Question: After configuring firewall iptables in centos7, systemctl status iptables.service when starting to view the startup status
Not only failed to start, but also failed to stop, I found that the cause of the problem was the iptables configuration error in vim /etc/sysconfig/iptables,
1. The reason for the startup failure error is:
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited)
These two sentences are not placed on the port I configured. There must be an error. For the specific meaning, please refer to the website: https://blog.csdn.net/taiyang1987912/article/details/40189371 (Thank you to the author Utopia No. 2 ), so the service will be stopped. fail.
2. The reason for the startup failure error is:
Because centos 7.0 is not managed by iptables by default , but by firewalld. Cent OS6.0 firewall is managed with iptables .
For details, please refer to https://blog.csdn.net/ls1645/article/details/78750561 (thanks to the author Li Shuang11 ).
Workaround: (in case of using iptables)
- service iptables save
- #or
- /usr/libexec/iptables/iptables.init save