📄 how to use ip tables.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0043)http://krnlpanic.com/tutorials/iptables.php -->
<HTML><HEAD><TITLE>Linux Resources at KrnlPanic.com</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<STYLE type=text/css>.winposition {
LEFT: -1000px; POSITION: absolute; TOP: -1000px
}
A:unknown {
TEXT-DECORATION: none
}
A:link {
COLOR: #6557ab; TEXT-DECORATION: none
}
A:visited {
COLOR: #6557ab; TEXT-DECORATION: none
}
A:active {
COLOR: #ffffff; TEXT-DECORATION: none
}
UNKNOWN {
COLOR: #ffffff; TEXT-DECORATION: none
}
</STYLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY vLink=#0050a0 aLink=#000000 link=#0050a0 bgColor=#c1c1cd marginwidth="10"
marginheight="15"><!-- <basefont face="lucida"> --><!-- <basefont face="verdana"> -->
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD bgColor=#000000>
<TABLE cellSpacing=2 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD align=left width="99%" bgColor=#d3d3df><B> <IMG
src="How to use IP Tables.files/kpscript.gif"> </B></TD></TR>
<TR><!-- Start of navigation content-->
<TD align=right bgColor=#8f8f9b colSpan=2><B><BIG><FONT
color=#c0d0e0>: : </FONT><FONT color=#d0e0f0>: : </FONT><FONT
color=#e0f0ff>: : </FONT><FONT color=#f0f8ff>: : </FONT></BIG><FONT
color=#808080> </FONT><A
href="http://krnlpanic.com/"><FONT color=#c0c0c0>h o m e
</FONT></A><FONT color=#808080> | </FONT><A
href="http://krnlpanic.com/resume.html"><FONT color=#c0c0c0>m y
r e s u m e </FONT></A><FONT
color=#808080> | </FONT><A
href="http://krnlpanic.com/submit.html"><FONT color=#c0c0c0>f e e d
b a c k </FONT></A><FONT color=#808080> |
</FONT><A href="http://chatnewbies.net/webchat"><FONT
color=#c0c0c0>i r c c h a t </FONT></A><FONT
color=#808080> | </FONT><A
href="http://krnlpanic.com/quotes.php"><FONT color=#c0c0c0>q u o t e
s </FONT></A><!-- <font color="#808080"> | </font> <a href="/rants.php"> <font color="#c0c0c0"> r a n t s </font> </a> --><FONT
color=#808080> </FONT></B></TD><!-- End of navigaton content header.inc --></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
<TABLE width="100%">
<TBODY>
<TR>
<TD vAlign=top>
<TABLE cellSpacing=4 cellPadding=0 border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=4 width="100%" border=0>
<TBODY>
<TR>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD bgColor=#000000>
<TABLE cellSpacing=2 cellPadding=2 width="100%"
border=0>
<TBODY>
<TR>
<TD bgColor=#8f8f9b><B><FONT color=#ffffff> L
i n u x H e l p </FONT><BIG><FONT
color=#f0f8ff>: : </FONT><FONT color=#e0f0ff>: :
</FONT><FONT color=#d0e0f0>: : </FONT><FONT
color=#c0d0e0>: : </FONT></BIG></B></TD></TR>
<TR>
<TD bgColor=#d3d3df>
<TABLE cellSpacing=2 cellPadding=2>
<TBODY>
<TR><!-- Start of news content -->
<TD>
<CENTER><FONT color=black>
<H1>How to use IP Tables</H1></FONT></CENTER>
<P><FONT face="verdana, arial, helvetica"
color=black
size=2>****************************************************
<BR>IPTABLES TUTORIAL <BR><BR>I. <A
href="http://krnlpanic.com/tutorials/iptables.php#def">Definitions
and similarities to ipchains</A> <BR><BR>II. <A
href="http://krnlpanic.com/tutorials/iptables.php#options">Chain
types and options</A> <BR><BR>III. <A
href="http://krnlpanic.com/tutorials/iptables.php#cli">Command
line examples</A>
<BR><BR>****************************************************
<BR><BR>With the release of the 2.4 kernel,
everyone who was used to using ipchains to
configure their firewall will now be looking at
iptables. The native packet filtering mechanism
for the 2.4 kernel series is iptables, but you
can still compile in ipchains support at kernel
configuration time. <BR><BR><A
name=def><BR><BR><BIG>I. What Are These
"Chains"?</BIG> <BR><BR>Just like its
predecessor "ipchains", iptables uses a set of
chain rules. The three default chains are named
INPUT, OUTPUT, and FORWARD. A chain is just a
simple checklist of rules and specifies what to
do with each of the packets. The chain rules
will either ACCEPT a packet or DROP a packet
(note the "drop" syntax rather than "deny"). If
the packet doesn't have anymore rules left in
the chain, the system will consult the chain
policy to decide what to do. Most systems are
setup with a policy of deny. So if the packet
doesn't match any rules that "allow" it through,
then it will "drop" it. <BR><BR>The first
decision the kernel has to make upon receipt of
a packet is "Where is the destination?" If the
destination is for the box itself it will
consult the rules for the INPUT chain. If the
destination is for another network interface
(and you have IP Forwarding enabled), the packet
is compared against the FORWARD chain. As long
as the packet gets an "ACCEPT" by one of the
chain rules the packet will be forwarded on. If
the linux box itself needs to send network
packets, it will consult the OUTPUT chain and if
the packet is ACCEPT-ed by one of the rules it
will be sent out to the appropriate interface.
<BR><BR>One of the key concepts for people
transitioning from ipchains is to realize that
the INPUT and OUTPUT chains actually refer to
the local machine rather than to all incoming
and outgoing packets. Another point to consider
is the use of "-o" to specify the interface. We
used to use "-i" in ipchains to refer to the
interface. In iptables "-i" is only used when
referring to the incoming interface (so on the
INPUT and FORWARD chains it is ok). So you are
pretty much going to want to use "-o" where you
used to use the "-i". This will refer to both
the FORWARD and OUTPUT interface. <BR><BR><A
name=options><BR><BR><BIG>II. Chain types and
options</BIG> <BR><BR>As I mentioned, you have
three basic chains: <BR><BR><FONT
color=blue>INPUT</FONT> <BR><FONT
color=blue>OUTPUT</FONT> <BR><FONT
color=blue>FORWARD</FONT> <BR><BR>However, you
can create your own chains by using: <BR><FONT
color=blue>/sbin/iptables -N</FONT> <BR><BR>The
above will create a new chain. Here are some
more options to manipulate your chains:
<BR><BR><FONT color=blue>-N </FONT>Create a new
chain <BR><FONT color=blue>-X </FONT>Delete an
EMPTY chain <BR><FONT color=blue>-P</FONT>
Change the Policy for a built-in chain <BR><FONT
color=blue>-L </FONT>Lists the chain rules
<BR><FONT color=blue>-F </FONT>Flushes the rules
of a chain <BR><FONT color=blue>-Z </FONT>Sets
the counters to zero on all the rules in a chain
<BR><BR><A name=cli><BR><BR><BIG>III. Command
line examples </BIG><BR><BR>Now for some options
you can use to configure rules inside your
chains: <BR><BR><FONT color=blue>-A
</FONT>Append a new rule <BR><FONT color=blue>-I
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -