解决 service iptables save 报错 please try to use systemctl

本文档根据 service iptables save 报错 please try to use systemctl 提供解决方案。报错

[root@Jaking ~]# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.

解决方法停止 firewalld

[root@Jaking ~]# systemctl stop firewalld
[root@Jaking ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

安装 iptables-services

[root@Jaking ~]# yum install -y iptables-services

开启 iptables

[root@Jaking ~]# service iptables start
Redirecting to /bin/systemctl start iptables.service

还可以使用 systemctl 来控制 iptables

systemctl [start|status|stop|restart|enable] iptables

把 iptables 加到开机启动项中

[root@Jaking ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

清空防火墙

[root@Jaking ~]# iptables -F

保存防火墙规则

[root@Jaking ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
# 或者
[root@Jaking ~]# /usr/libexec/iptables/iptables.init save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]

docker千万注意   docker role规则不见重启docker即可
[root@linux-node1 ~]# vim /etc/sysconfig/iptables
..........
#-A INPUT -j REJECT --reject-with icmp-host-prohibited         //这两行最好是注释掉。在一般的白名单设置中，如果这两行不注释，也会造成iptables对端口的设置无效
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
[root@linux-node1 ~]# service iptables restart