- 论坛徽章:
- 0
|
本帖最后由 whilvydy 于 2011-12-28 22:13 编辑
目前管理着几台务器,其它服务器都正常,其中一台不正常,现象如下:
[root@ip6 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@ip6 ~]# service iptables start
清除防火墙规则: [确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块: [确定]
应用 iptables 防火墙规则: [确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns ip_conntrac[确定]
[root@ip6 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mcns-tel-ret
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
.
.
.
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@ip6 ~]#
[root@ip6 ~]# date
2011年 12月 28日 星期三 22:01:20 CST
过3-5分钟后,再iptables -L,就又为空了,
再service iptables restart,策略又恢复了
cat /etc/sysconfig/iptabes,里面有内容,确定策略是save了的,
iptables策略为空,觉得很不安全,所以很希望能找出原因,请各位指导一下
哦,之前安装过ddos(会自动修改iptables策略),后发现此问题后,kill掉所有ddos.sh进程,并uninstall此ddos
但问题依旧,
请求各位大师指导! |
|
免费注册
发表于 2011-12-28 22:11
发表于 2011-12-29 08:22
