iptables
参数
-p,--protocol 协议
-s,--source 源
-d,--destination 目的
-j,--jump 动作
-g,--goto chain 跳转
-i,--in-interface 入接口
-o,--out-interface 出接口
-f,--fragment 分片
-c,--set-counters 设置计数器
表 Tables 链 Chains
filter
- input: packets going to local sockets
- forward: packets routed through the server
- output: locally generated packets
nat
- prerouting: designating packets when they come in
- output: locally generated packets before routing takes place
- postrouting: altering packets on the way out
mangle
- prerouting: incoming packets
- postrouting: outgoing packets
- output: locally generated packets that are being altered
- input: packets coming directly into the server
- forward: packets being routed through the server
raw
- prerouting: packets that arrive by the network interface
- outpu: processes that are locally generated
security
used for mandatory access control(MAC) rules.
- input: packets entering the server
- output: locally generated packets
- forward: packets passing through the server
options
-A --append add one or more rules to the end of the selected chain
-C --check check for a rule matching the specifications in the selected chain
-D --delete delete one or more rules from the selected chain
-F --flush delete all the rules one-by-one
-I --insert insert one or more rules into the selected chain as the give rule number
-L --List display the rules in the selected chain
-n --numeric display the ip address or hostname add post number in numeric format
-N --new-chain <NAME> create a new USER-DEFINED chain
-R replace
-v --verbose provide more information when used with the list option
-X --delete-chain <NAME> delete the user-defined chain
用法举例
接受访问8080端口的链接并设置规则序号为7
iptalbes -I INPUT 7 -p tcp --dport 8080 -m state --state NEW -j ACCEPT
iptables -L -nv的输出结果