查看

1
2
3
4
5
# hostnamectl
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-957.12.1.el7.x86_64
      Architecture: x86-64
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
E0314 18:12:59.860611   18056 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
E0406 08:55:09.016861   14011 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
E0501 22:26:04.529463   25878 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed
E0506 11:18:24.209635   26103 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
E0506 11:18:48.060733   26595 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
E0506 11:20:10.861899   27305 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed
E0506 11:24:45.973404   27939 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed
E0506 11:26:47.890014   29052 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
E0526 11:19:26.737418    6591 proxier.go:1187] Failed to execute iptables-restore: exit status 2 (iptables-restore v1.4.21: Couldn't load target `KUBE-MARK-DROP':No such file or directory
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
####
I0528 16:53:50.862567   12228 iptables.go:327] running iptables-save [-t nat]
I0528 16:53:50.865041   12228 iptables.go:391] running iptables-restore [-w 5 -T nat --noflush --counters]
E0528 16:53:50.873001   12228 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed
)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
sudo iptables --version
iptables v1.4.21
sudo iptables-restore --help
Usage: iptables-restore [-b] [-c] [-v] [-V]  [-t] [-h] [-W usecs]
	   [ --binary ]
	   [ --counters ]
	   [ --verbose ]
	   [ --version]
	   [ --test ]
	   [ --help ]
	   [ --noflush ]
	   [ --wait=<seconds>
	   [ --wait-interval=<usecs>
	   [ --table=<TABLE> ]
	   [ --modprobe=<command>]

编译

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
## 安装gcc等依赖
sudo yum install -y net-tools curl wget git vim jq socat conntrack ipvsadm ipset sysstat libseccomp gcc gcc-c++ cmake make bzip2 automake autoconf libtool flex bison pcre-devel zlib-devel openssl openssl-devel bridge-utils bind-utils
sudo yum install -y libnfnetlink-devel libnl3 libnl3-devel systemd-devel libuuid-devel
sudo yum install -y device-mapper-persistent-data lvm2
sudo yum install -y libmnl-devel libnftnl-devel libnetfilter_conntrack-devel libnetfilter_queue-devel libpcap-devel
## 下载
wget http://ftp.netfilter.org/pub/iptables/iptables-1.6.2.tar.bz2
tar -xjf iptables-1.6.2.tar.bz2
cd iptables-1.6.2
./configure --prefix=/usr/local --with-xt-lock-name=/var/run/xtables.lock --enable-libipq --enable-nfsynproxy --enable-bpf-compiler
## 编译
make
## 安装
sudo make install
## 替换
sudo rm -rf /usr/sbin/iptables
sudo rm -rf /usr/sbin/iptables-restore
sudo rm -rf /usr/sbin/iptables-save
sudo rm -rf /usr/bin/iptables-xml
sudo ln -s /usr/local/sbin/xtables-multi /usr/bin/iptables-xml 
sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables 
sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables-restore 
sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables-save 
## 查看版本
iptables --version
iptables v1.6.2
## 查看iptables-restore
sudo iptables-restore --help
Usage: iptables-restore [-c] [-v] [-V] [-t] [-h] [-n] [-w secs] [-W usecs] [-T table] [-M command]
	   [ --counters ]
	   [ --verbose ]
	   [ --version]
	   [ --test ]
	   [ --help ]
	   [ --noflush ]
	   [ --wait=<seconds>
	   [ --wait-interval=<usecs>
	   [ --table=<TABLE> ]
	   [ --modprobe=<command> ]
## 重启电脑
sudo reboot

报错

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
*** Error: No suitable libmnl found. ***
    Please install the 'libmnl' package
    Or consider --disable-nftables to skip
    iptables-compat over nftables support.

*** Error: no suitable libnftnl found. ***
    Please install the 'libnftnl' package
    Or consider --disable-nftables to skip
    iptables-compat over nftables support.

---> Package libmnl-devel.x86_64 0:1.0.3-7.el7 will be installed
---> Package libnftnl.x86_64 0:1.0.8-1.el7 will be installed
---> Package libnetfilter_conntrack-devel.x86_64 0:1.0.6-1.el7_3 will be installed
---> Package libnetfilter_queue-devel.x86_64 0:1.0.2-2.el7_2 will be installed



Iptables Configuration:
  IPv4 support:				yes
  IPv6 support:				yes
  Devel support:			yes
  IPQ support:				no
  Large file support:			yes
  BPF utils support:			no
  nfsynproxy util support:		no
  nftables support:			yes
  connlabel support:			no

Build parameters:
  Put plugins into executable (static):	no
  Support plugins via dlopen (shared):	yes
  Installation prefix (--prefix):	/usr/local
  Xtables extension directory:		/usr/local/lib/xtables
  Pkg-config directory:			/usr/local/lib/pkgconfig
  Xtables lock file:			/run/xtables.lock
  Host:					x86_64-pc-linux-gnu
  GCC binary:				gcc

Iptables modules that will not be built:  connlabel




WARNING: libnetfilter_conntrack not found, connlabel match will not be built
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating extensions/GNUmakefile
config.status: creating include/Makefile
config.status: creating iptables/Makefile
config.status: creating iptables/xtables.pc
config.status: creating iptables/iptables.8
config.status: creating iptables/iptables-extensions.8.tmpl
config.status: creating iptables/iptables-save.8
config.status: creating iptables/iptables-restore.8
config.status: creating iptables/iptables-apply.8
config.status: creating iptables/iptables-xml.1
config.status: creating libipq/Makefile
config.status: creating libipq/libipq.pc
config.status: creating libiptc/Makefile
config.status: creating libiptc/libiptc.pc
config.status: creating libiptc/libip4tc.pc
config.status: creating libiptc/libip6tc.pc
config.status: creating libxtables/Makefile
config.status: creating utils/Makefile
config.status: creating include/xtables-version.h
config.status: creating include/iptables/internal.h
config.status: creating utils/nfnl_osf.8
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands

Iptables Configuration:
  IPv4 support:				yes
  IPv6 support:				yes
  Devel support:			yes
  IPQ support:				no
  Large file support:			yes
  BPF utils support:			no
  nfsynproxy util support:		no
  nftables support:			yes
  connlabel support:			no

Build parameters:
  Put plugins into executable (static):	no
  Support plugins via dlopen (shared):	yes
  Installation prefix (--prefix):	/usr/local
  Xtables extension directory:		/usr/local/lib/xtables
  Pkg-config directory:			/usr/local/lib/pkgconfig
  Xtables lock file:			/run/xtables.lock
  Host:					x86_64-pc-linux-gnu
  GCC binary:				gcc

Iptables modules that will not be built:  connlabel


Iptables Configuration:
  IPv4 support:				yes
  IPv6 support:				yes
  Devel support:			yes
  IPQ support:				no
  Large file support:			yes
  BPF utils support:			no
  nfsynproxy util support:		no
  nftables support:			yes
  connlabel support:			yes


error: missing libpcap library required by bpf compiler or nfsynproxy tool


Iptables Configuration:
  IPv4 support:				yes
  IPv6 support:				yes
  Devel support:			yes
  IPQ support:				yes
  Large file support:			yes
  BPF utils support:			yes
  nfsynproxy util support:		yes
  nftables support:			yes
  connlabel support:			yes

Build parameters:
  Put plugins into executable (static):	no
  Support plugins via dlopen (shared):	yes
  Installation prefix (--prefix):	/usr/local
  Xtables extension directory:		/usr/local/lib/xtables
  Pkg-config directory:			/usr/local/lib/pkgconfig
  Xtables lock file:			/var/run/xtables.lock
  Host:					x86_64-pc-linux-gnu
  GCC binary:				gcc

参考