Iptables commonly used parameters

For Linux users, Iptable is one of the necessary skills! Maybe with many people will feel iptables difficult, not familiar with! It feels like a mess! In fact iptables (firewall) is rarely a command how complicated. But you understand the logic of the relationship! The rest of the order is a bit of a rusty feeling! But you can understand what it is! The following diagram illustrates the role of five chains!

Network A route select inbound to Outbound

Data INPUT (inbound)---> OUTPUT (Outbound)

↓↑↓

Routing lets data inbound outbound to routed network B

Prerouting (before routing) postrouting (after routing) → Outbound data

Route selection Not Inbound

↓ because forwarding, no inbound ↑

FORWARD (Forward) →→→→↑

After reading this somewhat rotten topology diagram, is not the work of the firewall has a general understanding of the operation! Let's talk about the four tables.

The matching order between tables is the Raw→→mangle→→nat→→filter table! Let's talk about what chain the table contains!

Raw Table mangle table NAT Table Filter Table

Route the road forward by the front inbound

Prerouting prerouting preouting INPUT

Outbound routing back-forwarding by post

OUTPUT postrouting postrouting FORWARD

Inbound Outbound Outbound

INPUT Output output

Outbound

OUTPUT

Forward

FORWARD

This is the chain that is contained in the four tables, which by default generally operate on the filter table the most! The following is the process action,

ACCEPT: Allow drop: direct discard, do not give response REJECT: Deny Pass, will give the response log: log, and then passed to the next rule. The iptables is matched to the action that matches to the execution, and the stop-to-match log is outside the matching rule!

View Table Rules

Iptables-nl

Modify the default table rule

Iptables-p INPUT DROP

Insert Table Rule

Iptables-i input-p TCP--dport 80-j ACCEPT #开放本机80端口

Iptables-i input-p TCP--dport 80-j REJECT #关闭本机80端口

Iptables-i input-s 192.168.1.1-j ACCEPT #允许这个IP访问本机

Iptables-i input-p TCP--dport 80-s 192.168.1.1-j DROP #拒绝这个IP访问本机80端口

Iptables-t filter-i input-p icmp-j regect #拒绝ping本机

    iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.1.1 --dport 80 -j DNAT --to 192.168.1.1:8080 #将访问本机的80端口转到8080端口上去

Save firewall rules

Service Iptables Save

View Firewall rules

Service Iptables Status

IPTABLES-NL--line-numbers #显示规则行号

Delete a firewall rule

iptables-d INPUT 2 #删除INPUT中的第二条规则

All right, here's a brief introduction to the firewall. There are a lot of things that haven't been said, including some parameters! Because iptables look at the parameters are what they do! I hope you have something to gain! After you understand the firewall's workflow, you don't know what to do with your firewall rules. !

I hope you will also say harvest! Here bless everyone happy life!

This article is from the Linux Services blog, so be sure to keep this source http://9239489.blog.51cto.com/9229489/1640127

Iptables commonly used parameters