Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to understand the rule composition of Linux iptables". In the operation process of actual cases, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

Linux iptables: Principles and basics of rules introduces the four tables and five chains of iptables, simply speaking, which mount points different network layer packets will pass through, and which tables can be defined at each mount point.

This article follows this line of thought and introduces the composition of an iptables rule in more detail.

Linux iptables: rule composition

This is the basic composition of iptables rule, and also the command format of iptables definition rule:

The first column is the iptables command;

The second column specifies the table in which the rule is located. Nat and filter tables are commonly used.

The third column contains commands. Common commands are as follows:

-A appends a new rule to the end of the specified chain

-D Delete a rule in the specified chain, which can be deleted according to the rule number and content.

-I insert a new rule in the specified chain, default added in the first line

-R modify, replace, specify a rule in the chain, can be replaced by rule number and content

-L List all rules in the specified chain for viewing

-F flush rule

-P Set default policy for specified chain

-n Display output in numeric form

The fourth column is the mount point at which the specified rule acts;

The fifth column contains options. Common options are as follows:

-p specifies protocol

-s Source address

-d Destination address

--sport Source port number

--dport destination port number

--dports Destination port number list

-m Supplement

The sixth column contains rules. Common rules are as follows:

ACCEPT allows packets to pass through

DROP drops packets directly without giving any response information

REJECT rejects the packet and sends a response message to the sender if necessary

SNAT rewrites packet source address

DNAT rewrites the destination address of the packet

LOG log packet

The above basically describes the commands and parameters when iptables defines rules, which can be used as a reference when defining rules.

"How to understand the rules of Linux iptables" content introduced here, thank you for reading. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.