
要禁用 iptables 很简单,曲线救国,禁用掉模块就好了:
$ cat /etc/modprobe.d/blacklist-iptables.conf
alias ip_tables off
alias iptable off
alias iptable_nat off
alias iptable_filter off
alias nf_nat off
alias nf_conntrack_ipv4 off
alias nf_conntrack off
alias nf_defrag_ipv4 off
alias x_tables off
alias xt_limit off
alias xt_tcpudp off
alias xt_multiport off
alias ipt_REJECT off
alias ipt_LOG off
再启用上面的文件之前,记得先把 iptables 规则清空、rmmod 掉对应的模块。netfilter这也是另外一种防止 『dropping packet』 的方式。netfilter
netfilter 的模块在 /lib/modules/2.6.32-38-server/kernel/net/ipv4/netfilter/ 里面。
通过 systool 可以看到被加载模块的 section:
# systool -v -m ip_tables
Module = ip_tables
Attributes:
initstate = live
refcnt = 1
srcversion = DC18D42211BCD06DB350605
Sections:
.bss = 0xffffffffa0032d60
.data = 0xffffffffa00328e0
.data.read_mostly = 0xffffffffa0032980
.exit.text = 0xffffffffa00324fc
.gnu.linkonce.this_module= 0xffffffffa0032b00
.init.text = 0xffffffffa000c000
.note.gnu.build-id = 0xffffffffa0032568
.parainstructions = 0xffffffffa0032650
.ref.text = 0xffffffffa0032550
.rodata = 0xffffffffa00325a0
.rodata.str1.1 = 0xffffffffa00325c8
.rodata.str1.8 = 0xffffffffa0032680
.strtab = 0xffffffffa000cf78
.symtab = 0xffffffffa000c0c0
.text = 0xffffffffa002f000
__kcrctab = 0xffffffffa0032770
本文来自电脑杂谈,转载请注明本文网址:
http://www.pc-fly.com/a/jisuanjixue/article-31883-1.html
折腾能让我们尽加快实现统一祖国的愿望