Linux 下iptables自定義鏈簡單操作

1.查看規則
iptables --line -nvL 顯示行號更詳細信息
iptables -nL

root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain self_ctl (0 references)
target     prot opt source               destination         
root@ubuntu:/# 

2.創建一個自定義鏈
iptables -t filter -N my_ctl
-t 指定鏈要添加的到的表，默認不指定就是filter
-N =new 指定新鏈

root@ubuntu:/# iptables -t filter -N my_ctl
root@ubuntu:/# 
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain my_ctl (0 references)
target     prot opt source               destination         

Chain self_ctl (0 references)
target     prot opt source               destination         
root@ubuntu:/# 

3.給自定義鏈增加規則
iptables -t filter -A my_ctl -p icmp -j DROP

root@ubuntu:/# iptables -t filter -A  my_ctl -p icmp -j DROP
root@ubuntu:/# iptables -nl
iptables v1.6.0: unknown option "-nl"
Try `iptables -h' or 'iptables --help' for more information.
root@ubuntu:/# 
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain my_ctl (0 references)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain self_ctl (0 references)
target     prot opt source               destination         
root@ubuntu:/# 

4.引用自定義鏈
iptables -t filter -A INPUT -j my_ctl

root@ubuntu:/# iptables -t filter -A INPUT -j my_ctl
root@ubuntu:/# 
root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           
my_ctl     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain my_ctl (1 references)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain self_ctl (0 references)
target     prot opt source               destination 

5.刪除自定義鏈
要刪除自定義鏈要滿足兩條件

1. 自定義鏈中沒有規則
2. 自定義鏈沒有被引用

oot@ubuntu:/# iptables -t filter -F my_ctl
root@ubuntu:/# 
root@ubuntu:/# iptables -t filter D INPUT 2
Bad argument `D'
Try `iptables -h' or 'iptables --help' for more information.
root@ubuntu:/# iptables -t filter -D INPUT 2
root@ubuntu:/# 

1.清楚自定義鏈規則：iptables -t filter -F my_ctl
2.刪除自定義鏈引用：iptables -t filter D INPUT 2
3.刪除自定義鏈：iptables -X my_ctl
-D 表示刪除
2表示第二條規則，我的表是在第二條規則，實際根據自身情況。
結果：

root@ubuntu:/# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain self_ctl (0 references)
target     prot opt source               destination         
root@ubuntu:/#