iptables 命令

常用示例

说明

iptables is the administration tool for IPv4 packet filtering and NAT in the Linux kernel firewall (netfilter). It allows configuration of tables, chains, and rules to control network traffic.

参数

-L, --list

List all rules in selected chain

-A, --append chain

Append rule to chain

-D, --delete chain

Delete rule from chain

-I, --insert chain rulenum

Insert rule at position in chain (default position 1)

-P, --policy chain target

Set default policy for chain

-F, --flush

Flush all rules

-N, --new-chain chain

Create a new user-defined chain

-X, --delete-chain chain

Delete a user-defined chain (must be empty)

-E, --rename-chain old new

Rename a user-defined chain

-t, --table table

Specify table (filter, nat, mangle, raw, security)

-s, --source address

Source address specification

-d, --destination address

Destination address specification

-p, --protocol protocol

Protocol (tcp, udp, icmp, all)

--dport port

Destination port

--sport port

Source port

-j, --jump target

Target for rule (ACCEPT, DROP, REJECT, MASQUERADE, etc.)

-v, --verbose

Verbose output

-n, --numeric

Numeric output (don't resolve names)

-x, --exact

Expand numbers (display exact packet and byte counters)

-i, --in-interface name

Input interface name

-o, --out-interface name

Output interface name

-m, --match match

Load extended match module (e.g., state, conntrack, multiport)

--line-numbers

Show line numbers