網路防火牆

基本指令

顯示所有規則

# iptables -L -n -v
# iptables -L -n -v --line-numbers
# iptables -L INPUT -n -v --line-numbers

• -L : List rules.
• -v : Display detailed information. This option makes the list command show the interface name, the rule options, and the TOS masks. The packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers respectively.
• -n : Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing.
   

重啟/清除所有規則

# service iptables stop
# service iptables start

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT 

• -F : Deleting (flushing) all the rules.
• -X : Delete chain.
• -t table_name : Select table (called nat or mangle) and delete/flush rules.
• -P : Set the default policy (such as DROP, REJECT, or ACCEPT).
   

移除指定的規則

顯示所有規則的編號
# iptables -L INPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers
# iptables -L OUTPUT -n --line-numbers | less
# iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1

移除指定編號的規則
# iptables -D INPUT 4

移除指定來源 IP 的規則
# iptables -D INPUT -s 202.54.1.1 -j DROP