参数

-p,--protocol			协议
-s,--source			源
-d,--destination		目的
-j,--jump			动作
-g,--goto chain				
-i,--in-interface	
-o,--out-interface	
-f,--fragment		
-c,--set-counters	

表 Tables 链 Chains

filter
 - input: packets going to local sockets
 - forward: packets routed through the server
 - output: locally generated packets
nat
 - prerouting: designating packets when they come in
 - output: locally generated packets before routing takes place
 - postrouting: altering packets on the way out
mangle
 - prerouting: incoming packets
 - postrouting: outgoing packets
 - output: locally generated packets that are being altered
 - input: packets coming directly into the server
 - forward: packets being routed through the server
raw
 - prerouting: packets that arrive by the network interface
 - outpu: processes that are locally generated
security
 used for mandatory access control(MAC) rules.
 - input: packets entering the server
 - output: locally generated packets
 - forward: packets passing through the server

options

-A --append add one or more rules to the end of the selected chain

-C --check check for a rule matching the specifications in the selected chain

-D --delete delete one or more rules from the selected chain

-F --flush delete all the rules one-by-one

-I --insert insert one or more rules into the selected chain as the give rule number

-L --List display the rules in the selected chain

-n --numeric display the ip address or hostname add post number in numeric format

-N --new-chain <NAME> create a new USER-DEFINED chain

-R replace

-v --verbose provide more information when used with the list option

-X --delete-chain <NAME> delete the user-defined chain

用法举例

接受访问8080端口的链接并设置规则序号为7

iptalbes -I INPUT 7 -p tcp --dport 8080 -m state --state NEW -j ACCEPT

此时查看iptables -L -nv的输出结果

本文采用 知识共享署名 4.0 国际许可协议(CC-BY 4.0)进行许可。转载请注明来源: https://snowfrs.com/2016/05/01/iptables.html 欢迎对文中引用进行考证,欢迎指出任何不准确和模糊之处。