4张表 5条链
查看filter表的访问规则
root@ubuntu-130:~# iptables -L #默认是filter表
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@ubuntu-130:~# iptables -t filter -L #等价于上上面
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@ubuntu-130:~#
查看nat表
root@ubuntu-130:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
查看mangle表
root@ubuntu-130:~# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
查看raw表
root@ubuntu-130:~# iptables -t raw -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
防火墙的工作原理:
Iptables 命令
全部允许 全部拒绝 规则表:
iptables -t filter|nat|mangle|raw -A|I|R|D|P|L INPUT|POUPUT|FORWARD|PREROUTING|POSTROUTING 序号 匹配条件(-p tcp|udp |icmp --dport 20:21 或者 -p lo -m mutilport --dportal 20:22,80 或者-m state --state NEW|ESTABLISTED|RELEAMN ) -j ACCEPT|DROP|REJECT