当前位置:theitroad>如何在Linux上用行号列出所有iptables规则

如何在Linux上用行号列出所有iptables规则

时间:2020-01-09 10:39:30  来源:igfitidea点击:

如何在RHEL 6.x系统上添加了NAT规则。
如何查看在Linux中添加的包括行号在内的规则?
是的,您可以在Linux上使用以下命令轻松地"列出所有iptables规则":

  • iptables命令IPv4 netfilter管理工具。
  • ip6tables命令IPv6 netfilter管理工具。

如何在Linux上列出所有iptables规则

列出Linux上所有规则的过程如下:

  • 列出所有IPv4规则:sudo iptables -S
  • 列出所有IPv6规则:sudo ip6tables -S
  • 列出所有表规则:sudo iptables -L -v -n |more
  • 列出所有INPUT表规则:sudo iptables -L INPUT -v -n``sudo iptables -S INPUT

让我们详细了解所有语法和用法,以列出Linux操作系统上的所有iptables规则。

在Linux中查看所有iptables规则

语法为:

iptables -S
iptables --list
iptables -L
iptables -S TABLE_NAME
iptables --table NameHere --list
iptables -t NameHere -L -n -v --line-numbers

打印选定链中的所有规则

sudo iptables -S
sudo iptables -S INPUT
iptables -S OUTPUT

如何列出给定表的规则

以root用户身份执行以下命令:

# iptables -L INPUT
# iptables -L FORWARD
# iptables -L OUTPUT
# iptables -L

输出示例:

target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            
 
Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            
.....
..
..
Chain ufw-user-limit (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
 
Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
 
Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination         
 
Chain ufw-user-logging-input (0 references)
target     prot opt source               destination         
 
Chain ufw-user-logging-output (0 references)
target     prot opt source               destination         
 
Chain ufw-user-output (1 references)
target     prot opt source               destination

规则说明:

  • target告诉一个数据包匹配规则时要减少什么。
  • prot规则的协议。
  • opt规则的其他选项。
  • source源IP地址/子网/域名。
  • destination目的地IP地址/子网/域名。

如何查看nat规则

默认情况下,使用" filter"表。
要查看NAT规则,请执行:

# iptables -t nat -L

其他选项:

# iptables -t filter -L
# iptables -t raw -L
# iptables -t security -L
# iptables -t mangle -L
# iptables -t nat -L

如何查看带有行号的nat规则:

传递--line-numbers选项:

# iptables -t nat -L --line-numbers -n

输出示例:

Chain PREROUTING (policy ACCEPT 28M packets, 1661M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DNAT       tcp  --  eth0   *       10.10.29.68          0.0.0.0/0            tcp dpt:3306 to:10.0.3.19:3306
2        0     0 DNAT       tcp  --  eth0   *       10.10.29.68          0.0.0.0/0            tcp dpt:11211 to:10.0.3.20:11211
3        0     0 DNAT       udp  --  eth0   *       10.10.29.68          0.0.0.0/0            udp dpt:11211 to:10.0.3.20:11211
 
Chain INPUT (policy ACCEPT 18M packets, 1030M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
 
Chain OUTPUT (policy ACCEPT 23M packets, 1408M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
 
Chain POSTROUTING (policy ACCEPT 33M packets, 1979M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    38927 2336K MASQUERADE  all  --  *      *       10.0.3.0/24         !10.0.3.0/24         
2        0     0 MASQUERADE  all  --  *      *       10.0.3.0/24         !10.0.3.0/24

如何查看带有计数器的nat规则(字节和数据包)

将-v选项传递给iptables命令以查看Linux上的所有iptables规则:

# iptables -t nat -L -n -v

Linux查看所有iptables NAT,DNAT,MASQUERADE规则

ip6tables

ip6tables是用于IPv6数据包过滤和NAT的管理工具。
要查看IPv6表,请执行:

# ip6tables -L -n -v

Chain INPUT (policy DROP 239 packets, 16202 bytes)
pkts bytes target     prot opt in     out     source               destination         
136K   30M ufw6-before-logging-input  all      *      *       ::/0                 ::/0                
136K   30M ufw6-before-input  all      *      *       ::/0                 ::/0                
  241 16360 ufw6-after-input  all      *      *       ::/0                 ::/0                
  239 16202 ufw6-after-logging-input  all      *      *       ::/0                 ::/0                
  239 16202 ufw6-reject-input  all      *      *       ::/0                 ::/0                
  239 16202 ufw6-track-input  all      *      *       ::/0                 ::/0                

Chain FORWARD (policy DROP 483 packets, 32628 bytes)
pkts bytes target     prot opt in     out     source               destination         
  483 32628 ufw6-before-logging-forward  all      *      *       ::/0                 ::/0                
  483 32628 ufw6-before-forward  all      *      *       ::/0                 ::/0                
  483 32628 ufw6-after-forward  all      *      *       ::/0                 ::/0                
  483 32628 ufw6-after-logging-forward  all      *      *       ::/0                 ::/0                
  483 32628 ufw6-reject-forward  all      *      *       ::/0                 ::/0                
  483 32628 ufw6-track-forward  all      *      *       ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 122 packets, 8555 bytes)
pkts bytes target     prot opt in     out     source               destination         
136K   30M ufw6-before-logging-output  all      *      *       ::/0                 ::/0                
136K   30M ufw6-before-output  all      *      *       ::/0                 ::/0                
  183 14107 ufw6-after-output  all      *      *       ::/0                 ::/0                
  183 14107 ufw6-after-logging-output  all      *      *       ::/0                 ::/0                
  183 14107 ufw6-reject-output  all      *      *       ::/0                 ::/0                
  183 14107 ufw6-track-output  all      *      *       ::/0                 ::/0                

Chain ufw6-after-forward (1 references)
pkts bytes target     prot opt in     out     source               destination         

...
....
..
pkts bytes target     prot opt in     out     source               destination         
   19  1520 ACCEPT     tcp      *      *       ::/0                 ::/0                 ctstate NEW
   42  4032 ACCEPT     udp      *      *       ::/0                 ::/0                 ctstate NEW

Chain ufw6-user-forward (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-input (1 references)
pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-limit (0 references)
pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      *      *       ::/0                 ::/0                 limit: avg 3/min burst 5 LOG flags 0 
level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all      *      *       ::/0                 ::/0                 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                

Chain ufw6-user-logging-forward (0 references)
pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-input (0 references)
pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-logging-output (0 references)
pkts bytes target     prot opt in     out     source               destination         

Chain ufw6-user-output (1 references)
pkts bytes target     prot opt in     out     source               destination

要查看nat规则和行号,请执行:

# ip6tables -L -n -v -t nat --line-numbers

相关推荐

如何在Ubuntu Linux 16.04 LTS上安装Tinc VPN

如何在Ubuntu Linux 16.04 LTS上安装Tinc VPN

如何在RHEL 7上安装TripleO Undercloud(Openstack)

如何在RHEL 7上安装TripleO Undercloud(Openstack)

如何在OpenBSD Unix和Linux上将OpenSSH 7.0升级到7.2

如何在OpenBSD Unix和Linux上将OpenSSH 7.0升级到7.2

如何在Ubuntu 18.04上安装Vanilla Gnome

如何在Ubuntu 18.04上安装Vanilla Gnome

相关推荐
最近更新
标签