View, add, delete, and modify Linux firewall rules

Only the more commonly used parameters are listed here, please see man iptables for details.

1. View

Iptables-nvl–line-number

-L View all the rules for the current table, which is the filter table by default, and if you want to view the NAT table, you can add the-T nat parameter.

-N Do not reverse IP address, plus this parameter display speed is much faster.

-V output details, including the number of packets through the rule, the total number of bytes, and the corresponding network interface.

–line-number Displays the sequence number of the rule, which is used when the rule is deleted or modified.

2. Add

There are two parameters to add a rule:-A and-I. Where-A is added to the end of the rule;-I can be inserted into the specified position, without specifying a position, and inserted into the header of the rule by default.

Current rule:

[Email protected] ~]# IPTABLES-NL--line-number

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 DROP All--192.168.1.1 0.0.0.0/0

2 DROP All--192.168.1.2 0.0.0.0/0

3 DROP All--192.168.1.4 0.0.0.0/0

Add a rule to the tail:

[Email protected] ~]# iptables-a input-s 192.168.1.5-j DROP

Insert a rule into the third row, and write the number of lines directly behind the chain of rules:

[Email protected] ~]# iptables-i INPUT 3-s 192.168.1.3-j DROP

View:

[Email protected] ~]# IPTABLES-NL--line-number

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 DROP All--192.168.1.1 0.0.0.0/0

2 DROP All--192.168.1.2 0.0.0.0/0

3 DROP All--192.168.1.3 0.0.0.0/0

4 DROP All--192.168.1.4 0.0.0.0/0

5 DROP All--192.168.1.5 0.0.0.0/0

You can see that 192.168.1.3 is inserted into the third row, and the original third row 192.168.1.4 becomes the fourth row.

3. Delete

Delete with the-d parameter

Delete the previously added rule iptables-a input-s 192.168.1.5-j DROP:

[Email protected] ~]# iptables-d input-s 192.168.1.5-j DROP

Sometimes to delete the rule is too long, delete to write a large string, both waste time and easy to write wrong, then we can first use--line-number to find out the line number of the rule, and then delete the rule by line number.

[Email protected] ~]# IPTABLES-NV--line-number

Iptables v1.4.7:no Command specified

Try ' iptables-h ' or ' iptables--help ' for more information.

[Email protected] ~]# IPTABLES-NL--line-number

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 DROP All--192.168.1.1 0.0.0.0/0

2 DROP All--192.168.1.2 0.0.0.0/0

3 DROP All--192.168.1.3 0.0.0.0/0

Delete second row rule

[[email protected] ~]# iptables-d INPUT 2

4. Modification

Modify using the-R parameter

First look at the current rule:

[Email protected] ~]# IPTABLES-NL--line-number

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 DROP All--192.168.1.1 0.0.0.0/0

2 DROP All--192.168.1.2 0.0.0.0/0

3 DROP All--192.168.1.5 0.0.0.0/0

Change the third rule to accept:

[Email protected] ~]# iptables-r INPUT 3-j ACCEPT

Check again below:

[Email protected] ~]# IPTABLES-NL--line-number

Chain INPUT (Policy ACCEPT)

Num Target prot opt source destination

1 DROP All--192.168.1.1 0.0.0.0/0

2 DROP All--192.168.1.2 0.0.0.0/0

3 ACCEPT All--0.0.0.0/0 0.0.0.0/0

Target of the third rule has been changed to accept.

View, add, delete, and modify Linux firewall rules