Shulou(Shulou.com)06/01 Report--

View, add, delete, and modify iptables rules

Only the commonly used parameters are listed here. For more information, please see man iptables.

1. View

Iptables-nvL-line-number

-L view all the rules of the current table. The default is the filter table. If you want to view the NAT table, you can add the-t NAT parameter.

-n does not reverse check the ip address, plus this parameter shows that the speed will be much faster

-v outputs details, including the number of packets passing through the rule, the total number of bytes, and the corresponding network interface

-line-number displays the serial number of the rule, which is used when deleting or modifying the rule

2. Add

Adding a rule has two parameters:-An and-I. Where-An is added to the end of the rule;-I can be inserted at the specified location, or by default at the beginning of the rule if there is no specified location.

Current rules:

[root@test] # iptables-nL-- line-number

Chain INPUT (policy ACCEPT)

Num target prot opt source destination

1 DROP all-192.168.1.1 0.0.0.0 Universe 0

2 DROP all-192.168.1.2 0.0.0.0 Universe 0

3 DROP all-192.168.1.4 0.0.0.0 Universe 0

Add a rule to the tail:

[root@test] # iptables-An INPUT-s 192.168.1.5-j DROP

Insert a rule into the third line and write the number of lines directly to the end of the rule chain:

[root@test] # iptables-I INPUT 3-s 192.168.1.3-j DROP

View:

[root@test] # iptables-nL-- line-number

Chain INPUT (policy ACCEPT)

Num target prot opt source destination

1 DROP all-192.168.1.1 0.0.0.0 Universe 0

2 DROP all-192.168.1.2 0.0.0.0 Universe 0

3 DROP all-192.168.1.3 0.0.0.0 Universe 0

4 DROP all-192.168.1.4 0.0.0.0 Universe 0

5 DROP all-192.168.1.5 0.0.0.0 Universe 0

You can see that 192.168.1.3 is inserted into the third row, while the original third line 192.168.1.4 becomes the fourth line.

3. Delete

Delete with-D parameter

Delete the previously added rule (iptables-An INPUT-s 192.168.1.5-j DROP):

[root@test] # iptables-D INPUT-s 192.168.1.5-j DROP

Sometimes the rule to be deleted is too long, and you have to write a long string when deleting, which is both time-consuming and easy to make mistakes. At this time, we can first use-line-number to find out the line number of the rule, and then delete the rule by the line number.

[root@test] # iptables-nv-- line-number

Iptables v1.4.7: no command specified

Try `iptables-h' or 'iptables-- help' for more information.

[root@test] # iptables-nL-- line-number

Chain INPUT (policy ACCEPT)

Num target prot opt source destination

1 DROP all-192.168.1.1 0.0.0.0 Universe 0

2 DROP all-192.168.1.2 0.0.0.0 Universe 0

3 DROP all-192.168.1.3 0.0.0.0 Universe 0

Delete the second line rule

[root@test ~] # iptables-D INPUT 2

4. Modification

Modify the use-R parameter

Let's take a look at the current rules:

[root@test] # iptables-nL-- line-number

Chain INPUT (policy ACCEPT)

Num target prot opt source destination

1 DROP all-192.168.1.1 0.0.0.0 Universe 0

2 DROP all-192.168.1.2 0.0.0.0 Universe 0

3 DROP all-192.168.1.5 0.0.0.0 Universe 0

Change the third rule to ACCEPT:

[root@test] # iptables-R INPUT 3-j ACCEPT

Check again:

[root@test] # iptables-nL-- line-number

Chain INPUT (policy ACCEPT)

Num target prot opt source destination

1 DROP all-192.168.1.1 0.0.0.0 Universe 0

2 DROP all-192.168.1.2 0.0.0.0 Universe 0

3 ACCEPT all-0. 0. 0. 0. 0. 0. 0. 0

The target of the third rule has been changed to ACCEPT.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.