Job for iptables.service failed because the control process exit with error code 修復
Job for iptables.service failed because the control process exited with error code. See “systemctl status iptables.service” and “journalctl -xe” for details.
今天設定mosh server開啟UPD埠時遇到一個錯誤:
#systemctl start iptables.service
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" 搜了一下其實有很多可能的原因,其中一種原因就是iptables rules有問題。
先看看systemctl status iptables.service 的結果
# systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: failed
Process: 14357 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 14482 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
Main PID: 14482 (code=exited, status=1/FAILURE)
先看看journalctl -xe
Unit iptables.service has begun starting up.
Dec 30 16:30:19 us2 iptables.init[29204]: iptables: Applying firewall rules: iptables-restore: line 40 failed
Dec 30 16:30:19 us2 systemd [1]: iptables.service: main process exited, code=exited, status=1/FAILURE
Dec 30 16:30:19 us2 systemd [1]: Failed to start IPv4 firewall with iptables.
Subject: Unit iptables.service has failed
Defined-By: systemd
Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Unit iptables.service has failed.
The result is failed.
Dec 30 16:30:19 us2 systemd[1]: Unit iptables.service entered failed state.
Dec 30 16:30:19 us2 systemd[1]: iptables.service failed.
Dec 30 16:30:19 us2 iptables.init[29204]: [FAILED]
其實已經比較清楚了,第40行出了問題,所以編輯
/etc/sysconfig/iptables 檔案,其實就是加入的UDP埠開放的那一行出了問題,我是無腦照抄了TCP:
-A INPUT -p tcp -m state --state NEW -m udp --dport 60001:61000 -j ACCEPT
應該改成
-A INPUT -p udp --destination-port 60001:61000 -j ACCEPT
即可。
iptables不熟悉,每次都是照抄,容易犯錯。不過現在centos7都是改用firewalld了,需要好好學習一些firewalld。