"Linux iptables: Rules Principles and Fundamentals" describes the iptables of the four table five chain, simply said that the different network layer packets will pass through which several mount points, at each mount point can be in which table rules defined.
This article follows this idea, more specifically introduces a iptables rule composition.
Linux iptables: Rule composition
This is the basic composition of a iptables rule, and also the command format for the iptables definition rule:
The first column is the iptables command;
The second column specifies the table where the rule resides, and the NAT and filter tables are commonly used;
The third column is the command, common commands are as follows:
-a adds (append) a new rule at the end of the specified chain-d Delete (delete) A rule in the specified chain, which can be deleted by the rule ordinal and content-I inserts a new rule in the specified chain, by default in the first row add-r modification, Replace (replace) a rule in the specified chain, which can be replaced by the rule number and the contents by the-l list (list) specifies all the rules in the chain to view-f flush Rule-P sets the default policy for the specified chain-n Display output using digital form (numeric)
The fourth column is the mount point that specifies the function of the rule;
The fifth column is the option and the common options are as follows:
-P Specify protocol-s source address-D Destination Address--sport Source port number--dport Destination port number--dports Destination port number List-M supplement
The sixth column is the rule and the common rules are as follows:
ACCEPT allows packets to be dropped directly through the drop packet, without giving any response information reject reject the packet through, if necessary, will give the data to send the end of a response information snat to the packet source address overwrite Dnat to packet destination address overwrite log record packet
The above basically introduces the command and parameters of iptables definition rules, which can be used as reference when defining rules.
Record, for the better of myself!
Linux iptables: Rule composition