Job for iptables.service failed because the control process exited with error code. See “systemctl status iptables.service” and “journalctl -xe” for details.
今天设置mosh server打开UPD端口时遇到一个错误:
#systemctl start iptables.service
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.
搜了一下其实有很多可能的原因,其中一种原因就是iptables rules有问题。
先看看systemctl status iptables.service 的结果
# systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2018-12-30 11:03:58 UTC; 52s ago
Process: 14357 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 14482 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
Main PID: 14482 (code=exited, status=1/FAILURE)
先看看journalctl -xe 的结果, 很长,只看最后高亮的部分
Unit iptables.service has begun starting up.
Dec 30 16:30:19 us2 iptables.init[29204]: iptables: Applying firewall rules: iptables-restore: line 40 failed
Dec 30 16:30:19 us2 systemd [1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Dec 30 16:30:19 us2 systemd [1]: Failed to start IPv4 firewall with iptables.
Subject: Unit iptables.service has failed
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Unit iptables.service has failed.
The result is failed.
Dec 30 16:30:19 us2 systemd[1]: Unit iptables.service entered failed state.
Dec 30 16:30:19 us2 systemd[1]: iptables.service failed.
Dec 30 16:30:19 us2 iptables.init[29204]: [FAILED]
其实已经比较清楚了,第40行出了问题,所以编辑
/etc/sysconfig/iptables 文件,其实就是加入的UDP端口开放的那一行出了问题,我是无脑照抄了TCP:
-A INPUT -p tcp -m state --state NEW -m udp --dport 60001:61000 -j ACCEPT
应该改成
-A INPUT -p udp --destination-port 60001:61000 -j ACCEPT
即可。
iptables不熟悉,每次都是照抄,容易犯错。不过现在centos7都是改用firewalld了,需要好好学习一些firewalld。