Shulou(Shulou.com)06/01 Report--

This article mainly introduces "the method of adding, deleting, changing and searching iptables". In the daily operation, I believe that many people have doubts about the method of adding, deleting, changing and searching iptables. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "the method of adding, deleting, changing and searching iptables". Next, please follow the editor to study!

Netfilter/iptables (abbreviated as iptables) constitutes a packet filtering firewall under the Linux platform. Like most Linux software, this packet filtering firewall is free. It can replace expensive commercial firewall solutions to complete packet filtering, packet redirection and network address translation (NAT) and other functions.

First, install and start the firewall [root@linux ~] # / etc/init.d/iptables start

When we use iptables to add rules, save, these rules to the situation of the file stored on disk, to centos, for example, the file address is / etc/sysconfig/iptables, we can use the command to add, modify, delete rules, you can also directly modify / etc/sysconfig/iptables this file on the line.

Second, add firewall rules

1, add filter table

[root@linux] # iptables-An INPUT-p tcp-m tcp-- dport 21-j ACCEPT / / Open port 21

I have an open iptables-P OUTPUT ACCEPT for exits, so there is no need to open ports at exits.

2, add nat table

[root@linux] # iptables-t nat-A POSTROUTING-s 192.168.10.0Unip 24-j MASQUERADE

Disguise the address of a packet with a source address of 192.168.10.0 and 24

3Maxima is inserted into the tail by default, and it can be inserted into the specified position by-I

[root@linux ~] # iptables-I INPUT 3-p tcp-m tcp-- dport 20-j ACCEPT [root@linux] # iptables-L-n-- line-numberChain INPUT (policy DROP) num target prot opt source destination1 ACCEPT all-0.0.0.0x0.0.0.0x02DROP icmp-0.0.0.0and0.00.0 .0.0Accord 0 icmp type 83 ACCEPT tcp-0.0.0.0Uniplex 0 0.0.0.0 0 tcp dpt:20 / /-I 4 ACCEPT tcp inserted at the specified position-- 0.0.0.0 00.0.0.0Uniplex 0 tcp dpt:225 ACCEPT tcp -0.0.0.0 tcp dpt:806 ACCEPT all 0 0.0.0.0 state RELATED 0 ESTABLISHED7 DROP all-0.0.0.0Universe 0 0.0.0.0Universe 0 state INVALID NEW8 ACCEPT tcp-0.0.0.0 tcp dpt:21 / /-An is inserted into the last Chain FORWARD (policy ACCEPT) num target prot opt source destinationChain OUTPUT (policy ACCEPT) num target prot opt source destination III by default. Check the iptable rule.

1. View the filter table

[root@linux ~] # iptables-L-n-- line-number | grep 21 / /-- line-number can display the rule sequence number, which is more convenient when deleting 5 ACCEPT tcp-- 192.168.1.0 tcp dpt:21 24 0.0.0.0 tcp dpt:21

If you do not add-t, the default is filter table, which can be viewed, added or deleted.

2. View the nat table

[root@linux] # iptables-t nat-vnL POSTROUTING-- line-numberChain POSTROUTING (policy ACCEPT 38 packets, 2297 bytes) num pkts bytes target prot opt in out source destination1 0 0 MASQUERADE all-- * * 192.168.10. Modify rule [root@linux] # iptables-R INPUT 3-j DROP / / change rule 3 to DROP 5 Delete iptables rule [root@linux] # iptables-D INPUT 3 / Delete rule 3 of input [root@linux] # iptables-t nat-D POSTROUTING 1 / Delete first rule of postrouting in nat [root@linux] # iptables-F INPUT / / clear filter table INPUT all rules [root@linux] # iptables-F / / clear all rules [root@linux ~] # iptables-t nat-F POSTROUTING / / clear nat Table POSTROUTING all rules 6 Set default rule [root@linux ~] # iptables-P INPUT DROP / / set filter table INPUT default rule is DROP

All additions, deletions, and modifications should be saved, / etc/init.d/iptables save. The above is only some of the most basic operations, if you want to use flexibly, but also a certain amount of time of actual operation.

At this point, the study of "the method of adding, deleting, changing and searching iptables" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.