iptables规则自动改变？

knight_zt

q1208c 发表于 2012-12-10 19:34
回复 9# knight_zt

[root@server~]# dmesg
[19803932.924236] ip_tables: udp match: only valid for protocol 17
[19803989.473128] ip_tables: udp match: only valid for protocol 17
[19803995.069349] ip_tables: udp match: only valid for protocol 17
[19804034.368763] ip_tables: udp match: only valid for protocol 17
[19804042.745036] ip_tables: udp match: only valid for protocol 17
[19818591.000542] ip_tables: udp match: only valid for protocol 17
[19818648.508023] ip_tables: udp match: only valid for protocol 17
[19833283.844078] ip_tables: udp match: only valid for protocol 17
[19833397.579515] ip_tables: udp match: only valid for protocol 17
[19833897.668653] ip_tables: udp match: only valid for protocol 17
[19834055.332678] ip_tables: udp match: only valid for protocol 17
[19871151.412001] ip_tables: udp match: only valid for protocol 17
[19871172.921432] ip_tables: udp match: only valid for protocol 17
[root@server~]#



这个应该是有一次我设置防火墙的时候，参数写错了，我用service iptables restart的时候它提示防火墙语法有问题，然后让我用dmesg命令查看，我打开就是上面这几条。
另外，我没有特意配置系统日志的路径，那么默认应该是/var/log/messages：

1. 
   
2. Dec  9 03:01:05 server kernel: imklog 4.6.2, log source = /proc/kmsg started.
   
3. Dec  9 03:01:05 server rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="424" x-info="http://www.rsyslog.com"] (re)start
   
4. Dec 10 03:01:10 server logrotate: ALERT exited abnormally with [1]

复制代码

另外还有一个以日期命名的messages：

1. Dec  2 03:01:04 server kernel: imklog 4.6.2, log source = /proc/kmsg started.
   
2. Dec  2 03:01:04 server rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="424" x-info="http://www.rsyslog.com"] (re)start
   
3. Dec  2 03:01:04 server logrotate: ALERT exited abnormally with [1]
   
4. Dec  3 03:01:05 server logrotate: ALERT exited abnormally with [1]
   
5. Dec  4 03:01:05 server logrotate: ALERT exited abnormally with [1]
   
6. Dec  4 23:49:11 server yum[15803]: Installed: zlib-devel-1.2.3-27.el6.i686
   
7. Dec  5 00:08:16 server yum[23276]: Updated: 1:perl-Pod-Escapes-1.04-127.el6.i686
   
8. Dec  5 00:08:16 server yum[23276]: Updated: 1:perl-Module-Pluggable-3.90-127.el6.i686
   
9. Dec  5 00:08:16 server yum[23276]: Updated: 3:perl-version-0.77-127.el6.i686
   
10. Dec  5 00:08:18 server yum[23276]: Updated: 4:perl-libs-5.10.1-127.el6.i686
    
11. Dec  5 00:08:19 server yum[23276]: Updated: 1:perl-Pod-Simple-3.13-127.el6.i686
    
12. Dec  5 00:08:26 server yum[23276]: Updated: 4:perl-5.10.1-127.el6.i686
    
13. Dec  5 00:08:27 server yum[23276]: Installed: perl-IO-Compress-Base-2.020-127.el6.i686
    
14. Dec  5 00:08:27 server yum[23276]: Installed: 1:perl-Compress-Raw-Zlib-2.020-127.el6.i686
    
15. Dec  5 00:08:27 server yum[23276]: Installed: perl-IO-Compress-Zlib-2.020-127.el6.i686
    
16. Dec  5 00:08:27 server yum[23276]: Installed: perl-Compress-Zlib-2.020-127.el6.i686
    
17. Dec  5 03:01:05 server logrotate: ALERT exited abnormally with [1]
    
18. Dec  5 15:06:31 server kernel: [19803932.924236] ip_tables: udp match: only valid for protocol 17
    
19. Dec  5 15:07:27 server kernel: [19803989.473128] ip_tables: udp match: only valid for protocol 17
    
20. Dec  5 15:07:33 server kernel: [19803995.069349] ip_tables: udp match: only valid for protocol 17
    
21. Dec  5 15:08:12 server kernel: [19804034.368763] ip_tables: udp match: only valid for protocol 17
    
22. Dec  5 15:08:21 server kernel: [19804042.745036] ip_tables: udp match: only valid for protocol 17
    
23. Dec  5 19:10:49 server kernel: [19818591.000542] ip_tables: udp match: only valid for protocol 17
    
24. Dec  5 19:11:46 server kernel: [19818648.508023] ip_tables: udp match: only valid for protocol 17
    
25. Dec  5 23:15:42 server kernel: [19833283.844078] ip_tables: udp match: only valid for protocol 17
    
26. Dec  5 23:17:36 server kernel: [19833397.579515] ip_tables: udp match: only valid for protocol 17
    
27. Dec  5 23:25:56 server kernel: [19833897.668653] ip_tables: udp match: only valid for protocol 17
    
28. Dec  5 23:28:33 server kernel: [19834055.332678] ip_tables: udp match: only valid for protocol 17
    
29. Dec  6 03:01:03 server logrotate: ALERT exited abnormally with [1]
    
30. Dec  6 09:46:49 server kernel: [19871151.412001] ip_tables: udp match: only valid for protocol 17
    
31. Dec  6 09:47:11 server kernel: [19871172.921432] ip_tables: udp match: only valid for protocol 17
    
32. Dec  7 03:01:03 server logrotate: ALERT exited abnormally with [1]
    
33. Dec  8 03:01:05 server logrotate: ALERT exited abnormally with [1]
    
34. Dec  9 03:01:04 server rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="424" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'restart'.
    
35. Dec  9 03:01:05 server kernel: Kernel logging (proc) stopped.
    

复制代码

上面就是防火墙异常当天的日志。请大侠过目

q1208c

回复 11# knight_zt


你的机器上日志好少呀.

如果能确认机器其它方面是正常的, 那可能是kernel的一个 bug.

你看看你的kernel相关的bugfix吧.