Linux Iptables command Overview (1)

Linux Iptables commandList:

Use iptables-ADC to specify the chain rules.-A Add-D Delete-C modify

Iptables-[RI] chain rule num rule-specification [option]

Use iptables-RI to specify the sequence of rules

Iptables-D chain rule num [option]

Deletes a specified rule.

Iptables-[LFZ] [chain] [option]

Use iptables-LFZ chain name [Option]

Iptables-[NX] chain

Use-NX to specify a chain

Iptables-P chain target [options]

Default target of the specified chain

Iptables-E old-chain-name new-chain-name

-E old chain name New Chain name

Replace old chain names with new chain names

Description

Iptalbes is used to set, maintain, and check the IP packet filtering rules of the Linux kernel.

Different tables can be defined. Each table contains several internal chains and user-defined chains. Each chain is a rule list that matches the corresponding package: each rule specifies how the matching package should be processed. This is called a 'target' (target) and can also jump to a user-defined chain in the same table.

TARGETS

The firewall rules specify the features and targets of the checked packets. If the package does not match, it is sent to the next rule check in the chain. If yes, the next rule is determined by the target value. the target value can be a user-defined chain name or a specific value, such as ACCEPT [pass], DROP [delete], QUEUE [QUEUE], or RETURN [RETURN].

ACCEPT indicates that the package passes. DROP indicates dropping this package. QUEUE indicates to pass this package to the user space. RETURN indicates that the matching of the chain is stopped and the rule of the previous chain starts again. If a built-in chain is reached, or the rule of the built-in chain is RETURN, the fate of the package will be determined by the target specified by the chain criterion.

TABLES

There are currently three tables (which table is the current table depends on the Kernel configuration option and the current module ).

-T table

This option specifies the table of matching packages to be operated by the command. If the kernel is configured to automatically load modules, if the modules are not loaded, the system will try to load the appropriate modules (for this table. These tables are as follows: filter, which is the default table and contains the built-in chain INPUT (the packet to be processed) and FORWORD (the packet to be processed) and OUTPUT (processing locally generated packages ). Nat. When this table is queried, it indicates that a new connection packet is generated, which consists of three built-in chains: PREROUTING), OUTPUT (the local package before the route is modified), and POSTROUTING (the package to be modified ). The mangle table is used to modify the specified package. It has two built-in rules: PREROUTING (the package before the route is modified) and OUTPUT (the local package before the route is modified ).

OPTIONS

These options that can be recognized by iptables can be different types.

COMMANDS

These options specify to execute a specific action: If there is no other rule under the command line, this row can only specify one option. for long-Format Commands and option names, you only need to ensure that the iptables command can be distinguished from other options.

-A-append

Add one or more rules at the end of the selected chain. When the source (Address) or/and destination (Address) are converted to multiple addresses, this rule is added to all possible addresses (combinations.

-D-delete

Delete one or more rules from the selected chain. This command can be used to specify the deleted rule as the serial number in the chain (the first serial number is 1) or as the rule to be matched.

-R-replace

Replaces a rule from the selected chain. If the source (Address) or/and destination (Address) are converted to multiple addresses, this command fails. The rule sequence number starts from 1.

-I-insert

Insert one or more rules to the selected Chain Based on the given rule sequence number. Therefore, if the rule number is 1, the rule will be inserted into the chain header. This is the default method when no rule serial number is specified.

-L-list

Displays all the rules of the selected chain. If no link is selected, all links are displayed. It can also be used with the z option, and the chain will be automatically listed and zeroed. Precise output is affected by other parameters.

-F-flush

Clear the selected chain. This means that all rules are deleted one by one.

-- Z-zero

Clears the packets and byte counters of all links. It can be used with-L to view the counter before clearing. See the previous article.

-N-new-chain

Create a new user-defined Chain Based on the given name. This must ensure that no chain with the same name exists.

-X-delete-chain

Deletes a specified user-defined chain. This chain must not be referenced. If it is referenced, you must delete or replace the relevant rules before deleting it. If no parameter is provided, this command will try to delete each non-built chain.

-P-policy

Set the target rule of the chain.

-E-rename-chain

Rename the specified Chain Based on the name given by the user. This is only a modifier and does not affect the structure of the entire table. The TARGETS parameter provides a valid target. Rules can be used only for non-user-defined chains, and both built-in and user-defined chains cannot be the target of rules.

-H Help.

Help. The syntax of the current command is very short.

PARAMETERS