默认规则:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [345:52829]
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -p tcp -j ACCEPT
-A INPUT -s 10.9.0.0/24 -p tcp -j ACCEPT
-A INPUT -s 192.168.2.0/24 -p tcp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
备份系统现在的iptables规则
iptabels-save > iptables.rules
恢复iptables.rules文件中的规则到现在的系统
iptables-restore <
iptables.rules