Arm, iptables: No chain/target/match by that name., iptableschain
Recently, due to project requirements, you need to enable the firewall function.
Companies have
Arm linux 3.0
X86 linux 3.2.
X86 linux 2.4.
To enable the firewall function.
Run the "whereis iptables" command. If the result is not empty, the firewall software is installed.
# whereis iptablesiptables: /sbin/iptables /usr/share/iptables /usr/share/man/man8/iptables.8.gzroot@wheezy-armel:~ 9:26:57
Enter the iptables-L command to view the configuration.
# iptables -LChain INPUT (policy ACCEPT)target prot opt source destinationChain FORWARD (policy ACCEPT)target prot opt source destinationChain OUTPUT (policy ACCEPT)target prot opt source destination root@wheezy-armel:~ 9:27:32 #
If this field is null, no firewall is configured.
For more information, see:
# Knowledge:
# Http://blog.chinaunix.net/uid-9950859-id-98279.html
# Http://blog.slogra.com/post-232.html
# Http://www.cnblogs.com/bangerlee/archive/2013/02/27/2935422.html
# Http://blog.chinaunix.net/uid-26495963-id-3279216.html
Save this file and load the rule to make it take effect. Note that iptables does not need to be restarted, and once the rule is loaded, it becomes
Sudo iptables-restore </etc/iptables. test. rules
Then check the latest configuration. All settings should take effect.
Sudo iptables-L
Step 4: Save the effective configuration so that the valid configuration is automatically loaded when the system restarts.
Iptables allows you to save the currently running rules.
Iptables-save>/etc/iptables. up. rules
An error is reported when the result is executed.
# iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied:" --log-level 7iptables: No chain/target/match by that name.
Online Search lacks Kernel Modules
root@wheezy-armel:~ 9:30:27 # lsmod |grep iptablesroot@wheezy-armel:~ 9:31:04 #
No output.
root@wheezy-armel:~ 9:31:04 # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPTiptables: No chain/target/match by that name.
An error is reported if-m state RELATED or ESTABLISHED is found later.
Is the tcp connection status:
New established related invalid does not seem to be able to process.
Iptables-t filter-a input-s 172.16.0.0/16-p udp -- dport 53-j DROP: iptables-t filter-r input 1-s 172.16.0.0/16-p udp -- dport 53-j REJECT
If you use DROP, an error is returned when you use REJECT.
Finally changed:
Common ACTION: DROP: quietly discard generally we use DROP to hide our identity and hide our linked list REJECT: explicitly reject accept: ACCEPT custom_chain: switch to a custom chain dnat snat masquerade: Source Address disguised REDIRECT: Redirection: Mainly used for port redirection MARK: Firewall flag RETURN: RETURN after the custom chain is executed, use the RETURN, to return the original rule chain.
Simply put, you can only use low-level functions, but not advanced functions.
The last modified command file is
# Generated by iptables-save v1.4.14 on Tue May 6 14:54:02 2014 # knowledge: # http://blog.chinaunix.net/uid-9950859-id-98279.html# http://blog.slogra.com/post-232.html# http://www.cnblogs.com/bangerlee/archive/2013/02/27/2935422.html# http://blog.chinaunix.net/uid-26495963-id-3279216.html#1.PREROUTING (before routing) #2. INPUT (packet inbound port) #3. FORWARD (forwarding manager) #4. OUTPUT (data packet egress) #5. POSTROUTING (after routing) * filter: input accept []: FORW Ard accept [0: 0]: output accept [0: 0] # Allow the local loopback interface (that is, run the local machine to access the local machine) #-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT # Allow local loopback interface (that is, run the local machine to access the local machine) -a input-I lo-j ACCEPT # Allow access from all hosts-A OUTPUT-j ACCEPT # arm linux 3.0 unavailable... #-a input-d 127.0.0.0/8! -I lo-j REJECT -- reject-with icmp-port-unreachable #-A INPUT-m state -- state RELATED, ESTABLISHED-j ACCEPT # Allows xxxx port Allows access to xxxx ports # xxx or xxx may have multiple ports. Please add them here. # Here Is tcp-a input-p tcp-m tcp -- dport 1234-j ACCEPT # Here is udp #-a input-p udp-m udp -- dport 1234-j ACCEPT # allows Mysql port Allows access to the mysql port #-a input-p tcp-m tcp -- dport 3306-j ACCEPT-A INPUT-p tcp -- dport 3306-j ACCEPT # Allows SSH por T # *** if you do not allow this, you should cry first. # *** if you do not allow this, you should cry first. -a input-p tcp -- dport 22-j ACCEPT #-a input-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT # Allow ping and disable ping, 2. Select 1. -a input-p icmp-m icmp -- icmp-type 8-j ACCEPT # disable ping #-a input-p icmp-m icmp -- icmp-type 8-j DROP # record log function, arm linux 3.0 is unavailable... #-a input-m limit -- limit 5/min-j LOG -- log-prefix "iptables denied:" -- log-level 7 # arm linux 3. 0 unavailable... #-a input-j REJECT -- reject-with icmp-port-unreachable # arm linux 3.0 unavailable... #-a forward-j REJECT -- reject-with icmp-port-unreachable # REJECT undefined rules. (Note: If port 22 is not added with the permit rules, the SSH link will be directly disconnected .) REJECT-A INPUT-j DROP-a forward-j drop commit # Completed on Tue May 6 14:54:02 2014 # Generated by iptables-save v1.4.14 on Tue May 6 14:54:09 2014