Only the more commonly used parameters are listed here, please see man iptables for details.
1. View
Iptables-nvl–line-number
-L View all the rules for the current table, which is the filter table by default, and if you want to view the NAT table, you can add the-T nat parameter.
-N Do not reverse IP address, plus this parameter display speed is much faster.
-V output details, including the number of packets through the rule, the total number of bytes, and the corresponding network interface.
–line-number Displays the sequence number of the rule, which is used when the rule is deleted or modified.
2. Add
There are two parameters to add a rule:-A and-I. Where-A is added to the end of the rule;-I can be inserted into the specified position, without specifying a position, and inserted into the header of the rule by default.
Current rule:
[Email protected] ~]# IPTABLES-NL--line-number
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 DROP All--192.168.1.1 0.0.0.0/0
2 DROP All--192.168.1.2 0.0.0.0/0
3 DROP All--192.168.1.4 0.0.0.0/0
Add a rule to the tail:
[Email protected] ~]# iptables-a input-s 192.168.1.5-j DROP
Insert a rule into the third row, and write the number of lines directly behind the chain of rules:
[Email protected] ~]# iptables-i INPUT 3-s 192.168.1.3-j DROP
View:
[Email protected] ~]# IPTABLES-NL--line-number
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 DROP All--192.168.1.1 0.0.0.0/0
2 DROP All--192.168.1.2 0.0.0.0/0
3 DROP All--192.168.1.3 0.0.0.0/0
4 DROP All--192.168.1.4 0.0.0.0/0
5 DROP All--192.168.1.5 0.0.0.0/0
You can see that 192.168.1.3 is inserted into the third row, and the original third row 192.168.1.4 becomes the fourth row.
3. Delete
Delete with the-d parameter
Delete the previously added rule iptables-a input-s 192.168.1.5-j DROP:
[Email protected] ~]# iptables-d input-s 192.168.1.5-j DROP
Sometimes to delete the rule is too long, delete to write a large string, both waste time and easy to write wrong, then we can first use--line-number to find out the line number of the rule, and then delete the rule by line number.
[Email protected] ~]# IPTABLES-NV--line-number
Iptables v1.4.7:no Command specified
Try ' iptables-h ' or ' iptables--help ' for more information.
[Email protected] ~]# IPTABLES-NL--line-number
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 DROP All--192.168.1.1 0.0.0.0/0
2 DROP All--192.168.1.2 0.0.0.0/0
3 DROP All--192.168.1.3 0.0.0.0/0
Delete second row rule
[[email protected] ~]# iptables-d INPUT 2
4. Modification
Modify using the-R parameter
First look at the current rule:
[Email protected] ~]# IPTABLES-NL--line-number
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 DROP All--192.168.1.1 0.0.0.0/0
2 DROP All--192.168.1.2 0.0.0.0/0
3 DROP All--192.168.1.5 0.0.0.0/0
Change the third rule to accept:
[Email protected] ~]# iptables-r INPUT 3-j ACCEPT
Check again below:
[Email protected] ~]# IPTABLES-NL--line-number
Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 DROP All--192.168.1.1 0.0.0.0/0
2 DROP All--192.168.1.2 0.0.0.0/0
3 ACCEPT All--0.0.0.0/0 0.0.0.0/0
Target of the third rule has been changed to accept.
View, add, delete, and modify Linux firewall rules