iptables学习方法

 

 

4张表 5条链

 

 

 查看filter表的访问规则

root@ubuntu-130:~# iptables -L #默认是filter表
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@ubuntu-130:~# iptables -t filter  -L  #等价于上上面
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@ubuntu-130:~#

查看nat表

root@ubuntu-130:~# iptables -t nat  -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

查看mangle表

root@ubuntu-130:~# iptables -t mangle  -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

查看raw表

root@ubuntu-130:~# iptables -t raw  -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

防火墙的工作原理：

 

Iptables 命令

 全部允许 全部拒绝  规则表：

 

 

iptables -t filter|nat|mangle|raw -A|I|R|D|P|L INPUT|POUPUT|FORWARD|PREROUTING|POSTROUTING 序号 匹配条件（-p tcp|udp  |icmp  --dport 20:21 或者 -p lo    -m mutilport  --dportal  20:22,80  或者-m state --state NEW|ESTABLISTED|RELEAMN  ） -j ACCEPT|DROP|REJECT