# 查看 ```bash # hostnamectl Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-957.12.1.el7.x86_64 Architecture: x86-64 ``` ```bash E0314 18:12:59.860611 18056 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed E0406 08:55:09.016861 14011 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed E0501 22:26:04.529463 25878 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed E0506 11:18:24.209635 26103 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed E0506 11:18:48.060733 26595 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed E0506 11:20:10.861899 27305 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed E0506 11:24:45.973404 27939 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 6 failed E0506 11:26:47.890014 29052 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed E0526 11:19:26.737418 6591 proxier.go:1187] Failed to execute iptables-restore: exit status 2 (iptables-restore v1.4.21: Couldn't load target `KUBE-MARK-DROP':No such file or directory Try `iptables-restore -h' or 'iptables-restore --help' for more information. #### I0528 16:53:50.862567 12228 iptables.go:327] running iptables-save [-t nat] I0528 16:53:50.865041 12228 iptables.go:391] running iptables-restore [-w 5 -T nat --noflush --counters] E0528 16:53:50.873001 12228 proxier.go:430] Failed to execute iptables-restore for nat: exit status 1 (iptables-restore: line 7 failed ) ``` ```bash sudo iptables --version iptables v1.4.21 sudo iptables-restore --help Usage: iptables-restore [-b] [-c] [-v] [-V] [-t] [-h] [-W usecs] [ --binary ] [ --counters ] [ --verbose ] [ --version] [ --test ] [ --help ] [ --noflush ] [ --wait= [ --wait-interval= [ --table= ] [ --modprobe=] ``` # 编译 ```bash ## 安装gcc等依赖 sudo yum install -y net-tools curl wget git vim jq socat conntrack ipvsadm ipset sysstat libseccomp gcc gcc-c++ cmake make bzip2 automake autoconf libtool flex bison pcre-devel zlib-devel openssl openssl-devel bridge-utils bind-utils sudo yum install -y libnfnetlink-devel libnl3 libnl3-devel systemd-devel libuuid-devel sudo yum install -y device-mapper-persistent-data lvm2 sudo yum install -y libmnl-devel libnftnl-devel libnetfilter_conntrack-devel libnetfilter_queue-devel libpcap-devel ## 下载 wget http://ftp.netfilter.org/pub/iptables/iptables-1.6.2.tar.bz2 tar -xjf iptables-1.6.2.tar.bz2 cd iptables-1.6.2 ./configure --prefix=/usr/local --with-xt-lock-name=/var/run/xtables.lock --enable-libipq --enable-nfsynproxy --enable-bpf-compiler ## 编译 make ## 安装 sudo make install ## 替换 sudo rm -rf /usr/sbin/iptables sudo rm -rf /usr/sbin/iptables-restore sudo rm -rf /usr/sbin/iptables-save sudo rm -rf /usr/bin/iptables-xml sudo ln -s /usr/local/sbin/xtables-multi /usr/bin/iptables-xml sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables-restore sudo ln -s /usr/local/sbin/xtables-multi /usr/sbin/iptables-save ## 查看版本 iptables --version iptables v1.6.2 ## 查看iptables-restore sudo iptables-restore --help Usage: iptables-restore [-c] [-v] [-V] [-t] [-h] [-n] [-w secs] [-W usecs] [-T table] [-M command] [ --counters ] [ --verbose ] [ --version] [ --test ] [ --help ] [ --noflush ] [ --wait= [ --wait-interval= [ --table=
] [ --modprobe= ] ## 重启电脑 sudo reboot ``` # 报错 ```bash *** Error: No suitable libmnl found. *** Please install the 'libmnl' package Or consider --disable-nftables to skip iptables-compat over nftables support. *** Error: no suitable libnftnl found. *** Please install the 'libnftnl' package Or consider --disable-nftables to skip iptables-compat over nftables support. ---> Package libmnl-devel.x86_64 0:1.0.3-7.el7 will be installed ---> Package libnftnl.x86_64 0:1.0.8-1.el7 will be installed ---> Package libnetfilter_conntrack-devel.x86_64 0:1.0.6-1.el7_3 will be installed ---> Package libnetfilter_queue-devel.x86_64 0:1.0.2-2.el7_2 will be installed Iptables Configuration: IPv4 support: yes IPv6 support: yes Devel support: yes IPQ support: no Large file support: yes BPF utils support: no nfsynproxy util support: no nftables support: yes connlabel support: no Build parameters: Put plugins into executable (static): no Support plugins via dlopen (shared): yes Installation prefix (--prefix): /usr/local Xtables extension directory: /usr/local/lib/xtables Pkg-config directory: /usr/local/lib/pkgconfig Xtables lock file: /run/xtables.lock Host: x86_64-pc-linux-gnu GCC binary: gcc Iptables modules that will not be built: connlabel WARNING: libnetfilter_conntrack not found, connlabel match will not be built checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating extensions/GNUmakefile config.status: creating include/Makefile config.status: creating iptables/Makefile config.status: creating iptables/xtables.pc config.status: creating iptables/iptables.8 config.status: creating iptables/iptables-extensions.8.tmpl config.status: creating iptables/iptables-save.8 config.status: creating iptables/iptables-restore.8 config.status: creating iptables/iptables-apply.8 config.status: creating iptables/iptables-xml.1 config.status: creating libipq/Makefile config.status: creating libipq/libipq.pc config.status: creating libiptc/Makefile config.status: creating libiptc/libiptc.pc config.status: creating libiptc/libip4tc.pc config.status: creating libiptc/libip6tc.pc config.status: creating libxtables/Makefile config.status: creating utils/Makefile config.status: creating include/xtables-version.h config.status: creating include/iptables/internal.h config.status: creating utils/nfnl_osf.8 config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands Iptables Configuration: IPv4 support: yes IPv6 support: yes Devel support: yes IPQ support: no Large file support: yes BPF utils support: no nfsynproxy util support: no nftables support: yes connlabel support: no Build parameters: Put plugins into executable (static): no Support plugins via dlopen (shared): yes Installation prefix (--prefix): /usr/local Xtables extension directory: /usr/local/lib/xtables Pkg-config directory: /usr/local/lib/pkgconfig Xtables lock file: /run/xtables.lock Host: x86_64-pc-linux-gnu GCC binary: gcc Iptables modules that will not be built: connlabel Iptables Configuration: IPv4 support: yes IPv6 support: yes Devel support: yes IPQ support: no Large file support: yes BPF utils support: no nfsynproxy util support: no nftables support: yes connlabel support: yes error: missing libpcap library required by bpf compiler or nfsynproxy tool Iptables Configuration: IPv4 support: yes IPv6 support: yes Devel support: yes IPQ support: yes Large file support: yes BPF utils support: yes nfsynproxy util support: yes nftables support: yes connlabel support: yes Build parameters: Put plugins into executable (static): no Support plugins via dlopen (shared): yes Installation prefix (--prefix): /usr/local Xtables extension directory: /usr/local/lib/xtables Pkg-config directory: /usr/local/lib/pkgconfig Xtables lock file: /var/run/xtables.lock Host: x86_64-pc-linux-gnu GCC binary: gcc ``` # 参考