在使用iptables添加规则的过程中,看到-A和-I参数都是添加规则,刚开始容易混淆,然后就专门试了一下,原来差异在这里
我们直接看实验吧
有以下四条规则
iptables -A INPUT -s 1.1.0.0/24 -j ACCEPT
iptables -A INPUT -s 2.2.0.0/24 -j DROP
iptables -A INPUT -s 3.3.0.0/24 -j ACCEPT
iptables -A INPUT -s 4.4.0.0/24 -j DROP
执行完结果
[root@k8s-node2 ~]# iptables -L --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 KUBE-FIREWALL all -- anywhere anywhere
2 KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
3 KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
4 ACCEPT all -- 1.1.0.0/24 anywhere
5 DROP all -- 2.2.0.0/24 anywhere
6 ACCEPT all -- 3.3.0.0/24 anywhere
7 DROP all -- 4.4.0.0/24 anywhere
删除上述4、5、6、7号规则,然后是-I
iptables -I INPUT -s 1.1.0.0/24 -j ACCEPT
iptables -I INPUT -s 2.2.0.0/24 -j DROP
iptables -I INPUT -s 3.3.0.0/24 -j ACCEPT
iptables -I INPUT -s 4.4.0.0/24 -j DROP
执行完结果
[root@k8s-node2 ~]# iptables -L --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP all -- 4.4.0.0/24 anywhere
2 ACCEPT all -- 3.3.0.0/24 anywhere
3 DROP all -- 2.2.0.0/24 anywhere
4 ACCEPT all -- 1.1.0.0/24 anywhere
5 KUBE-FIREWALL all -- anywhere anywhere
6 KUBE-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes service portals */
7 KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
结果已经很清楚了
1206
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
