Linux iptables 在列表中移动规则
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16511228/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
iptables moving rule in a list
提问by user1814662
i have 2 rules of iptables
我有 2 条 iptables 规则
iptables -A INPUT -s 5.5.5.5 -j DROP
iptables -A INPUT -s 6.5.5.5 -j ACCEPT
is there a function or a command that will swap the rules to be like this:
是否有一个函数或命令可以将规则交换成这样:
iptables -A INPUT -s 6.5.5.5 -j ACCEPT
iptables -A INPUT -s 5.5.5.5 -j DROP
回答by Mandar Shinde
There is no such command to swap two iptables rules.
没有这样的命令来交换两个 iptables 规则。
You can just delete and insert them into appropriate position.
您可以删除它们并将它们插入适当的位置。
回答by d3vkit
First check the line number:
首先检查行号:
iptables -nL --line-numbers
Delete based on line:
基于行删除:
iptables -D INPUT {line}
Insert where you would like it to be:
插入您想要的位置:
iptables -I INPUT {line} -i lo -p tcp --dport {port} -j ACCEPT -m comment --comment "This rule is here for this reason"
Found at these sources:
在这些来源找到:
回答by shgnInc
There is a program named iptables-persistentwhich make iptable's rules persistent as a os service. this service include a configuration file as the iptables-saveexport.
有一个名为iptables-persistentiptable 的规则作为操作系统服务持久化的程序。此服务包括一个配置文件作为iptables-save导出。
So you can reorder the lines in the configuration file and restart the service.
因此,您可以重新排列配置文件中的行并重新启动服务。
sudo service iptables-persistent restart
So easy!!!!!
太简单!!!!!
回答by arungiri_10
Instead of -A use -D to delete and then add again
而不是 -A 使用 -D 删除然后再次添加
iptables -D INPUT -s 5.5.5.5 -j DROP
iptables -D 输入 -s 5.5.5.5 -j DROP
iptables -D INPUT -s 6.5.5.5 -j ACCEPT
iptables -D 输入 -s 6.5.5.5 -j 接受
Now add with swaped value
现在添加交换值
iptables -A INPUT -s 5.5.5.5 -j ACCEPT
iptables -A 输入 -s 5.5.5.5 -j 接受
iptables -A INPUT -s 6.5.5.5 -j DROP
iptables -A 输入 -s 6.5.5.5 -j DROP
回答by Hao
Let's assuem your INPUT chain has only these two rules, so their ID number would be 1and 2respectively for -A INPUT -s 5.5.5.5 -j DROPand -A INPUT -s 6.5.5.5 -j ACCEPT
让我们assuem你的INPUT链只有这两个规则,所以他们的身号将1和2分别-A INPUT -s 5.5.5.5 -j DROP与-A INPUT -s 6.5.5.5 -j ACCEPT
Now, let's switch them:
iptables -R INPUT 2 -s 5.5.5.5 -j DROP
iptables -R INPUT 1 -s 6.5.5.5 -j ACCEPT
现在,让我们切换它们:
iptables -R INPUT 2 -s 5.5.5.5 -j DROP
iptables -R INPUT 1 -s 6.5.5.5 -j ACCEPT
iptables -Ris a command to Replace a rule already existed in iptables with another.
iptables -R是一个命令,用另一个替换 iptables 中已经存在的规则。
Its usage is: iptables -R [chain name] [line number] [new rule]
它的用法是: iptables -R [chain name] [line number] [new rule]
