Linux iptableÎĵµ

×ÜÀÀ
ÓÃiptables -ADC À´Ö¸¶¨Á´µÄ¹æ
Ôò
£¬-AÌí¼Ó -Dɾ³ý -C ÐÞ¸Ä
iptables - [RI] chain rule num rule-specification[option]
ÓÃiptables - RI ͨ¹ý¹æÔòµÄ˳ÐòÖ¸¶¨
iptables -D chain rule num[option]
ɾ³ýÖ¸¶¨¹æÔò
iptables -[LFZ] [chain][option]
ÓÃiptables -LFZ Á´Ãû [Ñ¡Ïî]
iptables -[NX] chain
Óà -NX Ö¸¶¨Á´
iptables -P chain target[options]
Ö¸¶¨Á´µÄĬÈÏÄ¿±ê
iptables -E old-chain-name new-chain-name
-E ¾ÉµÄÁ´Ãû еÄÁ´Ãû
ÓÃеÄÁ´ÃûÈ¡´ú¾ÉµÄÁ´Ãû
˵Ã÷
Iptalbes ÊÇÓÃÀ´ÉèÖá¢Î¬»¤ºÍ¼ì²éLinuxÄں˵ÄIP°ü¹ýÂ˹æÔòµÄ¡£
¿ÉÒÔ
¶¨Ò岻ͬµÄ±í£¬Ã¿¸ö±í¶¼
°üº¬¼¸¸öÄÚ²¿µÄÁ´£¬Ò²ÄÜ°üº¬Óû§¶¨ÒåµÄÁ´¡£Ã¿¸öÁ´¶¼ÊÇÒ»¸ö¹æÔòÁÐ±í£¬¶Ô¶ÔÓ¦µÄ°ü½øÐÐÆ¥Å䣺ÿÌõ¹æÔòÖ¸¶¨Ó¦µ±ÈçºÎ´¦ÀíÓëÖ®ÏàÆ¥ÅäµÄ°ü¡£Õâ±»³Æ×÷
'target'£¨Ä¿±ê£©£¬Ò²¿ÉÒÔ
Ìø
Ïòͬһ¸ö±íÄÚµÄÓû§¶¨ÒåµÄÁ´¡£
TARGETS
·À
»ðǽµÄ¹æÔòÖ¸¶¨Ëù¼ì²é°üµÄÌØÕ÷£¬ºÍÄ¿±ê¡£Èç¹û°ü²»Æ¥Å䣬½«ËÍÍù¸ÃÁ´ÖÐÏÂÒ»Ìõ¹æÔò¼ì²é£»Èç¹ûÆ¥Åä,ÄÇôÏÂÒ»Ìõ¹æÔòÓÉÄ¿±êֵȷ¶¨.¸ÃÄ¿±êÖµ¿ÉÒÔÊÇÓû§¶¨ÒåµÄ
Á´Ãû,»òÊÇij¸öרÓÃÖµ,ÈçACCEPT[ͨ¹ý], DROP[ɾ³ý], QUEUE[ÅŶÓ], »òÕß RETURN[·µ»Ø]¡£
ACCEPT
±íʾÈÃÕâ¸ö°üͨ¹ý¡£DROP±íʾ½«Õâ¸ö°ü¶ªÆú¡£QUEUE±íʾ°ÑÕâ¸ö°ü´«µÝµ½Óû§¿Õ¼ä¡£RETURN±íʾֹͣÕâÌõÁ´µÄÆ¥Å䣬µ½Ç°Ò»¸öÁ´µÄ¹æÔòÖØпªÊ¼¡£Èç
¹ûµ½´ïÁËÒ»¸öÄÚ½¨µÄÁ´(µÄÄ©¶Ë)£¬»òÕßÓöµ½ÄÚ½¨Á´µÄ¹æÔòÊÇRETURN£¬°üµÄÃüÔ˽«ÓÉÁ´×¼ÔòÖ¸¶¨µÄÄ¿±ê¾ö¶¨¡£
TABLES
µ±Ç°ÓÐÈý¸ö±í£¨Äĸö±íÊǵ±Ç°±íÈ¡¾öÓÚÄÚºËÅäÖÃÑ¡ÏîºÍµ±Ç°Ä£¿é)¡£
-t table
Õâ ¸öÑ¡ÏîÖ¸¶¨ÃüÁîÒª²Ù×÷µÄÆ¥Åä°üµÄ±í¡£Èç¹ûÄں˱»ÅäÖÃΪ×Ô¶¯¼ÓÔØÄ£¿é£¬ÕâʱÈôÄ£¿éûÓмÓÔØ£¬(ϵͳ)½«³¢ÊÔ(Ϊ¸Ã±í)¼ÓÔØÊʺϵÄÄ£¿é¡£ÕâЩ±íÈçÏ£º
filter,ÕâÊÇĬÈÏµÄ±í£¬°üº¬ÁËÄÚ½¨µÄÁ´INPUT£¨´¦Àí½øÈëµÄ°ü£©¡¢FORWORD£¨´¦Àíͨ¹ýµÄ°ü£©ºÍOUTPUT£¨´¦Àí±¾µØÉú³ÉµÄ°ü£©¡£nat,
Õâ¸ö±í±»²éѯʱ±íʾÓöµ½Á˲úÉúеÄÁ¬½ÓµÄ°ü,ÓÉÈý¸öÄÚ½¨µÄÁ´¹¹³É£ºPREROUTING
(Ð޸ĵ½À´µÄ°ü)¡¢OUTPUT£¨Ð޸ķÓÉ֮ǰ±¾µØµÄ°ü£©¡¢POSTROUTING£¨ÐÞ¸Ä×¼±¸³öÈ¥µÄ°ü£©¡£mangle
Õâ¸ö±íÓÃÀ´¶ÔÖ¸¶¨µÄ°ü½øÐÐÐ޸ġ£ËüÓÐÁ½¸öÄÚ½¨¹æÔò£ºPREROUTING£¨Ð޸ķÓÉ֮ǰ½øÈëµÄ°ü£©ºÍOUTPUT£¨Ð޸ķÓÉ֮ǰ±¾µØµÄ°ü£©¡£
OPTIONS
ÕâЩ¿É±»iptablesʶ±ðµÄÑ¡Ïî¿ÉÒÔÇø·Ö²»Í¬µÄÖÖÀà¡£
COMMANDS
ÕâЩѡÏîÖ¸¶¨Ö´ÐÐÃ÷È·µÄ¶¯×÷£ºÈôÖ¸ÁîÐÐÏÂûÓÐÆäËû¹æ¶¨,¸ÃÐÐÖ»ÄÜÖ¸¶¨Ò»¸öÑ¡Ïî.¶ÔÓÚ³¤¸ñʽµÄÃüÁîºÍÑ¡ÏîÃû,Ëù