我的iptables不断成长...
当我这样做时sudo iptables -L | wc -l,它会显示一个数字,如果我稍后再这样做,该数字就会上升。
它似乎每 2 秒增加 1。
我试图重新启动,没有改变任何东西......
我上线了 Ubuntu 16.04.6
我确实喜欢@Artem 提到的:
sudo iptables-save > /tmp/ipt.dump1
# Wait a few seconds
sudo iptables-save > /tmp/ipt.dump2
diff -u /tmp/ipt.dump1 /tmp/ipt.dump2
我得到了这个结果:
--- /tmp/ipt.dump1 2020-07-20 17:39:27.443308154 +0900
+++ /tmp/ipt.dump2 2020-07-20 17:39:40.831173660 +0900
@@ -1,9 +1,9 @@
-# Generated by iptables-save v1.6.0 on Mon Jul 20 17:39:27 2020
+# Generated by iptables-save v1.6.0 on Mon Jul 20 17:39:40 2020
*nat
-:PREROUTING ACCEPT [545:78025]
-:INPUT ACCEPT [545:78025]
-:OUTPUT ACCEPT [2686:163879]
-:POSTROUTING ACCEPT [2686:163879]
+:PREROUTING ACCEPT [547:78264]
+:INPUT ACCEPT [547:78264]
+:OUTPUT ACCEPT [2726:166287]
+:POSTROUTING ACCEPT [2726:166287]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
@@ -12,12 +12,12 @@
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 8501 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
-# Completed on Mon Jul 20 17:39:27 2020
-# Generated by iptables-save v1.6.0 on Mon Jul 20 17:39:27 2020
+# Completed on Mon Jul 20 17:39:40 2020
+# Generated by iptables-save v1.6.0 on Mon Jul 20 17:39:40 2020
*filter
-:INPUT ACCEPT [11:1274]
+:INPUT ACCEPT [38:5571]
:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [7:464]
+:OUTPUT ACCEPT [9:720]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
@@ -829,6 +829,14 @@
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
+-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
@@ -841,4 +849,4 @@
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
-# Completed on Mon Jul 20 17:39:27 2020
+# Completed on Mon Jul 20 17:39:40 2020
我按照这个来跟踪进程:
git clone https://github.com/brendangregg/perf-tools.git
cd perf-tools
sudo ./execsnoop
然后我进行过滤以仅查看与 iptables 相关的内容:
sudo ./execsnoop | grep iptables
每 1.5 秒我有 2 个新进程:
8596 8595 iptables -L INPUT
8599 8534 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
8705 8704 iptables -L INPUT
8708 8643 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
8814 8813 iptables -L INPUT
8817 8752 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
8923 8922 iptables -L INPUT
8926 8861 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9033 9032 iptables -L INPUT
9036 8971 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9142 9141 iptables -L INPUT
9145 9080 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9251 9250 iptables -L INPUT
9254 9189 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9360 9359 iptables -L INPUT
9363 9298 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9469 9468 iptables -L INPUT
9472 9407 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9578 9577 iptables -L INPUT
9581 9516 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
9687 9686 iptables -L INPUT
9690 9625 iptables -I INPUT -s 127.0.0.1 -j ACCEPT
但这并不能帮助我找到根本原因...
请执行以下操作:
sudo iptables-save > /tmp/ipt.dump1
几秒钟后
sudo iptables-save > /tmp/ipt.dump2
那么请发帖 diff -u /tmp/ipt.dump1 /tmp/ipt.dump2
至少你会知道你在处理什么。
作为最后的手段,我会做以下事情:
sudo mv /sbin/iptables /sbin/iptables.real
然后创建一个 bash 脚本,例如
#! /bin/bash
echo "`date`: I was called by $PPID `readlink /proc/$PPID/exe` " >> /tmp/iptables.log
/sbin/iptables.real "$@"
这将让您找出iptables不断调用的进程。
| 归档时间: |
|
| 查看次数: |
75 次 |
| 最近记录: |