The usage of iptables "notes"

Syntax: iptables [-t table] {-a|-c|-d} chain rule-specification

-T can be used to specify a table, the default is the filter table, and the available options are:

Filter is used by default table, writing planning, can not be specified, for chain input,forward,output chain effective

NAT is mainly used for Snat (source address translation), DNAT (destination address translation), for chain prerouting,postrouting and output chains, Snat mainly for Postrouting,dnat

Mangle is mainly used for marking and can be used in five common chains.

Raw Chain for connection tracking

Security is primarily used for secure access control

Option: Options

-A refers to append, which attaches the rule to the last bar of the insertion chain

-C Check if a chain exists in iptables

-D Delete the specified chain, delete the input chain 5th: iptalbes-d Input 5

Iptables-l-N--line-numbers: Displaying iptables table entries in numeric format

-I insert inserts a rule that specifies the number of the insertion rule, which is inserted by default at the beginning of the line, such as inserting a rule in 2nd:

Iptables-i INPUT 2-d 192.168.0.101-p tcp--dport 22-j ACCEPT

-R Replace modifies the specified rule to set a new rule for itself, that is, after the deletion, add another in the same position

Iptables-r INPUT 2-d 192.168.0.101-p TCP--dport 22-m State--state new,established-j ACCEPT

-l [Chain] list lists the chain specified by Iptables, if no chain is specified, all chains are listed

-F [Chain] flush empties the specified chain, if not specified, clears all plans

Parameter: Parameters

-4 IPV4

-6 IPV6

[!] -P protocol! Represents the reverse,-p specified protocol, tcp,udp,icmp

-S--source source Ip-s 192.168.0.0/24 is the address of the specified source IP address segment 192.168.0.0/24 this c segment

-D--destination Specify Destination address

-M iprange--src-range From-toip--dst-range

Iptables-a output-p TCP--sport 22-m iprange--dst-range 192.168.0.105-192.168.0.109-j ACCEPT

-M status trace:

-M state--state {invalid,established,new,related,untracked}

-M string--ALGO{BM|KMP}--string pattern with two matching algorithms for BM and KMP,--string can specify a matching string

The services Iptables save can be saved to the completed Iptables plan and saved in/etc/sysconfig/iptables.

Iptables-save only displays the current rule table, and if you need to save it, you can use the redirect

Iptables-save >/etc/sysconfig/iptables, you can also specify a different file name, you can use the input redirection when restoring

Iptables-restore </etc/sysconfig/iptalbes-0918

The usage of iptables "notes"