解决报错Error: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: ip

admin

[root@vpnserver firewalld]# firewall-cmd --reload
3 W7 i, P/ S9 f3 zError: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: unknown option "-O"
3 b8 m* R, R4 \2 k9 o( ]0 r; ]Error occurred at line: 2
/ P( @" a' f" r: H/ ?* |Try `iptables-restore -h' or 'iptables-restore --help' for more information.
$ y/ `8 f5 T% y: n5 U9 v
上面报错
解决办法：
- @& l! E& x/ T) w9 x1 O% ]! p0 v
到/etc/firewalld目录下：
4 ^$ P  w% u# p" T, j
9 M: {$ j- _: ^0 i- A# ][root@vpnserver firewalld]# vim direct.xml
+ q- M' z% X: \注释掉前两行即可：

<?xml version="1.0" encoding="utf-8"?>
# R- `6 ]% Q/ @% J# Z' o. u<direct>
) H& b8 T) a7 n8 I) x  <passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -O ens33 -j MASQUERADE</passthrough>
  <passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -0 ens33 -j MASQUERADE</passthrough>
! }& N# R8 b" b% _( Z  <passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -o ens33 -j MASQUERADE</passthrough>
</direct>

改后的文件内容：
! q& T9 s4 N1 G3 }" x8 p# C: [8 ]
<?xml version="1.0" encoding="utf-8"?>
<direct>
, |/ t. d7 j- V3 G  <!--<passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -O ens33 -j MASQUERADE</passthrough> -->
  <!--<passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -0 ens33 -j MASQUERADE</passthrough> -->
  <passthrough ipv="ipv4">-t nat -A POSTROUTING -s 10.10.10.0/24 -o ens33 -j MASQUERADE</passthrough>
1 E* K- `9 k( r% `( z' i2 q% h, |</direct>

: j6 t0 m$ D% @
4 c1 K% D: H1 F' R% ?( f' \
0 c: r: I1 V- K[root@vpnserver firewalld]# firewall-cmd --reload
success
, ]. Y4 |1 K- c& s7 S不再报错。
# q, z7 `4 C6 |8 J9 L' w6 ], T
$ r9 b* Z, X2 A) Y* k7 S; v  N
6 g9 S8 u2 I. b7 _5 E3 X2 P2 P, S问题解决。