什么是iptables命令中的–kerneltz

--kerneltz在手册页中有详细的解释：

  --kerneltz Use the kernel timezone instead of UTC to determine whether a packet meets the time regulations. About kernel timezones: Linux keeps the system time in UTC, and always does so. On boot, system time is initialized from a referential time source. Where this time source has no timezone information, such as the x86 CMOS RTC, UTC will be assumed. If the time source is however not in UTC, userspace should provide the correct system time and timezone to the kernel once it has the information. Local time is a feature on top of the (timezone independent) system time. Each process has its own idea of local time, specified via the TZ environment variable. The kernel also has its own timezone offset vari‐ able. The TZ userspace environment variable specifies how the UTC-based system time is displayed, eg when you run date(1), or what you see on your desktop clock. The TZ string may resolve to different offsets at different dates, which is what enables the automatic time-jumping in userspace. when DST changes. The kernel's timezone offset variable is used when it has to convert between non-UTC sources, such as FAT filesystems, to UTC (since the latter is what the rest of the system uses). The caveat with the kernel timezone is that Linux distributions may ignore to set the kernel timezone, and instead only set the system time. Even if a particular distribution does set the timezone at boot, it is usually does not keep the kernel timezone offset - which is what changes on DST - up to date. ntpd will not touch the kernel timezone, so running it will not resolve the issue. As such, one may encounter a timezone that is always +0000, or one that is wrong half of the time of the year. As such, using --kerneltz is highly discouraged. 

我在手册页中没有看到任何内容，表明--kerneltz是默认的。 而是指定--datestart和--datestop给出的时间将被解释为UTC。

你应该做的是将系统时钟设置为UTC。 这应该解决这个问题，以及你还不知道的其他各种问题。