1.查看規則
iptables --line -nvL 顯示行號更詳細信息
iptables -nL
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain self_ctl (0 references)
target prot opt source destination
root@ubuntu:/#
2.創建一個自定義鏈
iptables -t filter -N my_ctl
-t 指定鏈要添加的到的表,默認不指定就是filter
-N =new 指定新鏈
root@ubuntu:/# iptables -t filter -N my_ctl
root@ubuntu:/#
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain my_ctl (0 references)
target prot opt source destination
Chain self_ctl (0 references)
target prot opt source destination
root@ubuntu:/#
3.給自定義鏈增加規則
iptables -t filter -A my_ctl -p icmp -j DROP
root@ubuntu:/# iptables -t filter -A my_ctl -p icmp -j DROP
root@ubuntu:/# iptables -nl
iptables v1.6.0: unknown option "-nl"
Try `iptables -h' or 'iptables --help' for more information.
root@ubuntu:/#
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain my_ctl (0 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain self_ctl (0 references)
target prot opt source destination
root@ubuntu:/#
4.引用自定義鏈
iptables -t filter -A INPUT -j my_ctl
root@ubuntu:/# iptables -t filter -A INPUT -j my_ctl
root@ubuntu:/#
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
my_ctl all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain my_ctl (1 references)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain self_ctl (0 references)
target prot opt source destination
5.刪除自定義鏈
要刪除自定義鏈要滿足兩條件
- 自定義鏈中沒有規則
- 自定義鏈沒有被引用
oot@ubuntu:/# iptables -t filter -F my_ctl
root@ubuntu:/#
root@ubuntu:/# iptables -t filter D INPUT 2
Bad argument `D'
Try `iptables -h' or 'iptables --help' for more information.
root@ubuntu:/# iptables -t filter -D INPUT 2
root@ubuntu:/#
1.清楚自定義鏈規則:iptables -t filter -F my_ctl
2.刪除自定義鏈引用:iptables -t filter D INPUT 2
3.刪除自定義鏈:iptables -X my_ctl
-D 表示刪除
2表示第二條規則,我的表是在第二條規則,實際根據自身情況。
結果:
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain self_ctl (0 references)
target prot opt source destination
root@ubuntu:/#