Linux中iptables自定义链
前言:以前在 Linux 中添加防火墙规则都是添加到默认链中,在新的工作环境中看到自定义的iptables链,刚开始还是有一些懵后来才知道是自定义链😅,自定义链是为了将iptables规则进行分类管理,能够根据业务或服务设置规则,更有效去管理防火墙规则
当iptables规则特别多时,我们需要具备模块化思想,需要将不同目的iptables规则进行归类。
将同一类型的iptables规则作为一个模块(web类,mysql类....),使其更加具有条理性,清爽整洁。
自定义链是除了iptables自带的5个链外,由我们自己定义的新链。
在自定义链中定义的规则不会生效,他需要被内置链引用才可以生效。
删除自定义链,需要将自定义链中的规则先清除,后再删除自定义链。
iptables添加自定义链的方法:
-N:new, 自定义一条新的规则链 。
-E:重命名自定义链;
-X:delete,删除自定义的空的规则链 。
1、创建自定义链
语法
iptables -N 链名
iptables -N test_rule
[root@test 22:27:49 ~]# iptables -L
Chain test_rule (0 references)
target prot opt source destination
现在创建好了1个自定义链,references表示当前链被引用的次数,新创建的链都显示0,说明未被引用。
2、在自定义链上设置规则
iptables -A test_rule -s 192.168.10.144 -p tcp --dport 81 -j DROP
这时候自定义链的规则还不能使用,必须借助于默认链来是实现。自定义链应该被哪调默认的链引用,取决于应用场景,比如说要匹配入站报文,所以可以在INPUT链中引用
3、将自定义好的链关联至内置链上。引用test_rule链
iptables -A INPUT -j test_rule
4、查看自定义链test_rule中定义的规则。
[root@test 23:18:18 ~]# iptables -vnL test_rule
Chain test_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 192.168.10.144 0.0.0.0/0 tcp dpt:81
5、重命名自定义链
iptables -E test_rule in_test_rule
6、删除自定义链
iptables -L --line-numbers 查看策略的序号
iptables -D INPUT 规则行 删除被默认链所引用规则
iptables -F in_test_rule 清空才能删除
iptables -X in_test_rule
7、iptables 规则实例
[root@cloudos02 ~]# iptables -nvL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 592M 569G BLOCK_PORTS udp -- * * 0.0.0.0/0 0.0.0.0/0 udp
2 323M 268G BLOCK_PORTS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp
3 118G 123T KUBE-NODEPORT-NON-LOCAL all -- * * 0.0.0.0/0 0.0.0.0/0 /* Ensure that non-local NodePort traffic can flow */
4 71G 63T KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */
5 118G 123T OPENSHIFT-FIREWALL-ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0 /* firewall overrides */
6 38G 44T KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
7 38G 44T ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 2233K 175M ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
9 700M 55G ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
10 13M 696M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
11 101M 5374M OS_FIREWALL_ALLOW all -- * * 0.0.0.0/0 0.0.0.0/0
12 12M 473M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 BLOCK_PORTS udp -- * * 0.0.0.0/0 0.0.0.0/0 udp
2 721M 214G BLOCK_PORTS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp
3 61G 35T DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0
4 561K 43M DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
5 4 288 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
6 518K 39M ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
8 61G 35T MYSQL3306 all -- * * 0.0.0.0/0 0.0.0.0/0
9 61G 35T KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */
10 167M 10G OPENSHIFT-ADMIN-OUTPUT-RULES all -- tun0 !tun0 0.0.0.0/0 0.0.0.0/0 /* administrator overrides */
11 2114M 127G OPENSHIFT-FIREWALL-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* firewall overrides */
12 417 26660 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 29086 packets, 22M bytes)
num pkts bytes target prot opt in out source destination
1 69G 51T KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */
2 116G 108T KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain BLOCK_PORTS (4 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN tcp -- * * 10.200.91.35 0.0.0.0/0 tcp
2 0 0 RETURN udp -- * * 10.200.91.35 0.0.0.0/0 udp
3 786M 338G RETURN tcp -- * * 10.240.0.0/12 0.0.0.0/0 tcp
4 5882K 514M RETURN udp -- * * 10.240.0.0/12 0.0.0.0/0 udp
5 0 0 RETURN tcp -- * * 10.249.50.0/24 0.0.0.0/0 tcp
6 0 0 RETURN udp -- * * 10.249.50.0/24 0.0.0.0/0 udp
7 0 0 RETURN tcp -- * * 10.30.144.145 0.0.0.0/0 tcp
8 0 0 RETURN udp -- * * 10.30.144.145 0.0.0.0/0 udp
9 579 30964 RETURN tcp -- * * 10.71.142.66 0.0.0.0/0 tcp
10 0 0 RETURN udp -- * * 10.71.142.66 0.0.0.0/0 udp
11 0 0 RETURN tcp -- * * 10.71.144.0/25 0.0.0.0/0 tcp
12 0 0 RETURN udp -- * * 10.71.144.0/25 0.0.0.0/0 udp
13 409K 29M RETURN tcp -- * * 10.71.144.145 0.0.0.0/0 tcp
14 0 0 RETURN udp -- * * 10.71.144.145 0.0.0.0/0 udp
15 0 0 RETURN tcp -- * * 10.71.144.146 0.0.0.0/0 tcp
16 0 0 RETURN udp -- * * 10.71.144.146 0.0.0.0/0 udp
17 0 0 RETURN tcp -- * * 10.71.144.147 0.0.0.0/0 tcp
18 0 0 RETURN udp -- * * 10.71.144.147 0.0.0.0/0 udp
19 0 0 RETURN tcp -- * * 10.71.144.148 0.0.0.0/0 tcp
20 0 0 RETURN udp -- * * 10.71.144.148 0.0.0.0/0 udp
21 0 0 RETURN tcp -- * * 10.71.148.240 0.0.0.0/0 tcp
22 0 0 RETURN udp -- * * 10.71.148.240 0.0.0.0/0 udp
23 0 0 RETURN tcp -- * * 10.71.148.241 0.0.0.0/0 tcp
24 0 0 RETURN udp -- * * 10.71.148.241 0.0.0.0/0 udp
25 6058 285K RETURN tcp -- * * 10.71.149.0/24 0.0.0.0/0 tcp
26 0 0 RETURN udp -- * * 10.71.149.0/24 0.0.0.0/0 udp
27 11M 2019M RETURN tcp -- * * 127.0.0.1 0.0.0.0/0 tcp
28 9563K 1201M RETURN udp -- * * 127.0.0.1 0.0.0.0/0 udp
29 7885 778K RETURN tcp -- * * 172.17.0.0/16 0.0.0.0/0 tcp
30 0 0 RETURN udp -- * * 172.17.0.0/16 0.0.0.0/0 udp
31 0 0 RETURN tcp -- * * 189.100.137.0/24 0.0.0.0/0 tcp
32 0 0 RETURN udp -- * * 189.100.137.0/24 0.0.0.0/0 udp
33 29 3552 RETURN tcp -- * * 189.100.61.0/24 0.0.0.0/0 tcp
34 0 0 RETURN udp -- * * 189.100.61.0/24 0.0.0.0/0 udp
35 0 0 RETURN tcp -- * * 189.101.130.0/24 0.0.0.0/0 tcp
36 0 0 RETURN udp -- * * 189.101.130.0/24 0.0.0.0/0 udp
37 7152 538K RETURN tcp -- * * 189.101.131.0/24 0.0.0.0/0 tcp
38 0 0 RETURN udp -- * * 189.101.131.0/24 0.0.0.0/0 udp
39 241M 141G RETURN tcp -- * * 189.101.132.0/24 0.0.0.0/0 tcp
40 577M 567G RETURN udp -- * * 189.101.132.0/24 0.0.0.0/0 udp
41 0 0 RETURN tcp -- * * 189.101.16.0/24 0.0.0.0/0 tcp
42 0 0 RETURN udp -- * * 189.101.16.0/24 0.0.0.0/0 udp
43 0 0 RETURN tcp -- * * 189.101.17.0/24 0.0.0.0/0 tcp
44 0 0 RETURN udp -- * * 189.101.17.0/24 0.0.0.0/0 udp
45 0 0 RETURN tcp -- * * 189.101.189.0/24 0.0.0.0/0 tcp
46 0 0 RETURN udp -- * * 189.101.189.0/24 0.0.0.0/0 udp
47 0 0 RETURN tcp -- * * 189.101.22.0/24 0.0.0.0/0 tcp
48 0 0 RETURN udp -- * * 189.101.22.0/24 0.0.0.0/0 udp
49 0 0 RETURN tcp -- * * 189.101.23.0/24 0.0.0.0/0 tcp
50 0 0 RETURN udp -- * * 189.101.23.0/24 0.0.0.0/0 udp
51 0 0 RETURN tcp -- * * 189.101.247.0/24 0.0.0.0/0 tcp
52 0 0 RETURN udp -- * * 189.101.247.0/24 0.0.0.0/0 udp
53 6319 341K RETURN tcp -- * * 189.101.29.0/24 0.0.0.0/0 tcp
54 0 0 RETURN udp -- * * 189.101.29.0/24 0.0.0.0/0 udp
55 1103 178K RETURN tcp -- * * 189.101.77.0/24 0.0.0.0/0 tcp
56 0 0 RETURN udp -- * * 189.101.77.0/24 0.0.0.0/0 udp
57 40 8156 RETURN tcp -- * * 188.98.0.0/17 0.0.0.0/0 tcp
58 0 0 RETURN udp -- * * 188.98.0.0/17 0.0.0.0/0 udp
59 0 0 RETURN tcp -- * * 188.98.128.0/17 0.0.0.0/0 tcp
60 0 0 RETURN udp -- * * 188.98.128.0/17 0.0.0.0/0 udp
61 462 33351 RETURN tcp -- * * 192.168.96.253 0.0.0.0/0 tcp
62 0 0 RETURN udp -- * * 192.168.96.253 0.0.0.0/0 udp
63 3115K 219M RETURN tcp -- * * 195.180.1.0/24 0.0.0.0/0 tcp
64 0 0 RETURN udp -- * * 195.180.1.0/24 0.0.0.0/0 udp
65 0 0 RETURN tcp -- * * 195.180.3.0/24 0.0.0.0/0 tcp
66 0 0 RETURN udp -- * * 195.180.3.0/24 0.0.0.0/0 udp
67 0 0 RETURN tcp -- * * 195.180.4.0/24 0.0.0.0/0 tcp
68 0 0 RETURN udp -- * * 195.180.4.0/24 0.0.0.0/0 udp
69 0 0 RETURN tcp -- * * 30.1.1.104/29 0.0.0.0/0 tcp
70 0 0 RETURN udp -- * * 30.1.1.104/29 0.0.0.0/0 udp
71 291K 28M RETURN tcp -- * * 30.1.4.0/24 0.0.0.0/0 tcp
72 0 0 RETURN udp -- * * 30.1.4.0/24 0.0.0.0/0 udp
73 982K 213M RETURN tcp -- * * 30.1.48.0/20 0.0.0.0/0 tcp
74 0 0 RETURN tcp -- * * 127.0.0.1 0.0.0.0/0 tcp
75 0 0 RETURN udp -- * * 127.0.0.1 0.0.0.0/0 udp
76 14 840 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2375
77 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2375
78 11 660 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11211
79 1 43 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:11211
Chain DOCKER (1 references)
num pkts bytes target prot opt in out source destination
1 561K 43M ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:5000
Chain DOCKER-ISOLATION (1 references)
num pkts bytes target prot opt in out source destination
1 61G 35T RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-EXTERNAL-SERVICES (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:os-cas-svc has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:8080 reject-with icmp-port-unreachable
2 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:cvktocvm has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:20045 reject-with icmp-port-unreachable
3 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:casserver2 has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:20041 reject-with icmp-port-unreachable
4 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:hatoback has no endpoints */ ADDRTYPE match dst-type LOCAL udp dpt:20042 reject-with icmp-port-unreachable
5 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* qunding/qunding-svc:qunding-mysql has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:23308 reject-with icmp-port-unreachable
6 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:casserver1 has no endpoints */ ADDRTYPE match dst-type LOCAL udp dpt:162 reject-with icmp-port-unreachable
7 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* qunding/qunding-svc:qunding has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:28089 reject-with icmp-port-unreachable
8 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:casmoninternal has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:20044 reject-with icmp-port-unreachable
9 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:hatocvm has no endpoints */ ADDRTYPE match dst-type LOCAL udp dpt:20043 reject-with icmp-port-unreachable
10 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cloudos-iaas/os-cas-svc:cvmtocvk has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:20046 reject-with icmp-port-unreachable
Chain KUBE-FIREWALL (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
Chain KUBE-FORWARD (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x1/0x1
2 20568 4671K ACCEPT all -- * * 10.240.0.0/12 0.0.0.0/0 /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
3 707 2424K ACCEPT all -- * * 0.0.0.0/0 10.240.0.0/12 /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-NODEPORT-NON-LOCAL (1 references)
num pkts bytes target prot opt in out source destination
Chain KUBE-SERVICES (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.69.157 /* default/ame-ingress-nginx-controller-admission:https-webhook has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
2 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:os-cas-svc has no endpoints */ tcp dpt:8080 reject-with icmp-port-unreachable
3 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:cvktocvm has no endpoints */ tcp dpt:20045 reject-with icmp-port-unreachable
4 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:casserver2 has no endpoints */ tcp dpt:20041 reject-with icmp-port-unreachable
5 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.124.202 /* default/os-sys-app-svc:os-sys-app-svc has no endpoints */ tcp dpt:16300 reject-with icmp-port-unreachable
6 0 0 REJECT udp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:hatoback has no endpoints */ udp dpt:20042 reject-with icmp-port-unreachable
7 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.231.239 /* qunding/qunding-svc:qunding-mysql has no endpoints */ tcp dpt:3306 reject-with icmp-port-unreachable
8 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.60.85 /* cloudos-iaas/os-trove-svc:trove-endpoint has no endpoints */ tcp dpt:8779 reject-with icmp-port-unreachable
9 0 0 REJECT udp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:casserver1 has no endpoints */ udp dpt:162 reject-with icmp-port-unreachable
10 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.231.239 /* qunding/qunding-svc:qunding has no endpoints */ tcp dpt:8888 reject-with icmp-port-unreachable
11 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:casmoninternal has no endpoints */ tcp dpt:20044 reject-with icmp-port-unreachable
12 0 0 REJECT udp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:hatocvm has no endpoints */ udp dpt:20043 reject-with icmp-port-unreachable
13 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.62.32 /* cloudos-iaas/os-cas-svc:cvmtocvk has no endpoints */ tcp dpt:20046 reject-with icmp-port-unreachable
14 0 0 REJECT tcp -- * * 0.0.0.0/0 10.100.37.100 /* prometheus-monitoring/default-alertmanager:web has no endpoints */ tcp dpt:31093 reject-with icmp-port-unreachable
Chain MYSQL3306 (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 127.0.0.1 ctorigdstport 3306
2 48G 10T RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 10.240.0.0/12 ctorigdstport 3306
3 419 165K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.4 ctorigdstport 3306
4 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.3 ctorigdstport 3306
5 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.2 ctorigdstport 3306
6 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.2 ctorigdstport 3306
7 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.3 ctorigdstport 3306
8 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.4 ctorigdstport 3306
9 325K 15M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.131.222 ctorigdstport 3306
10 30M 5188M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.201 ctorigdstport 3306
11 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigsrc 189.101.132.1 ctorigdstport 3306
12 18 984 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT ctorigdstport 3306
Chain OPENSHIFT-ADMIN-OUTPUT-RULES (1 references)
num pkts bytes target prot opt in out source destination
Chain OPENSHIFT-FIREWALL-ALLOW (1 references)
num pkts bytes target prot opt in out source destination
1 69G 63T ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4789 /* VXLAN incoming */
2 10G 17T ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 /* from SDN to localhost */
3 54 3438 ACCEPT all -- docker0 * 0.0.0.0/0 0.0.0.0/0 /* from docker to localhost */
Chain OPENSHIFT-FIREWALL-FORWARD (1 references)
num pkts bytes target prot opt in out source destination
1 11M 543M DROP all -- * * 10.240.0.0/12 0.0.0.0/0 /* attempted resend after connection close */ ctstate INVALID
2 1934M 116G ACCEPT all -- * * 0.0.0.0/0 10.240.0.0/12 /* forward traffic from SDN */
3 169M 10G ACCEPT all -- * * 10.240.0.0/12 0.0.0.0/0 /* forward traffic to SDN */
Chain OS_FIREWALL_ALLOW (1 references)
num pkts bytes target prot opt in out source destination
1 3764 200K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9100
2 23 1542 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9100
3 289K 15M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10250
4 10028 595K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10256
5 2560K 154M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 9749K 584M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
7 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:4789
8 76M 4145M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:1:65535
9 35003 2661K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpts:1:65535
10 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:9000:10000
11 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:1936
12 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10080
13 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10443
14 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6579
15 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6679
16 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2369
17 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2390
18 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2375
19 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:7000:7100
20 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2379
21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2380
22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8443
23 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8444
24 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8053
25 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:8053
永远年轻,永远热泪盈眶
