iptables详解(8)iptables自定义链
自定义链存在的意义:对链进行分类
target可能是一个“动作“也可能是一个”自定义链”
1.新增自定义链。
1 2 3 4 5 6 7 8 9 10 11 12 13 | root@ubuntu:~# iptables -t filter -N IN_WEB#结果root@ubuntu:~# iptables -nvLChain INPUT (policy ACCEPT 23 packets, 1448 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 16 packets, 1212 bytes) pkts bytes target prot opt in out source destination Chain IN_WEB (0 references) pkts bytes target prot opt in out source destination |
2.引用自定义链。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | root@ubuntu:~# iptables -t filter -I INPUT -p tcp --dport 80 -j IN_WEB#结果root@ubuntu:~# iptables -nvLChain INPUT (policy ACCEPT 11 packets, 770 bytes) pkts bytes target prot opt in out source destination 0 0 IN_WEB tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 480 bytes) pkts bytes target prot opt in out source destination Chain IN_WEB (1 references) pkts bytes target prot opt in out source destination |
3.重命名自定义链。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | root@ubuntu:~# iptables -E IN_WEB WEBroot@ubuntu:~# iptables -nvLChain INPUT (policy ACCEPT 53 packets, 3639 bytes) pkts bytes target prot opt in out source destination 0 0 WEB tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 36 packets, 2840 bytes) pkts bytes target prot opt in out source destination Chain WEB (1 references) pkts bytes target prot opt in out source destination |
4.删除自定义链。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | root@ubuntu:~# iptables -X WEBiptables: Too many links.#被引用了无法删除root@ubuntu:~# iptables --line -nvLChain INPUT (policy ACCEPT 366 packets, 32141 bytes)num pkts bytes target prot opt in out source destination 1 0 0 WEB tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 137 packets, 11248 bytes)num pkts bytes target prot opt in out source destination Chain WEB (1 references)num pkts bytes target prot opt in out source destination #删除引用自定义链的条目root@ubuntu:~# iptables -D INPUT 1root@ubuntu:~# root@ubuntu:~# iptables -nvLChain INPUT (policy ACCEPT 70 packets, 4797 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 35 packets, 2848 bytes) pkts bytes target prot opt in out source destination Chain WEB (0 references) pkts bytes target prot opt in out source destination #可正常删除root@ubuntu:~# iptables -X WEBroot@ubuntu:~# root@ubuntu:~# iptables -nvLChain INPUT (policy ACCEPT 33 packets, 2104 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 23 packets, 1860 bytes) pkts bytes target prot opt in out source destination |
删除的条件:
1.自定义链中无规则
2.自定义链没有被其他的链所引用
声明 欢迎转载,但请保留文章原始出处:) 博客园:https://www.cnblogs.com/chenxiaomeng/
如出现转载未声明 将追究法律责任~谢谢合作
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
2019-02-27 yum无法正常安装,提示如下 There are no enabled repos Run "yum repolist all"
2019-02-27 Ubuntu14.04切换root用户
2019-02-27 【AAA】AAA协议介绍