control network traffic with iptables
参数
-p,--protocol 协议
-s,--source 源
-d,--destination 目的
-j,--jump 动作
-g,--goto chain
-i,--in-interface
-o,--out-interface
-f,--fragment
-c,--set-counters
表 Tables 链 Chains
filter
- input: packets going to local sockets
- forward: packets routed through the server
- output: locally generated packets
nat
- prerouting: designating packets when they come in
- output: locally generated packets before routing takes place
- postrouting: altering packets on the way out
mangle
- prerouting: incoming packets
- postrouting: outgoing packets
- output: locally generated packets that are being altered
- input: packets coming directly into the server
- forward: packets being routed through the server
raw
- prerouting: packets that arrive by the network interface
- outpu: processes that are locally generated
security
used for mandatory access control(MAC) rules.
- input: packets entering the server
- output: locally generated packets
- forward: packets passing through the server
options
-A --append
add one or more rules to the end of the selected chain
-C --check
check for a rule matching the specifications in the selected chain
-D --delete
delete one or more rules from the selected chain
-F --flush
delete all the rules one-by-one
-I --insert
insert one or more rules into the selected chain as the give rule number
-L --List
display the rules in the selected chain
-n --numeric
display the ip address or hostname add post number in numeric format
-N --new-chain <NAME>
create a new USER-DEFINED chain
-R
replace
-v --verbose
provide more information when used with the list option
-X --delete-chain <NAME>
delete the user-defined chain
用法举例
接受访问8080端口的链接并设置规则序号为7
iptalbes -I INPUT 7 -p tcp --dport 8080 -m state --state NEW -j ACCEPT
此时查看iptables -L -nv
的输出结果
本文采用 知识共享署名 4.0 国际许可协议(CC-BY 4.0)进行许可。转载请注明来源: https://snowfrs.com/2016/05/01/iptables.html 欢迎对文中引用进行考证,欢迎指出任何不准确和模糊之处。