Linux防火墙iptables命令管理入门

本文涉及的产品
公网NAT网关,每月750个小时 15CU
云防火墙,500元 1000GB
简介: 本文介绍了关于Linux防火墙iptables命令管理入门的教程,涵盖了iptables的基本概念、语法格式、常用参数、基础查询操作以及链和规则管理等内容。

作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.iptables命令概述

1>.iptables是一个高度模块化工具

[root@hdp101.yinzhengjie.org.cn ~]# yum info iptables
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.huaweicloud.com
 * updates: mirror.bit.edu.cn
Installed Packages
Name        : iptables
Arch        : x86_64
Version     : 1.4.21
Release     : 28.el7
Size        : 1.5 M
Repo        : installed
From repo   : anaconda
Summary     : Tools for managing Linux kernel packet filtering capabilities
URL         : http://www.netfilter.org/
License     : GPLv2
Description : The iptables utility controls the network packet filtering code in the
            : Linux kernel. If you need to set up firewalls and/or IP masquerading,
            : you should install this package.

Available Packages
Name        : iptables
Arch        : i686
Version     : 1.4.21
Release     : 33.el7
Size        : 424 k
Repo        : base/7/x86_64
Summary     : Tools for managing Linux kernel packet filtering capabilities
URL         : http://www.netfilter.org/
License     : GPLv2
Description : The iptables utility controls the network packet filtering code in the
            : Linux kernel. If you need to set up firewalls and/or IP masquerading,
            : you should install this package.

Name        : iptables
Arch        : x86_64
Version     : 1.4.21
Release     : 33.el7
Size        : 433 k
Repo        : base/7/x86_64
Summary     : Tools for managing Linux kernel packet filtering capabilities
URL         : http://www.netfilter.org/
License     : GPLv2
Description : The iptables utility controls the network packet filtering code in the
            : Linux kernel. If you need to set up firewalls and/or IP masquerading,
            : you should install this package.

[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# yum info iptables

[root@hdp101.yinzhengjie.org.cn ~]# rpm -ql iptables
/etc/sysconfig/ip6tables-config
/etc/sysconfig/iptables-config
/usr/bin/iptables-xml
/usr/lib64/libip4tc.so.0
/usr/lib64/libip4tc.so.0.1.0
/usr/lib64/libip6tc.so.0
/usr/lib64/libip6tc.so.0.1.0
/usr/lib64/libiptc.so.0
/usr/lib64/libiptc.so.0.0.0
/usr/lib64/libxtables.so.10
/usr/lib64/libxtables.so.10.0.0
/usr/lib64/xtables
/usr/lib64/xtables/libip6t_DNAT.so
/usr/lib64/xtables/libip6t_DNPT.so
/usr/lib64/xtables/libip6t_HL.so
/usr/lib64/xtables/libip6t_LOG.so
/usr/lib64/xtables/libip6t_MASQUERADE.so
/usr/lib64/xtables/libip6t_NETMAP.so
/usr/lib64/xtables/libip6t_REDIRECT.so
/usr/lib64/xtables/libip6t_REJECT.so
/usr/lib64/xtables/libip6t_SNAT.so
/usr/lib64/xtables/libip6t_SNPT.so
/usr/lib64/xtables/libip6t_ah.so
/usr/lib64/xtables/libip6t_dst.so
/usr/lib64/xtables/libip6t_eui64.so
/usr/lib64/xtables/libip6t_frag.so
/usr/lib64/xtables/libip6t_hbh.so
/usr/lib64/xtables/libip6t_hl.so
/usr/lib64/xtables/libip6t_icmp6.so
/usr/lib64/xtables/libip6t_ipv6header.so
/usr/lib64/xtables/libip6t_mh.so
/usr/lib64/xtables/libip6t_rt.so
/usr/lib64/xtables/libipt_CLUSTERIP.so
/usr/lib64/xtables/libipt_DNAT.so
/usr/lib64/xtables/libipt_ECN.so
/usr/lib64/xtables/libipt_LOG.so
/usr/lib64/xtables/libipt_MASQUERADE.so
/usr/lib64/xtables/libipt_MIRROR.so
/usr/lib64/xtables/libipt_NETMAP.so
/usr/lib64/xtables/libipt_REDIRECT.so
/usr/lib64/xtables/libipt_REJECT.so
/usr/lib64/xtables/libipt_SAME.so
/usr/lib64/xtables/libipt_SNAT.so
/usr/lib64/xtables/libipt_TTL.so
/usr/lib64/xtables/libipt_ULOG.so
/usr/lib64/xtables/libipt_ah.so
/usr/lib64/xtables/libipt_icmp.so
/usr/lib64/xtables/libipt_realm.so
/usr/lib64/xtables/libipt_ttl.so
/usr/lib64/xtables/libipt_unclean.so
/usr/lib64/xtables/libxt_AUDIT.so
/usr/lib64/xtables/libxt_CHECKSUM.so
/usr/lib64/xtables/libxt_CLASSIFY.so
/usr/lib64/xtables/libxt_CONNMARK.so
/usr/lib64/xtables/libxt_CONNSECMARK.so
/usr/lib64/xtables/libxt_CT.so
/usr/lib64/xtables/libxt_DSCP.so
/usr/lib64/xtables/libxt_HMARK.so
/usr/lib64/xtables/libxt_IDLETIMER.so
/usr/lib64/xtables/libxt_LED.so
/usr/lib64/xtables/libxt_MARK.so
/usr/lib64/xtables/libxt_NFLOG.so
/usr/lib64/xtables/libxt_NFQUEUE.so
/usr/lib64/xtables/libxt_NOTRACK.so
/usr/lib64/xtables/libxt_RATEEST.so
/usr/lib64/xtables/libxt_SECMARK.so
/usr/lib64/xtables/libxt_SET.so
/usr/lib64/xtables/libxt_SYNPROXY.so
/usr/lib64/xtables/libxt_TCPMSS.so
/usr/lib64/xtables/libxt_TCPOPTSTRIP.so
/usr/lib64/xtables/libxt_TEE.so
/usr/lib64/xtables/libxt_TOS.so
/usr/lib64/xtables/libxt_TPROXY.so
/usr/lib64/xtables/libxt_TRACE.so
/usr/lib64/xtables/libxt_addrtype.so
/usr/lib64/xtables/libxt_bpf.so
/usr/lib64/xtables/libxt_cgroup.so
/usr/lib64/xtables/libxt_cluster.so
/usr/lib64/xtables/libxt_comment.so
/usr/lib64/xtables/libxt_connbytes.so
/usr/lib64/xtables/libxt_connlabel.so
/usr/lib64/xtables/libxt_connlimit.so
/usr/lib64/xtables/libxt_connmark.so
/usr/lib64/xtables/libxt_conntrack.so
/usr/lib64/xtables/libxt_cpu.so
/usr/lib64/xtables/libxt_dccp.so
/usr/lib64/xtables/libxt_devgroup.so
/usr/lib64/xtables/libxt_dscp.so
/usr/lib64/xtables/libxt_ecn.so
/usr/lib64/xtables/libxt_esp.so
/usr/lib64/xtables/libxt_hashlimit.so
/usr/lib64/xtables/libxt_helper.so
/usr/lib64/xtables/libxt_iprange.so
/usr/lib64/xtables/libxt_ipvs.so
/usr/lib64/xtables/libxt_length.so
/usr/lib64/xtables/libxt_limit.so
/usr/lib64/xtables/libxt_mac.so
/usr/lib64/xtables/libxt_mark.so
/usr/lib64/xtables/libxt_multiport.so
/usr/lib64/xtables/libxt_nfacct.so
/usr/lib64/xtables/libxt_osf.so
/usr/lib64/xtables/libxt_owner.so
/usr/lib64/xtables/libxt_physdev.so
/usr/lib64/xtables/libxt_pkttype.so
/usr/lib64/xtables/libxt_policy.so
/usr/lib64/xtables/libxt_quota.so
/usr/lib64/xtables/libxt_rateest.so
/usr/lib64/xtables/libxt_recent.so
/usr/lib64/xtables/libxt_rpfilter.so
/usr/lib64/xtables/libxt_sctp.so
/usr/lib64/xtables/libxt_set.so
/usr/lib64/xtables/libxt_socket.so
/usr/lib64/xtables/libxt_standard.so
/usr/lib64/xtables/libxt_state.so
/usr/lib64/xtables/libxt_statistic.so
/usr/lib64/xtables/libxt_string.so
/usr/lib64/xtables/libxt_tcp.so
/usr/lib64/xtables/libxt_tcpmss.so
/usr/lib64/xtables/libxt_time.so
/usr/lib64/xtables/libxt_tos.so
/usr/lib64/xtables/libxt_u32.so
/usr/lib64/xtables/libxt_udp.so
/usr/sbin/ip6tables
/usr/sbin/ip6tables-restore
/usr/sbin/ip6tables-save
/usr/sbin/iptables
/usr/sbin/iptables-restore
/usr/sbin/iptables-save
/usr/sbin/xtables-multi
/usr/share/doc/iptables-1.4.21
/usr/share/doc/iptables-1.4.21/COPYING
/usr/share/doc/iptables-1.4.21/INCOMPATIBILITIES
/usr/share/man/man1/iptables-xml.1.gz
/usr/share/man/man8/ip6tables-restore.8.gz
/usr/share/man/man8/ip6tables-save.8.gz
/usr/share/man/man8/ip6tables.8.gz
/usr/share/man/man8/iptables-extensions.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables.8.gz
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# rpm -ql iptables

  如果你不是自己编译Linux内核安装的操作系统基本上常见的Linux发行版默认就已经安装了iptables工具了,如果你是CentOS操作系系统可以直接使用"yum -y install iptables"进行安装。  

  iptables命令是一个高度模块化工具,由诸多扩展模块实现其检查条件或处理动作的定义,我们通过"rpm -ql iptables"命令可以查看到"/usr/lib64/xtables/"目录下有很多iptables的文件,其中以"libip6t_*"开头的文件是用于处理IPV6的扩展匹配条件或扩展动作处理的,而以"libipt_*"或者"libxt_*"的文件则是用于处理IPV4的扩展匹配条件或扩展动作处理的。

2>.iptables的语法格式

  查看"man iptables"可以查看到iptables命令的帮助信息,如下图所示。

3>.当我们关闭防火墙时,默认规则时允许(ACCEPT)的

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL
Chain INPUT (policy ACCEPT 618 packets, 74197 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 581 packets, 75073 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL

4>.查看"-t"参数支持的选项

  通过"man iptables"中的文档可知,"-t"参数等效于"--table",即指定表名,可选的表面如下图所示。

5>."COMMANDS"的分类

通过"man iptables"可以查看到COMMANDS支持的各种参数,我们可以对齐分为以下三类。

  链(chain)管理:
    -N:
      等效于"--new-chain"选项,即自定义一条新的规则链。新创建的链引用计数默认为0。
    -X:
      等效于"--delete-chain"选项,即删除自定义的规则链。注意,仅能删除用户自定义引用计数为0且规则为空(没有定义规则)的链。
    -P:
      等效于"--policy"选项,即设置默认策略,对于filter表中的链而言,其默认策略有:ACCEPT(接收),DROP(丢弃),REJECT(拒绝)。
    -E:
      等效于"--rename-chain"选项,即重命名自定义链,引用计数不为0的自定义链不能够被重命名,也不能被删除。

  规则管理:
    -A:
      等效于"--append"选项,即最佳一条规则。
    -I:
      等效于"--insert"选项,即插入规则,可以指定插入的位置,省略时表示将新增的规则插入到第一条。
    -D:
      等效于"--delete"选项,即指明删除规则序号或规则本身。
    -R:
      等效于"--replace"选项,即替换指定链上的指定规则。
    -F:
      等效于"--flush"选项,即清空指定的规则链。
    -Z:
      等效于"--zero"选项,即将规则的计数器清空(即置零)。
          iptables的每条规则都有两个计数器,一个是匹配到的报文个数(pkts),另一个是匹配到的所有报文的大小之和(bytes)

  查看:
    -L:
      等效于"--list"选项,列出指定键上的所有规则。它还支持以下选项:
        -n:
          即numberic,表示以数字格式显式地址和端口号。如果不指定该参数默认情况下,iptables会将IP地址反解成主机名。使用-n参数后则不会进行反解操作,就以IP地址的形式显示。
        -v:
          即verbose,表示显式详细信息,会显示计数器(iptables的每条规则都有两个计数器,一个是匹配到的报文个数(pkts),另一个是匹配到的所有报文的大小之和(bytes))。
          你甚至还可以些"-vv","--vvv"显式更详细的信息哟~
        -x:
          即exactly,表示显式计数器结果的精确值。
        --line-numbers:
          表示显式规则的行号。

6>.iptales的常用参数

  基本匹配条件:
    无需加载任何模块,由iptables/netfilter自行提供。
      -s:  
        等效于"--source"选项,即检查报文中的源IP地址是否符合此处指定的地址或范围。  
      -d:  
        等效于"--destination"选项,即检查报文中目标地址是否符合此处指定的地址或范围,匹配所有地址可以使用"0.0.0.0/0"  
      -p:  
        等效于"--protocol"选项,即指定协议,支持指定的协议有:tcp, udp, udplite, icmp, icmpv6,esp, ah, sctp, mh or the special keyword "all"。如果不指定协议默认则是"all",表示所有协议。  
      -i:  
        等效于"--in-interface"选项,即数据报文流入的接口,只能应用于数据报文流入的环节,只能应用于PREROUTING,INPUT和FORWARD链。  
      -o:  
        等效于"--out-interface"选项,即数据报文流出的接口,只能应用于数据报文流出的环节,只能应用于FORWARD,OUTPUT和POSTROUTING链。  
      -j:  
        等效于"--jump"选项,即表示如何处理规则的动作,如ACCEPT,REJECT,DROP。

  扩展匹配条件:
    需要加载扩展模块,方可生效。  
    隐式扩展:  
      不需要手动加载扩展模块,因为它们是对协议的扩展,所以,但凡使用"-p"指明了协议,就表示已经指明了要扩展的模块;  
      tcp:  
        "--spirce-port,--sport port[:prot]":  
          匹配报文的源端口,也可以是端口范围。  
        "--destination-port,--dport port[:prot]":  
          匹配报文的目标端口,可以是端口范围。  
        "--tcp-flags mask comp":  
          例如"--tcp-flages SYN,ACK,FIN,RST SYN"表示,要检查的标志位为SYN,ACK,FIN,RST四个,其中SYN必须为1,余下的必须为0。  
      udp:

7>.

二.使用iptables进行基础的查询操作

1>.查看filter表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Feb 11 18:00:37 hdp101.yinzhengjie.org.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 11 18:00:37 hdp101.yinzhengjie.org.cn systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 11 18:01:04 hdp101.yinzhengjie.org.cn systemd[1]: Stopping firewalld - dynamic firewall daemon...
Feb 11 18:01:04 hdp101.yinzhengjie.org.cn systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# systemctl start firewalld                #为了看到实验效果,我们暂时把防火墙功能打开
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-02-11 18:01:18 CST; 1s ago
     Docs: man:firewalld(1)
 Main PID: 18613 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─18613 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Feb 11 18:01:17 hdp101.yinzhengjie.org.cn systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 11 18:01:18 hdp101.yinzhengjie.org.cn systemd[1]: Started firewalld - dynamic firewall daemon.
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# systemctl start firewalld                #为了看到实验效果,我们暂时把防火墙功能打开

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
INPUT_direct  all  --  anywhere             anywhere            
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere            
INPUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
FORWARD_direct  all  --  anywhere             anywhere            
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_IN_ZONES  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (1 references)
target     prot opt source               destination         
FWDI_public_log  all  --  anywhere             anywhere            
FWDI_public_deny  all  --  anywhere             anywhere            
FWDI_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (1 references)
target     prot opt source               destination         
FWDO_public_log  all  --  anywhere             anywhere            
FWDO_public_deny  all  --  anywhere             anywhere            
FWDO_public_allow  all  --  anywhere             anywhere            

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (1 references)
target     prot opt source               destination         
IN_public_log  all  --  anywhere             anywhere            
IN_public_deny  all  --  anywhere             anywhere            
IN_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -L                  #查看filter表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
INPUT_direct  all  --  anywhere             anywhere            
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere            
INPUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
FORWARD_direct  all  --  anywhere             anywhere            
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_IN_ZONES  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (1 references)
target     prot opt source               destination         
FWDI_public_log  all  --  anywhere             anywhere            
FWDI_public_deny  all  --  anywhere             anywhere            
FWDI_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (1 references)
target     prot opt source               destination         
FWDO_public_log  all  --  anywhere             anywhere            
FWDO_public_deny  all  --  anywhere             anywhere            
FWDO_public_allow  all  --  anywhere             anywhere            

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (1 references)
target     prot opt source               destination         
IN_public_log  all  --  anywhere             anywhere            
IN_public_deny  all  --  anywhere             anywhere            
IN_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -L                        #我们也可以不用"-t"选项指定表名,因为默认就是查看filter表

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -L -n 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (1 references)
target     prot opt source               destination         
FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (1 references)
target     prot opt source               destination         
FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (1 references)
target     prot opt source               destination         
IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -L -n                      #以数字格式显式地址和端口

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -nL  --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
3    INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
4    INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
5    INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
6    DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
3    FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
4    FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
5    FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
6    FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
7    FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
8    DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
2    OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num  target     prot opt source               destination         
1    FWDI_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num  target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num  target     prot opt source               destination         
1    FWDO_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num  target     prot opt source               destination         

Chain FORWARD_direct (1 references)
num  target     prot opt source               destination         

Chain FWDI_public (1 references)
num  target     prot opt source               destination         
1    FWDI_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
2    FWDI_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
3    FWDI_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num  target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
num  target     prot opt source               destination         

Chain FWDI_public_log (1 references)
num  target     prot opt source               destination         

Chain FWDO_public (1 references)
num  target     prot opt source               destination         
1    FWDO_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
2    FWDO_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
3    FWDO_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num  target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
num  target     prot opt source               destination         

Chain FWDO_public_log (1 references)
num  target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
num  target     prot opt source               destination         
1    IN_public  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num  target     prot opt source               destination         

Chain INPUT_direct (1 references)
num  target     prot opt source               destination         

Chain IN_public (1 references)
num  target     prot opt source               destination         
1    IN_public_log  all  --  0.0.0.0/0            0.0.0.0/0           
2    IN_public_deny  all  --  0.0.0.0/0            0.0.0.0/0           
3    IN_public_allow  all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num  target     prot opt source               destination         

Chain IN_public_log (1 references)
num  target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
num  target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -nL --line-numbers              #显式行号

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -nL  --line-numbers -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    30990 4292K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2      598 31815 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        1    92 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        1    92 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        1    92 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 436 packets, 182K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    31049 4288K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2      436  182K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -nL --line-numbers -v             #显式详细信息

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -nL  --line-numbers -vv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    31442 4349K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2      599 31891 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        1    92 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        1    92 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        1    92 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 449 packets, 190K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    31483 4345K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2      449  190K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
libiptc vlibxtables.so.10. 13584 bytes.
Table `filter'
Hooks: pre/in/fwd/out/post = ffffffff/0/650/dd0/ffffffff
Underflows: pre/in/fwd/out/post = ffffffff/5b8/d38/f00/ffffffff
Entry 0 (0):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 31442 packets, 4349425 bytes
Cache: 00000000
Match name: `conntrack'
Target name: `' [40]
verdict=NF_ACCEPT

Entry 1 (352):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `lo'/XXX.............to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 599 packets, 31891 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 2 (504):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=10608

Entry 3 (656):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=10280

Entry 4 (808):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=9800

Entry 5 (960):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Match name: `conntrack'
Target name: `' [40]
verdict=NF_DROP

Entry 6 (1312):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `REJECT' [40]
Entry 7 (1464):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 8 (1616):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Match name: `conntrack'
Target name: `' [40]
verdict=NF_ACCEPT

Entry 9 (1968):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `lo'/XXX.............to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 10 (2120):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=5784

Entry 11 (2272):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=4648

Entry 12 (2424):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=4168

Entry 13 (2576):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=5456

Entry 14 (2728):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=4976

Entry 15 (2880):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Match name: `conntrack'
Target name: `' [40]
verdict=NF_DROP

Entry 16 (3232):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `REJECT' [40]
Entry 17 (3384):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 18 (3536):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `lo'/XXX.............
Protocol: 0
Flags: 00
Invflags: 00
Counters: 31483 packets, 4344956 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 19 (3688):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 449 packets, 190168 bytes
Cache: 00000000
Target name: `' [40]
verdict=13256

Entry 20 (3840):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 449 packets, 190168 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 21 (3992):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FORWARD_IN_ZONES'
Entry 22 (4168):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `+'/................to `'/................
Protocol: 0
Flags: 02
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=6112

Entry 23 (4320):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 24 (4472):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FORWARD_IN_ZONES_SOURCE'
Entry 25 (4648):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 26 (4800):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FORWARD_OUT_ZONES'
Entry 27 (4976):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `+'/................
Protocol: 0
Flags: 02
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=8032

Entry 28 (5128):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 29 (5280):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FORWARD_OUT_ZONES_SOURCE'
Entry 30 (5456):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 31 (5608):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FORWARD_direct'
Entry 32 (5784):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 33 (5936):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDI_public'
Entry 34 (6112):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=7704

Entry 35 (6264):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=7376

Entry 36 (6416):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=7048

Entry 37 (6568):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 1
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 38 (6720):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 39 (6872):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDI_public_allow'
Entry 40 (7048):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 41 (7200):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDI_public_deny'
Entry 42 (7376):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 43 (7528):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDI_public_log'
Entry 44 (7704):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 45 (7856):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDO_public'
Entry 46 (8032):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=9472

Entry 47 (8184):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=9144

Entry 48 (8336):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=8816

Entry 49 (8488):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 50 (8640):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDO_public_allow'
Entry 51 (8816):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 52 (8968):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDO_public_deny'
Entry 53 (9144):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 54 (9296):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`FWDO_public_log'
Entry 55 (9472):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 56 (9624):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`INPUT_ZONES'
Entry 57 (9800):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `+'/................to `'/................
Protocol: 0
Flags: 02
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=10936

Entry 58 (9952):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 59 (10104):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`INPUT_ZONES_SOURCE'
Entry 60 (10280):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 61 (10432):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`INPUT_direct'
Entry 62 (10608):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 63 (10760):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`IN_public'
Entry 64 (10936):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=12928

Entry 65 (11088):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=12600

Entry 66 (11240):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=11872

Entry 67 (11392):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 1
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=NF_ACCEPT

Entry 68 (11544):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 69 (11696):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`IN_public_allow'
Entry 70 (11872):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 6
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Match name: `tcp'
Match name: `conntrack'
Target name: `' [40]
verdict=NF_ACCEPT

Entry 71 (12272):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 72 (12424):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`IN_public_deny'
Entry 73 (12600):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 74 (12752):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`IN_public_log'
Entry 75 (12928):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 1 packets, 92 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 76 (13080):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`OUTPUT_direct'
Entry 77 (13256):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 449 packets, 190168 bytes
Cache: 00000000
Target name: `' [40]
verdict=RETURN

Entry 78 (13408):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `'/................to `'/................
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR' [64]
error=`ERROR'
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -nL --line-numbers -vv             #显式的信息更加详细

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers 
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    34735 4806K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2      668 35479 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        1    92 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        1    92 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        1    92 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 687 packets, 324K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    34559 4785K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2      687  324K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL --line-numbers                #短选项是可以合并的,长选项则不行,需要注意的是,短选项需要放在命令(COMMANDS)"L"之前哟~否则会报错

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    37538 5177K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2      711 37739 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        1    92 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        1    92 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        1    92 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL INPUT --line-numbers            #只查看input链的规则

2>.查看mangle表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
PREROUTING_direct  all  --  anywhere             anywhere            
PREROUTING_ZONES_SOURCE  all  --  anywhere             anywhere            
PREROUTING_ZONES  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
INPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
FORWARD_direct  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  anywhere             anywhere            

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
POSTROUTING_direct  all  --  anywhere             anywhere            

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

Chain POSTROUTING_direct (1 references)
target     prot opt source               destination         

Chain PREROUTING_ZONES (1 references)
target     prot opt source               destination         
PRE_public  all  --  anywhere             anywhere            [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain PREROUTING_direct (1 references)
target     prot opt source               destination         

Chain PRE_public (1 references)
target     prot opt source               destination         
PRE_public_log  all  --  anywhere             anywhere            
PRE_public_deny  all  --  anywhere             anywhere            
PRE_public_allow  all  --  anywhere             anywhere            

Chain PRE_public_allow (1 references)
target     prot opt source               destination         

Chain PRE_public_deny (1 references)
target     prot opt source               destination         

Chain PRE_public_log (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -L

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -vnL --line-numbers
Chain PREROUTING (policy ACCEPT 40397 packets, 5497K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    40397 5497K PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    40397 5497K PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    40397 5497K PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 40397 packets, 5497K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    40397 5497K INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 40198 packets, 5779K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    40198 5779K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 40198 packets, 5779K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    40198 5779K POSTROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    40397 5497K PRE_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    40397 5497K PRE_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    40397 5497K PRE_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    40397 5497K PRE_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain PRE_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -vnL --line-numbers

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -vnL PREROUTING --line-numbers
Chain PREROUTING (policy ACCEPT 41276 packets, 5653K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    41276 5653K PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    41276 5653K PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    41276 5653K PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t mangle -vnL PREROUTING --line-numbers

3>.查看nat表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
PREROUTING_direct  all  --  anywhere             anywhere            
PREROUTING_ZONES_SOURCE  all  --  anywhere             anywhere            
PREROUTING_ZONES  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  anywhere             anywhere            

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
POSTROUTING_direct  all  --  anywhere             anywhere            
POSTROUTING_ZONES_SOURCE  all  --  anywhere             anywhere            
POSTROUTING_ZONES  all  --  anywhere             anywhere            

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

Chain POSTROUTING_ZONES (1 references)
target     prot opt source               destination         
POST_public  all  --  anywhere             anywhere            [goto] 

Chain POSTROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain POSTROUTING_direct (1 references)
target     prot opt source               destination         

Chain POST_public (1 references)
target     prot opt source               destination         
POST_public_log  all  --  anywhere             anywhere            
POST_public_deny  all  --  anywhere             anywhere            
POST_public_allow  all  --  anywhere             anywhere            

Chain POST_public_allow (1 references)
target     prot opt source               destination         

Chain POST_public_deny (1 references)
target     prot opt source               destination         

Chain POST_public_log (1 references)
target     prot opt source               destination         

Chain PREROUTING_ZONES (1 references)
target     prot opt source               destination         
PRE_public  all  --  anywhere             anywhere            [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain PREROUTING_direct (1 references)
target     prot opt source               destination         

Chain PRE_public (1 references)
target     prot opt source               destination         
PRE_public_log  all  --  anywhere             anywhere            
PRE_public_deny  all  --  anywhere             anywhere            
PRE_public_allow  all  --  anywhere             anywhere            

Chain PRE_public_allow (1 references)
target     prot opt source               destination         

Chain PRE_public_deny (1 references)
target     prot opt source               destination         

Chain PRE_public_log (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -L

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -vnL --line-numbers
Chain PREROUTING (policy ACCEPT 1 packets, 92 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 1 packets, 92 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 834 packets, 44111 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      834 44111 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 834 packets, 44111 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      834 44111 POSTROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2      834 44111 POSTROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3      834 44111 POSTROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      834 44111 POST_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain POSTROUTING_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POST_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      834 44111 POST_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2      834 44111 POST_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3      834 44111 POST_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POST_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POST_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POST_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 PRE_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 PRE_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 PRE_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 PRE_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain PRE_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -vnL --line-numbers

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -vnL PREROUTING --line-numbers
Chain PREROUTING (policy ACCEPT 1 packets, 92 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        1    92 PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        1    92 PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        1    92 PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t nat -vnL PREROUTING --line-numbers

4>.查看raw表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
PREROUTING_direct  all  --  anywhere             anywhere            
PREROUTING_ZONES_SOURCE  all  --  anywhere             anywhere            
PREROUTING_ZONES  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  anywhere             anywhere            

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

Chain PREROUTING_ZONES (1 references)
target     prot opt source               destination         
PRE_public  all  --  anywhere             anywhere            [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain PREROUTING_direct (1 references)
target     prot opt source               destination         

Chain PRE_public (1 references)
target     prot opt source               destination         
PRE_public_log  all  --  anywhere             anywhere            
PRE_public_deny  all  --  anywhere             anywhere            
PRE_public_allow  all  --  anywhere             anywhere            

Chain PRE_public_allow (1 references)
target     prot opt source               destination         

Chain PRE_public_deny (1 references)
target     prot opt source               destination         

Chain PRE_public_log (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -L

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -vnL --line-numbers
Chain PREROUTING (policy ACCEPT 43083 packets, 5881K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    43083 5881K PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    43083 5881K PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    43083 5881K PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 42826 packets, 6174K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    42826 6174K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    43083 5881K PRE_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PREROUTING_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    43083 5881K PRE_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    43083 5881K PRE_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    43083 5881K PRE_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain PRE_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain PRE_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -vnL --line-numbers

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -vnL PREROUTING --line-numbers
Chain PREROUTING (policy ACCEPT 43471 packets, 5932K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    43471 5932K PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2    43471 5932K PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3    43471 5932K PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t raw -vnL PREROUTING --line-numbers

5>.查看security表中的规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
INPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
FORWARD_direct  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -L

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -vnL --line-numbers
Chain INPUT (policy ACCEPT 44201 packets, 6030K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    44201 6030K INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 43906 packets, 6326K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    43906 6326K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -vnL --line-numbers

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -vnL FORWARD --line-numbers
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t security -vnL FORWARD --line-numbers

三.使用iptables进行链(chain)管理操作

1>.创建一个自定义链

[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# systemctl stop firewalld
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 3493 packets, 475K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3466 packets, 475K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -N in_myweb_rules
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 35 packets, 4480 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 32 packets, 4620 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain in_myweb_rules (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -N in_myweb_rules

2>.删除自定义链(只能删除自定义的链,还必须符合两个条件,即该链的引用计数为0且该链中没有规则。内置的链是无法删除的哟)

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 71 packets, 8948 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 66 packets, 9864 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain in_myweb_rules (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -X in_myweb_rules
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 36 packets, 4520 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 33 packets, 4660 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -X in_myweb_rules

3>.设置默认策略

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 10434 packets, 1479K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 10449 packets, 1480K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -P FORWARD DROP
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 24 packets, 2604 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 21 packets, 2744 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -P FORWARD DROP          #将filter表中FROWARD链的默认规则设置为DROP

4>.重命名自定义链

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 108 packets, 11956 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 102 packets, 12688 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -N in_myweb
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 40 packets, 4680 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 37 packets, 4820 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain in_myweb (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -E in_myweb in_myweb_rules
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 40 packets, 4978 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 38 packets, 5202 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain in_myweb_rules (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -E in_myweb in_myweb_rules

四.使用iptables对链(chain)的规则管理操作
1>.将规则的计数器清零

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       64  7232 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 11 packets, 8048 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       48  6228 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2       11  8048 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -Z 
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       41  4772 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 6 packets, 728 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       32  4152 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2        6   728 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -Z          #将filter表中所有的链中的规则计数清零

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     3957  565K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2       70  3664 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -Z INPUT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       52  6894 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -Z INPUT      #只清除filter表中INPUT链中的所有规则计数清零

[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1457  210K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2       24  1248 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -Z INPUT 2
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1606  230K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -Z INPUT 2     #至清初filter表中INPUT链中的第二条规则计数清零

2>.清空规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 2227 packets, 282K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 71 packets, 15232 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    14208 1983K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
2      337 71020 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
2        0     0 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
3        0     0 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -F
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 22 packets, 2524 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 19 packets, 2632 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_IN_ZONES (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_IN_ZONES_SOURCE (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES_SOURCE (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_allow (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_allow (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_deny (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES_SOURCE (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_allow (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_deny (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (0 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (0 references)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -F          #将filter表中所有的链中的所有规则都清空

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     7512 1049K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2      105  5484 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
7        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -F INPUT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL INPUT --line-numbers  
Chain INPUT (policy ACCEPT 92 packets, 6596 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -F INPUT      #将filter表中的INPUT链中所有的规则都清空

3>.删除规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL FORWARD  --line-numbers  
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
9        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -D FORWARD 9
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL FORWARD  --line-numbers  
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
2        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
6        0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
7        0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
8        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -D FORWARD 9    #删除filter表中的FROWARD链中的第9条规则

4>.使用追加的方式添加规则

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 978 packets, 158K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 962 packets, 159K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# hostname -i
172.200.1.101
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -A INPUT -s 172.200.0.0/21 -d 172.200.1.101 -p tcp -j ACCEPT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       58  6888 ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 54 packets, 7164 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -A INPUT -s 172.200.0.0/21 -d 172.200.1.101 -p tcp -j ACCEPT          #在filter表中的INPUT链追加一条规则,源地址是172.200.0.0/21的地址访问172.200.1.101目录地址的所有TCP协议都允许(ACCEPT)

[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 7 packets, 552 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     4107  535K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 4066 packets, 537K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# hostname -i
172.200.1.101
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -A OUTPUT -s 172.200.1.101 -d 172.200.0.0/21 -p tcp -j ACCEPT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     4890  678K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      132 16938 ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -t filter -A OUTPUT -s 172.200.1.101 -d 172.200.0.0/21 -p tcp -j ACCEPT          #在filter表中的OUTPUT链追加一条规则,源地址是172.200.1.101的地址访问172.200.0.0/21的目的第十所有的TPC协议都允许(ACCEPT)

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
45325 6269K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
40437 5867K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# hostname -i
172.200.1.101
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -A INPUT -d 172.200.1.101 -p icmp -j ACCEPT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
52599 6957K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       
    3   252 ACCEPT     icmp --  *      *       0.0.0.0/0            172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 3 packets, 252 bytes)
 pkts bytes target     prot opt in     out     source               destination         
51595 8407K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -A INPUT -d 172.200.1.101 -p icmp -j ACCEPT               #在filter表中的INPUT链中添加一条规则,去往目的目的是本机的172.200.1.101的ICMP协议都允许(ACCEPT)

[root@hdp101.yinzhengjie.org.cn ~]# tcpdump -i bond0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:11:26.214130 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 64, length 64
21:11:27.214353 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 65, length 64
21:11:28.214509 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 66, length 64
21:11:29.213624 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 67, length 64
21:11:30.213814 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 68, length 64
21:11:31.214005 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 69, length 64
21:11:32.213895 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 70, length 64
21:11:33.214398 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 71, length 64
21:11:34.213683 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 72, length 64
21:11:35.214754 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 73, length 64
21:11:36.214345 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 74, length 64
21:11:37.214123 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 75, length 64
21:11:38.214719 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 76, length 64
21:11:39.213834 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 77, length 64
21:11:40.214129 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 78, length 64
21:11:41.214279 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 79, length 64
21:11:42.214275 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 80, length 64
21:11:43.214430 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 81, length 64
21:11:44.214727 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 82, length 64
21:11:45.216510 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 83, length 64
21:11:46.216987 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 84, length 64
21:11:47.216764 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 85, length 64
21:11:48.217472 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 86, length 64
21:11:49.217079 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 87, length 64
21:11:50.216659 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 88, length 64
21:11:51.217251 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 89, length 64
21:11:52.217264 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 90, length 64
21:11:53.217378 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 91, length 64
21:11:54.216939 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 92, length 64
21:11:55.216957 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 93, length 64
21:11:56.217391 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 94, length 64
21:11:57.217054 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 95, length 64
21:11:58.217050 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 96, length 64
^C
33 packets captured
33 packets received by filter
0 packets dropped by kernel
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# tcpdump -i bond0 -nn icmp      #如果只添加上面那条规则,我们使用172.200.1.102去ping 172.200.1.101是ping不通的哟(戳我可以查看抓包结果)

[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL
Chain INPUT (policy DROP 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination         
56892 7571K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       
  217 18228 ACCEPT     icmp --  *      *       0.0.0.0/0            172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 227 packets, 19024 bytes)
 pkts bytes target     prot opt in     out     source               destination         
55870 9021K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -A OUTPUT -s 172.200.1.101 -p icmp -j ACCEPT
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
58615 7791K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       
  299 25116 ACCEPT     icmp --  *      *       0.0.0.0/0            172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
57536 9242K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
   10   840 ACCEPT     icmp --  *      *       172.200.1.101        0.0.0.0/0           
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -A OUTPUT -s 172.200.1.101 -p icmp -j ACCEPT               #在filter表中的OUTPUT链中添加一条规则,源地址是172.200.1.101的ICMP协议都允许(ACCEPT)

[root@hdp101.yinzhengjie.org.cn ~]# tcpdump -i bond0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:17:05.259185 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 403, length 64
21:17:05.259210 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 403, length 64
21:17:06.260314 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 404, length 64
21:17:06.260345 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 404, length 64
21:17:07.260832 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 405, length 64
21:17:07.260875 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 405, length 64
21:17:08.262111 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 406, length 64
21:17:08.262252 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 406, length 64
21:17:09.263647 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 407, length 64
21:17:09.263677 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 407, length 64
21:17:10.263923 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 408, length 64
21:17:10.263943 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 408, length 64
21:17:11.264841 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 409, length 64
21:17:11.264881 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 409, length 64
21:17:12.265289 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 410, length 64
21:17:12.265311 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 410, length 64
21:17:13.265793 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 411, length 64
21:17:13.265813 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 411, length 64
21:17:14.266599 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 412, length 64
21:17:14.266624 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 412, length 64
21:17:15.266876 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 413, length 64
21:17:15.266898 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 413, length 64
21:17:16.268890 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 414, length 64
21:17:16.268924 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 414, length 64
21:17:17.270586 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 415, length 64
21:17:17.270618 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 415, length 64
21:17:18.271096 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 416, length 64
21:17:18.271132 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 416, length 64
21:17:19.271688 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 417, length 64
21:17:19.271722 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 417, length 64
21:17:20.271945 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 418, length 64
21:17:20.272018 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 418, length 64
21:17:21.272795 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 419, length 64
21:17:21.272827 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 419, length 64
21:17:22.272480 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 420, length 64
21:17:22.272512 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 420, length 64
21:17:23.272638 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 421, length 64
21:17:23.272672 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 421, length 64
21:17:24.273863 IP 172.200.1.102 > 172.200.1.101: ICMP echo request, id 5881, seq 422, length 64
21:17:24.273894 IP 172.200.1.101 > 172.200.1.102: ICMP echo reply, id 5881, seq 422, length 64
^C
40 packets captured
40 packets received by filter
0 packets dropped by kernel
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# tcpdump -i bond0 -nn icmp      #如果再添加上面两条规则后,我们使用172.200.1.102去ping 172.200.1.101是可以ping通的哟~(戳我可以查看抓包结果)

5>.设置默认策略

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy ACCEPT 6 packets, 472 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     8535 1169K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 6 packets, 472 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     3780  509K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -P INPUT DROP
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     9678 1315K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     4892  655K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -P INPUT DROP              #将filter表中的INPUT链的默认规则设置为DROP

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy DROP 3 packets, 240 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    10556 1463K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3 packets, 240 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     5770  804K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -P FORWARD DROP
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    10751 1487K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     5955  829K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -P FORWARD DROP             #将filter表中的FORWARD链的默认规则设置为DROP

[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy DROP 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    11517 1592K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 3 packets, 236 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     6720  934K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables -P OUTPUT DROP
[root@hdp101.yinzhengjie.org.cn ~]# 
[root@hdp101.yinzhengjie.org.cn ~]# iptables  -vnL  --line-numbers  
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    11833 1627K ACCEPT     tcp  --  *      *       172.200.0.0/21       172.200.1.101       

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     7024  971K ACCEPT     tcp  --  *      *       172.200.1.101        172.200.0.0/21      
[root@hdp101.yinzhengjie.org.cn ~]#

[root@hdp101.yinzhengjie.org.cn ~]# iptables -P OUTPUT DROP              #将filter表中的OUTPUT链的默认规则设置为DROP

6>.

7>.

目录
相关文章
|
15天前
|
Linux Shell
Linux 10 个“who”命令示例
Linux 10 个“who”命令示例
44 14
Linux 10 个“who”命令示例
|
4天前
|
Ubuntu Linux
Linux 各发行版安装 ping 命令指南
如何在不同 Linux 发行版(Ubuntu/Debian、CentOS/RHEL/Fedora、Arch Linux、openSUSE、Alpine Linux)上安装 `ping` 命令,详细列出各发行版的安装步骤和验证方法,帮助系统管理员和网络工程师快速排查网络问题。
57 20
|
4天前
|
网络协议 Linux 应用服务中间件
kali的常用命令汇总Linux
kali的常用命令汇总linux
26 7
|
24天前
|
Linux 数据库
Linux中第一次使用locate命令报错?????
在Linux CentOS7系统中,使用`locate`命令时出现“command not found”错误,原因是缺少`mlocate`包。解决方法是通过`yum install mlocate -y`或`apt-get install mlocate`安装该包,并执行`updatedb`更新数据库以解决后续的“can not stat”错误。
31 9
|
22天前
|
监控 网络协议 Linux
Linux netstat 命令详解
Linux netstat 命令详解
|
28天前
|
运维 监控 网络协议
运维工程师日常工作中最常用的20个Linux命令,涵盖文件操作、目录管理、权限设置、系统监控等方面
本文介绍了运维工程师日常工作中最常用的20个Linux命令,涵盖文件操作、目录管理、权限设置、系统监控等方面,旨在帮助读者提高工作效率。从基本的文件查看与编辑,到高级的网络配置与安全管理,这些命令是运维工作中的必备工具。
114 3
|
1月前
|
Linux
在 Linux 系统中,`find` 命令
在 Linux 系统中,`find` 命令
33 1
|
4月前
|
安全 Linux 应用服务中间件
在Linux中,包过滤防火墙与代理应用防火墙有什么区别?有哪些相应的产品?
在Linux中,包过滤防火墙与代理应用防火墙有什么区别?有哪些相应的产品?
|
1月前
|
存储 运维 Linux
Linux防火墙firewall的使用
CentOS 7 中的 firewalld 是基于 Netfilter 的防火墙服务,支持动态配置,无需重启服务即可生效。它通过区域管理网络流量,每个区域可以设置不同的防火墙规则。默认区域为 public,可以通过命令行工具 firewall-cmd 进行管理和配置。firewalld 提供了丰富的预定义服务和区域,方便用户根据需求进行灵活配置。
42 0
|
4月前
|
Linux 网络安全
linux关闭方防火墙的命令
linux关闭方防火墙的命令
90 2
下一篇
DataWorks