133 -p tcp -m mac --mac-source 00:19:B9:47:70:28 -m multiport --dports 443,21,23,7708,7727 -j ACCEPT
-A FORFW -s 192.168.1.156 -p tcp -m mac --mac-source 00:0D:61:E8:82:47 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.165 -p tcp -m mac --mac-source 00:25:11:E7:81:9E -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.185 -p tcp -m mac --mac-source 00:19:B9:47:6B:F7 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.250 -p tcp -m mac --mac-source 00:03:0D:CC:A4:B7 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.163 -p tcp -m mac --mac-source 00:19:B9:47:E4F -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.71 -p tcp -m mac --mac-source 00:01:6C:42:86:27 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.36 -p tcp -m mac --mac-source 00:50:04:BF:AF:78 -m multiport --dports 443 -j ACCEPT
-A FORFW -s 192.168.1.155 -p tcp -m mac --mac-source 00:13:20:B2:EC:B5 -m multiport --dports 7888 -j ACCEPT
-A FORFW -s 192.168.1.23 -p tcp -m mac --mac-source 00:133:F5:59:3E -m multiport --dports 443 -j ACCEPT
-A FORFW -p tcp -j DROP
-A FORFW -p udp -j DROP
-A INPUTFW -p tcp -m tcp --dport 222 -j ACCEPT
COMMIT
# Completed on Mon Nov 30 16:14:00 2009

platinum

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -F
iptables -F
iptables -t nat -X
iptables -X

yangjie_sz

原帖由 platinum 于 2009-12-2 00:44 发表
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -F
iptables -F
iptables -t nat -X
iptables -X

谢谢回复，不过你提供的这些只能是目前清除规则而已，我使用上面的IPTABLES SAVE，每次重启机器时，在关闭IPTABLES 的时候就出问题了，在卸载IPTABLES 模块的地方就停住不动了，这是最棘手的地方，等多久都没用，每次重启机器的话，只有强行重启。

继续请教。

platinum

1、先清除规则再重启试试
2、手动清除规则后再手动卸载模块试试

ljily000

是的，安装白金大哥的试试，没问题的。

yangjie_sz

先谢谢各位老大.

kns1024wh

停止 是说停止服务那么就经iptables stop
如果说的是清空规则那个就是-F