Linux - iptable -L -n --line-number

[root@ip-127-0-0-1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       udp  --  anywhere             anywhere             udp dpt:memcache
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     tcp  --  localhost            anywhere             tcp dpt:memcache
DROP       tcp  --  anywhere             anywhere             tcp dpt:memcache

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             ip-192-168-122-0.cn-north-1.compute.internal/24  ctstate RELATED,ESTABLISHED
ACCEPT     all  --  ip-192-168-122-0.cn-north-1.compute.internal/24  anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:11211
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     tcp  --  127.0.0.1            0.0.0.0/0            tcp dpt:11211
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:11211

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# iptables -L -n  --line-number 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:11211
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
4    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
6    ACCEPT     tcp  --  127.0.0.1            0.0.0.0/0            tcp dpt:11211
7    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:11211

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# 
[root@ip-127-0-0-1 ~]# iptables -D INPUT 7
[root@ip-127-0-0-1 ~]# iptables -L -n  --line-number 
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:11211
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
4    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
6    ACCEPT     tcp  --  127.0.0.1            0.0.0.0/0            tcp dpt:11211

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
[root@ip-127-0-0-1 ~]# 

并且安装iptables-services：

yum install iptables-services  

设置开机启动：

systemctl enable iptables  


systemctl stop iptables  
systemctl start iptables  
systemctl restart iptables  
systemctl reload iptables  

保存设置：

service iptables save