最新消息:

给iptables规则添加注释

Linux运维 大步 2677浏览 0评论

给iptables规则添加注释,以此给你的老板和同事一个好印象。方法如下:

什么是iptables的注释呢?

iptables的注释一般使用在每条规则的后面,注释一般用 /*  */ 包住。(具体的见下面的iptables规则中的注释  /* allow  SSH to  this host  from  anywhere */ )

$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* allow SSH to this host from anywhere */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:route /* allow incoming RIP on the internal interface */
ACCEPT     all  --  localhost            localhost            /* allow any local-only traffic */
ACCEPT     ipv6 --  tserv2.ash1.he.net   anywhere             /* allow IPv6 tunnel traffic from HE */
ACCEPT     icmp --  anywhere             anywhere             /* allow ICMP traffic to this host from anywhere */

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
ACCEPT     all  --  anywhere             anywhere             /* allow all Internet bound traffic from the internal network */
ACCEPT     icmp --  anywhere             anywhere             /* forward any ICMP traffic */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

 

为新的iptables规则添加注释

 

为新的iptables规则添加注释的语法为 :  comment --comment “要添加的注释文字”
具体的例子:下面添加一条允许ssh流量通过的规则,并且给这条规则添加注释:

$ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow SSH to this host from anywhere" -j ACCEPT

然后用 -L 列出规则,就会看到刚才添加的规则和下面的一样:
$ sudo iptables -L

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* allow SSH to this host from anywhere */

教程完!

 

原文地址

转载请注明:大步's Blog » 给iptables规则添加注释

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
SiteMap