Linux Learning (Linux should learn this) 6

• RHEL7 replaces iptables with FIREWALLD, but iptables can still be used

• The rule table is to accommodate the rule chain, if the rule table is allowed state, that rule chain is set to the forbidden rule, if the rule table is a forbidden state, that rule chain is set to allow the rules, the personal feel like a blacklist whitelist

• The common types of control in Iptables are: accept permission to pass; LOG: Logs are then passed to the next rule to continue the match; REJECT: Refuse to pass, give hints when necessary; drop: Discard directly, without giving any response.

• Rule chain

  650) this.width=650; "title=" _20170320161331.png "src=" https://s2.51cto.com/wyfs02/M01/8E/F1/ Wkiol1jpj0xgrca2aabej5706s0994.png "alt=" Wkiol1jpj0xgrca2aabej5706s0994.png "/>

  650) this.width=650; "title=" _20170320161741.png "src=" https://s4.51cto.com/wyfs02/M02/8E/F3/ Wkiom1jpkdmglvcqaaaoeyxqgmg878.png "alt=" Wkiom1jpkdmglvcqaaaoeyxqgmg878.png "/>
  

• Rules table

  650) this.width=650; "title=" _20170320161520.png "src=" https://s4.51cto.com/wyfs02/M00/8E/F3/ Wkiom1jpj8ts82b4aaau3dxxrry101.png "alt=" Wkiom1jpj8ts82b4aaau3dxxrry101.png "/>

  Order of rules table: Raw--mangle--nat--filter

• Precautions

  The default Fifter table is not specified for the rule table

  Not specifying a rule chain means all the chain of rules within a table

  Matching rules in the rule chain is checked in turn, the match is stopped, and the default state of the chain is processed if no orange items

• 650) this.width=650; "title=" _20170320162427.png "src=" https://s2.51cto.com/wyfs02/M01/8E/F3/ Wkiom1jpkcmaueczaackyhk_bv0629.png "alt=" Wkiom1jpkcmaueczaackyhk_bv0629.png "/>

  
  

• 
  

Linux Learning (Linux should learn this) 6