Linux iptables命令详解

iptables命令主要是设置防火墙信息的

常见命令参数

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

Usage: iptables -[AD] chain rule-specification [options]        iptables -I chain [rulenum] rule-specification [options]        iptables -R chain rulenum rule-specification [options]        iptables -D chain rulenum [options]        iptables -[LS] [chain [rulenum]] [options]        iptables -[FZ] [chain] [options]        iptables -[NX] chain        iptables -E old-chain-name new-chain-name        iptables -P chain target [options]        iptables -h (print this help information)   Commands: Either long or short options are allowed.   --append  -A chain            Append to chain   --delete  -D chain            Delete matching rule from chain   --delete  -D chain rulenum                                 Delete rule rulenum (1 = first) from chain   --insert  -I chain [rulenum]                                 Insert in chain as rulenum (default 1=first)   --replace -R chain rulenum                                 Replace rule rulenum (1 = first) in chain   --list    -L [chain [rulenum]]                                 List the rules in a chain or all chains   --list-rules -S [chain [rulenum]]                                 Print the rules in a chain or all chains   --flush   -F [chain]          Delete all rules in  chain or all chains   --zero    -Z [chain [rulenum]]                                 Zero counters in chain or all chains   --new     -N chain            Create a new user-defined chain   --delete-chain             -X [chain]          Delete a user-defined chain   --policy  -P chain target                                 Change policy on chain to target   --rename-chain             -E old-chain new-chain                                 Change chain name, (moving any references)

常见命令展示

1、查看

?

1 2 3 4 5 6

iptables -nL --line-number   -L 查看当前表的所有规则，默认查看的是filter表，如果要查看NAT表，加上-t NAT参数 -n 不对ip地址进行反查，加上这个参数显示速度会快很多 -v 输出详细信息，包含通过该规则的数据包数量，总字节数及相应的网络接口 –line-number 显示规则的序列号，这个参数在删除或修改规则时会用到

 

2、添加

添加规则有两个参数：-A和-I。其中-A是添加到规则的末尾；-I可以插入到指定位置，没有指定位置的话默认插入到规则的首部。  

?

1 2 3 4

# 2.1添加一条规则到尾部： iptables -A INPUT -s 192.168.1.5 -j DROP # 2.2插入一条规则到第三行，将行数直接写到规则链的后面 iptables -I INPUT 3 -s 192.168.1.3 -j DROP

3、删除

# 删除第二行规则 iptables -D INPUT 2

4、修改

?

1 2	# 修改用-R参数 iptables -R INPUT 3 -j ACCEPT