網路防火牆
Linux 系統防火牆工具:iptables, firewalld
更多文章
基本指令
顯示所有規則
# iptables -L -n -v # iptables -L -n -v --line-numbers # iptables -L INPUT -n -v --line-numbers
- -L : List rules.
- -v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.
- -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.
重啟/清除所有規則
# service iptables stop # service iptables start # iptables -F # iptables -X # iptables -t nat -F # iptables -t nat -X # iptables -t mangle -F # iptables -t mangle -X # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # iptables -P FORWARD ACCEPT
- -F : Deleting (flushing) all the rules.
- -X : Delete chain.
- -t table_name : Select table (called nat or mangle) and delete/flush rules.
- -P : Set the default policy (such as DROP, REJECT, or ACCEPT).
移除指定的規則
顯示所有規則的編號 # iptables -L INPUT -n --line-numbers # iptables -L OUTPUT -n --line-numbers # iptables -L OUTPUT -n --line-numbers | less # iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1 移除指定編號的規則 # iptables -D INPUT 4 移除指定來源 IP 的規則 # iptables -D INPUT -s 202.54.1.1 -j DROP
新增規則
顯示所有規則的編號 # iptables -L INPUT -n --line-numbers 在編號 1-2 之間新增規則 # iptables -I INPUT 2 -s 202.54.1.2 -j DROP
儲存所有規則
For RedHat/CentOS/Fedora Linux # service iptables save For other Linux distro. # iptables-save > /root/my.active.firewall.rules # cat /root/my.active.firewall.rules
回復規則
For other Linux distro. # iptables-restore < /root/my.active.firewall.rules For RedHat/CentOS/Fedora Linux # service iptables restart
Powered by MindTouch Core