RHEL7 replaces iptables with FIREWALLD, but iptables can still be used
The rule table is to accommodate the rule chain, if the rule table is allowed state, that rule chain is set to the forbidden rule, if the rule table is a forbidden state, that rule chain is set to allow the rules, the personal feel like a blacklist whitelist
The common types of control in Iptables are: accept permission to pass; LOG: Logs are then passed to the next rule to continue the match; REJECT: Refuse to pass, give hints when necessary; drop: Discard directly, without giving any response.
Rule chain
650) this.width=650; "title=" _20170320161331.png "src=" https://s2.51cto.com/wyfs02/M01/8E/F1/ Wkiol1jpj0xgrca2aabej5706s0994.png "alt=" Wkiol1jpj0xgrca2aabej5706s0994.png "/>
650) this.width=650; "title=" _20170320161741.png "src=" https://s4.51cto.com/wyfs02/M02/8E/F3/ Wkiom1jpkdmglvcqaaaoeyxqgmg878.png "alt=" Wkiom1jpkdmglvcqaaaoeyxqgmg878.png "/>
Rules table
650) this.width=650; "title=" _20170320161520.png "src=" https://s4.51cto.com/wyfs02/M00/8E/F3/ Wkiom1jpj8ts82b4aaau3dxxrry101.png "alt=" Wkiom1jpj8ts82b4aaau3dxxrry101.png "/>
Order of rules table: Raw--mangle--nat--filter
Precautions
The default Fifter table is not specified for the rule table
Not specifying a rule chain means all the chain of rules within a table
Matching rules in the rule chain is checked in turn, the match is stopped, and the default state of the chain is processed if no orange items
650) this.width=650; "title=" _20170320162427.png "src=" https://s2.51cto.com/wyfs02/M01/8E/F3/ Wkiom1jpkcmaueczaackyhk_bv0629.png "alt=" Wkiom1jpkcmaueczaackyhk_bv0629.png "/>
Linux Learning (Linux should learn this) 6