1. [root@k8s-master harbor]# ps -ef | grep :6443
  2. root     10254  7920  0 18:03 pts/0    00:00:00 grep --color=auto :6443
iptables -nL --line-number

Chain IN_public_allow (1 references)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:6443 ctstate NEW,UNTRACKED
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:2379:2380 ctstate NEW,UNTRACKED
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:10250 ctstate NEW,UNTRACKED
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:10251 ctstate NEW,UNTRACKED
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:10252 ctstate NEW,UNTRACKED
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:10255 ctstate NEW,UNTRACKED
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:8472 ctstate NEW,UNTRACKED
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:443 ctstate NEW,UNTRACKED
10   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53 ctstate NEW,UNTRACKED
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53 ctstate NEW,UNTRACKED
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9153 ctstate NEW,UNTRACKED
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:10254 ctstate NEW,UNTRACKED
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9796 ctstate NEW,UNTRACKED
15   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:2376 ctstate NEW,UNTRACKED
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:30000:32767 ctstate NEW,UNTRACKED
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:6783 ctstate NEW,UNTRACKED
18   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:6783:6784 ctstate NEW,UNTRACKED
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 ctstate NEW,UNTRACKED
20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW,UNTRACKED

删除现在6443的规则

iptables -D INPUT 3

增加你需要开放的IP列表到6443 端口

iptables -I IN_public_allow -s 192.168.77.17 -p tcp --dport 6443 -j ACCEPT
iptables -I IN_public_allow -s 192.168.77.18 -p tcp --dport 6443 -j ACCEPT
iptables -I IN_public_allow -s 192.168.77.19 -p tcp --dport 6443 -j ACCEPT

cat /etc/sysconfig/iptables

要这样保存才会重启生效
service iptables save > /etc/sysconfig/iptables

解决IPtables 服务不能开机自启动的问题

vim autostartiptables.sh
#!/bin/bash
#description: start iptables service
systemctl start iptables.service

-----------------------------------------------
chmod +x /root/autostartiptables.sh
-----------------------------------------------

vim /etc/rc.d/rc.local
bash /root/autostartiptables.sh

-----------------------------------------------

chmod +x /etc/rc.d/rc.local

systemctl start iptables.service

开机自启动iptables失败的原因

开机自启动iptables.service 失败,报错为:Set weaver-no-masq-local doesn't exist.


是因为在cat  /etc/sysconfig/iptables中,定义了一条规则为:
-A WEAVE -m set --match-set weaver-no-masq-local dst -m comment --comment "Prevent SNAT to locally running containers" -j RETURN

CentOS 7.6无法执行service iptables save命令的解决办法

https://www.baishujun.com/archives/7341.html