Shulou(Shulou.com)06/01 Report--

If you don't explain it in principle, you won't understand it until you use it.

Command format

Iptables [- t table] command [match] [target]

Basic elements

-Table-Command-chain-match-Action

Basic table

Filter, nat and mangle

Basic command

Command states that-An or-- append this command appends a rule to the end of the chain-D or-- delete by specifying the rule to match or the position number of the rule in the chain, the command removes the rule-P or-- policy from the chain, the command sets the default target of the chain, that is, policy. All packets that do not match any rules in the chain will be forced to use the chain's policy-N or-- new-chain to create a new chain-F or-- flush with the name specified in the command. If a chain name is specified, the command deletes all rules in the chain, and if no chain name is specified, the command deletes all rules in all chains. This parameter is used to quickly clear-L or-- list list all rules in the specified chain-R or-- replace replace a matching rule-X or-- delete-chain in the specified chain to delete the specified user's definition chain, if no chain is specified Delete all user chains-C or-- check to check whether the packets match the rules of the specified chain-Z or-- zero will zero the byte counters for all rules in the specified chain

Basic chain

INPUTOUTPUTFORWARDPREROUTINGPOSTROUTING

Basic match

Match states that-p or-- protocol this generic protocol match is used to check for specific protocols. Examples of protocols are TCP, UDP, ICMP, any combination of these three protocols separated by commas, and ALL (for all protocols). ALL is the default match. Can be used! The symbol indicates that it does not match the item-s or-- source this source match is used to match packets based on their source IP address. This match also allows you to match IP addresses within a range, which you can use! Symbol indicating that it does not match the item. Default source matching matches all IP addresses-d or-- destination this destination match is used to match packets based on their destination IP address. The match also allows matching of IP addresses within a range, which can be used! The symbol indicates that it does not match-sport specifies the source port or port range of the matching rule-dport specifies the destination port or port range of the matching rule-I matches a separate network interface or some type of interface setting filter rule

Basic goal item

Target states that ACCEPT will be accepted (allowing it to go to its destination) when a packet exactly matches a rule with an ACCEPT target. DROP when a packet exactly matches a rule with a DROP target, it blocks the packet and does no further processing. The goal is specified as-j DROPREJECT which works in the same way as the DROP goal, but it is better than DROP. Unlike DROP, REJECT does not leave dead sockets on servers and clients. In addition, REJECT sends the error message back to the sender of the packet. This target is specified as the RETURN target set by-j REJECTRETURN in the rule to stop packets matching the rule from traversing the chain containing the rule. If the chain is a mainchain such as INPUT, the default policy for that chain is used to process packets. It is specified as-jump RETURNLOG to log information about the packet TOS represents the TOS value of the overwritten packet

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.