📄 iptables tutorial 1_1_19.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0063)http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html -->
<HTML><HEAD><TITLE>Iptables Tutorial 1.1.19</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY class=BOOK text=#000000 vLink=#840084 aLink=#0000ff link=#0000ff
bgColor=#ffffff>
<DIV class=BOOK><A name=IPTABLES-TUTORIAL></A>
<DIV class=TITLEPAGE>
<H1 class=TITLE><A name=AEN2>Iptables Tutorial 1.1.19</A></H1>
<H3 class=AUTHOR><A name=AEN4>Oskar Andreasson</A></H3>
<DIV class=AFFILIATION>
<DIV class=ADDRESS>
<P
class=ADDRESS> blueflux@koffein.net<BR> </P></DIV></DIV>
<P class=COPYRIGHT>Copyright © 2001-2003 by Oskar Andreasson</P>
<DIV class=LEGALNOTICE><A name=AEN13></A>
<P></P>
<P>Permission is granted to copy, distribute and/or modify this document under
the terms of the GNU Free Documentation License, Version 1.1; with the Invariant
Sections being "Introduction" and all sub-sections, with the Front-Cover Texts
being "Original Author: Oskar Andreasson", and with no Back-Cover Texts. A copy
of the license is included in the section entitled "GNU Free Documentation
License". </P>
<P>All scripts in this tutorial are covered by the GNU General Public License.
The scripts are free source; you can redistribute them and/or modify them under
the terms of the GNU General Public License as published by the Free Software
Foundation, version 2 of the License. </P>
<P>These scripts are distributed in the hope that they will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details. </P>
<P>You should have received a copy of the GNU General Public License within this
tutorial, under the section entitled "GNU General Public License"; if not, write
to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA </P>
<P></P></DIV>
<HR>
</DIV>
<HR>
<H1><A name=AEN18>Dedications</A></H1>
<P>First of all I would like to dedicate this document to my wonderful
girlfriend Ninel. She has supported me more than I ever can support her to any
degree. I wish I could make you just as happy as you make me. </P>
<P>Second of all, I would like to dedicate this work to all of the incredibly
hard working Linux developers and maintainers. It is people like those who make
this wonderful operating system possible. </P>
<DIV class=TOC>
<DL>
<DT><B>Table of Contents</B>
<DT><A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#ABOUTTHEAUTHOR">About
the author</A>
<DT><A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#HOWTOREAD">How
to read</A>
<DT><A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#PREREQUISITES">Prerequisites</A>
<DT><A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#CONVENTIONSUSED">Conventions
used in this document</A>
<DT>1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#INTRODUCTION">Introduction</A>
<DD>
<DL>
<DT>1.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#WHYTHISDOCUMENT">Why
this document was written</A>
<DT>1.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#HOWITWAS">How
it was written</A>
<DT>1.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TERMSUSED">Terms
used in this document</A></DT></DL>
<DT>2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#PREPARATIONS">Preparations</A>
<DD>
<DL>
<DT>2.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#WHERETOGET">Where
to get iptables</A>
<DT>2.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#KERNELSETUP">Kernel
setup</A>
<DT>2.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#USERLANDSETUP">User-land
setup</A>
<DD>
<DL>
<DT>2.3.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#COMPILINGUSERAPPS">Compiling
the user-land applications</A>
<DT>2.3.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#INSTALLRH71">Installation
on Red Hat 7.1</A></DT></DL></DD></DL>
<DT>3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES">Traversing
of tables and chains</A>
<DD>
<DL>
<DT>3.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TRAVERSINGGENERAL">General</A>
<DT>3.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#MANGLETABLE">mangle
table</A>
<DT>3.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#NATTABLE">nat
table</A>
<DT>3.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#FILTERTABLE">Filter
table</A></DT></DL>
<DT>4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#STATEMACHINE">The
state machine</A>
<DD>
<DL>
<DT>4.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#STATEMACHINEINTRODUCTION">Introduction</A>
<DT>4.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#THECONNTRACKENTRIES">The
conntrack entries</A>
<DT>4.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#USERLANDSTATES">User-land
states</A>
<DT>4.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TCPCONNECTIONS">TCP
connections</A>
<DT>4.5. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#UDPCONNECTIONS">UDP
connections</A>
<DT>4.6. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#ICMPCONNECTIONS">ICMP
connections</A>
<DT>4.7. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#DEFAULTCONNECTIONS">Default
connections</A>
<DT>4.8. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#COMPLEXPROTOCOLS">Complex
protocols and connection tracking</A></DT></DL>
<DT>5. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#SAVEANDRESTORE">Saving
and restoring large rule-sets</A>
<DD>
<DL>
<DT>5.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#SPEEDCONSIDERATIONS">Speed
considerations</A>
<DT>5.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#DRAWBACKSWITHRESTORE">Drawbacks
with restore</A>
<DT>5.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#IPTABLES-SAVE">iptables-save</A>
<DT>5.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#IPTABLES-RESTORE">iptables-restore</A></DT></DL>
<DT>6. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#HOWARULEISBUILT">How
a rule is built</A>
<DD>
<DL>
<DT>6.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#BASICS">Basics</A>
<DT>6.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TABLES">Tables</A>
<DT>6.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#COMMANDS">Commands</A>
<DT>6.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#MATCHES">Matches</A>
<DD>
<DL>
<DT>6.4.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#GENERICMATCHES">Generic
matches</A>
<DT>6.4.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#IMPLICITMATCHES">Implicit
matches</A>
<DT>6.4.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#EXPLICITMATCHES">Explicit
matches</A>
<DT>6.4.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#UNCLEANMATCH">Unclean
match</A></DT></DL>
<DT>6.5. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TARGETS">Targets/Jumps</A>
<DD>
<DL>
<DT>6.5.1. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#ACCEPTTARGET">ACCEPT
target</A>
<DT>6.5.2. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#DNATTARGET">DNAT
target</A>
<DT>6.5.3. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#DROPTARGET">DROP
target</A>
<DT>6.5.4. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#LOGTARGET">LOG
target</A>
<DT>6.5.5. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#MARKTARGET">MARK
target</A>
<DT>6.5.6. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#MASQUERADETARGET">MASQUERADE
target</A>
<DT>6.5.7. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#MIRRORTARGET">MIRROR
target</A>
<DT>6.5.8. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#QUEUETARGET">QUEUE
target</A>
<DT>6.5.9. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#REDIRECTTARGET">REDIRECT
target</A>
<DT>6.5.10. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#REJECTTARGET">REJECT
target</A>
<DT>6.5.11. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#RETURNTARGET">RETURN
target</A>
<DT>6.5.12. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#SNATTARGET">SNAT
target</A>
<DT>6.5.13. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TOSTARGET">TOS
target</A>
<DT>6.5.14. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#TTLTARGET">TTL
target</A>
<DT>6.5.15. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#ULOGTARGET">ULOG
target</A></DT></DL></DD></DL>
<DT>7. <A
href="http://www.jollycom.ca/iptables-tutorial/iptables-tutorial.html#RCFIREWALLFILE">rc.firewall
file</A>
<DD>
<DL>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -