In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
As soon as I first came into contact with Iptables, I was confused about the-I and-A parameters,-I inserted one or more rules, and-An appended one or more rules.
It's all about adding a rule. What's the difference between them?
Experiment:
I took two machines, one sent PING packets and the other was PING.
Two machines use iptables-nvL INPUT to view, iptables is empty
Then add iptables-An INPUT-p icmp--icmp-type 8-s 0-j DROP to the machine being PING
Then use iptables-nvL INPUT to see the following:
Chain INPUT (policy ACCEPT 592packets, 55783 bytes)
Pkts bytes target prot opt in out source destination
8 672 DROP icmp-- * * 0.0.0.0 DROP icmp 0 0.0.0.0 icmp type 8
At this point, the machine that sent the PING packet showed that the PING packet stopped.
At this time, add iptables-An INPUT-p icmp--icmp-type 8-s 0-j ACCEPT to the PING machine.
Then use iptables-nvL INPUT to see the following:
Chain INPUT (policy ACCEPT 678 packets, 62701 bytes)
Pkts bytes target prot opt in out source destination
21 1764 DROP icmp-- * 0.0.0.0 icmp type 0 0.0.0.0 icmp type 8
0 0 ACCEPT icmp-- * * 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0 icmp type 8
It shows that a rule has been appended to iptables, but the PING packet displayed by the machine that sent the PING packet still stops, which proves that the newly added rule cannot release the PING packet.
Add iptables-I INPUT-p icmp--icmp-type 8-s 0-j ACCEPT to the PING machine
Then use iptables-nvL INPUT to see the following:
Chain INPUT (policy ACCEPT 770 packets, 70223 bytes)
Pkts bytes target prot opt in out source destination
2 168 ACCEPT icmp-- * * 0.0.0.0 icmp type 0 0.0.0.0 icmp type 8
31 2604 DROP icmp-- * 0.0.0.0 icmp type 0 0.0.0.0 icmp type 8
0 0 ACCEPT icmp-- * * 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0 icmp type 8
Show that a new rule has been added to iptables, and the PING packet displayed by the machine that sent the PING packet beats again, proving that the newly added rule can release the PING packet.
The difference between the two rule release rules is that-An and-I,-An append rules after DROP rules, and-I add rules before DROP rules.
Iptables matches the rules from top to bottom, and the release rule can only take effect before the prohibition rule.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
