Shulou(Shulou.com)06/01 Report--

This article analyzes "what is the iptables command of Linux system". The content is detailed and easy to understand. Friends who are interested in "what is the iptables command of the Linux system" can follow the editor's train of thought to read it slowly and deeply. I hope it will be helpful to everyone after reading. Let's follow the editor to learn more about "what is the iptables command of Linux system".

Iptables firewall can be used to create filtering (filter) and NAT rules. All Linux distributions can use iptables, so understanding how to configure iptables will help you manage Linux firewalls more effectively.

First, install and start the firewall

[root@linux ~] # / etc/init.d/iptables start when we add rules with iptables, after saving, these rules are stored on disk in the situation of the file. Take centos as an example, the file address is / etc/sysconfig/iptables. We can add, modify, delete rules by command, or modify the file / etc/sysconfig/iptables directly.

Second, add firewall rules

1, add filter table

[root@linux] # iptables-An INPUT-p tcp-m tcp-- dport 21-j ACCEPT / / Open port 21 exit I am all open iptables-P OUTPUT ACCEPT, so there is no need to open the port at the exit.

2, add nat table

[root@linux ~] # iptables-t nat-A POSTROUTING-s 192.168.10.0 MASQUERADE 24-j MASQUERADE disguises the address of a packet with a source address of 192.168.10.0Universe 24

3Maxima is inserted into the tail by default, and it can be inserted into the specified position by-I

[root@linux ~] # iptables-I INPUT 3-p tcp-m tcp-- dport 20-j ACCEPT [root@linux ~] # iptables-L-n-- line-number Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all-- 0.0.0.0amp 0 0.0.0.0line-number Chain INPUT 0 2 DROP icmp-- 0.0.0.0max 0 0.0.0.0 icmp type 0 icmp type 8 3 ACCEPT tcp-- 0.0.0.0 tcp dpt:20 / /-I 4 ACCEPT tcp inserted at the specified location-- 0.0.0.0max 0 0.0.0.0 tcp dpt:22 5 ACCEPT tcp-0.0.0.0 ACCEPT all 0 0.0.0.0 ACCEPT all 0 tcp dpt:80 6-- 0.0.0.0 0 0.0.0.0 0 state RELATED ESTABLISHED 7 DROP all-- 0.0.0.0 DROP all 0 0.0.0.0 Universe 0 state INVALID NEW 8 ACCEPT tcp-- 0.0.0.0 tcp dpt:21 / /-An is inserted into the last Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination III by default, check the iptable rule

1. View the filter table

[root@linux ~] # iptables-L-n-- line-number | grep 21 / /-- line-number can display the rule sequence number, which is more convenient when deleting 5 ACCEPT tcp-- 192.168.1.0 tcp dpt:21 24 0.0.0.0 tcp dpt:21. If you do not add-t, the default is filter table, view, add, delete.

2. View the nat table

[root@linux] # iptables-t nat-vnL POSTROUTING-- line-number Chain POSTROUTING (policy ACCEPT 38 packets, 2297 bytes) num pkts bytes target prot opt in out source destination 100 MASQUERADE all-- * * 192.168.10.0Universe 24 0.0.0.0Universe, modify the rules

[root@linux ~] # iptables-R INPUT 3-j DROP / / change rule 3 to drop 5, delete iptables rule

[root@linux ~] # iptables-D INPUT 3 / Delete Rule 3 of input [root@linux ~] # iptables-t nat-D POSTROUTING 1 / Delete Rule 1 of postrouting from nat [root@linux ~] # iptables-F INPUT / / clear all rules of INPUT [root@linux ~] # iptables-F / / clear all rules [root@linux ~] # iptables-t nat-F POSTROUTING / / clear all rules of nat POSTROUTING Set default rules

[root@linux ~] # iptables-P INPUT DROP / / set filter table INPUT default rule is DROP all additions, deletions, and modifications should be saved, / etc/init.d/iptables save. The above is only some of the most basic operations, if you want to use flexibly, but also a certain amount of time of actual operation.

On the Linux system iptables command what is shared here, I hope that the above content can make you improve. If you want to learn more knowledge, please pay more attention to the editor's updates. Thank you for following the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.